I encourage the Damus team to remove Coinos wallet from their app.
I predict there will be a bigger leak at coinos in the near future and it is a huge honeypot to hackers.
They have already shown their security practices are not good.
nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s just a thought, do as you will.
Has anything happened since their npub was compromised?
No but they have had many issues already, they said they were storing user nsecs and many could be leaked, they said passwords could be leaked, their own nsec was leaked, they lost track or a ton of transactions which caused a temporary lock of funds and they didn’t even know where the funds belonged, all this in like two months, do we really want to onboard newbies to something like that?
It’s also a very obvious target to hackers as it’s centralized and holds a lot of bitcoin.
Alby was right to switch to self custody and Wos is doing the same, I hope others will follow.
*nsec
They never should’ve stored people’s nsecs
Nope
Having nsecs on a server is a disaster waiting to happen
Most clients process nsecs but don’t store them
Same with having your nsec be authentication to financial accounts, I could Easily steal nsecs and hack wallets if I wanted to, it would be incredibly easy, and once you have the nsec you can login to primal wallet or coinos or other things.
I emptied my nostr:npub12vkcxr0luzwp8e673v29eqjhrr7p9vqq8asav85swaepclllj09sylpugg wallet after the leak 😐
Smart, I’m using strike for zaps now instead of primal
I’m using Wallet of Satoshi
I want to use it, maybe when I get my android going I can use it with a vpn, excited for the new one they are building
Wait.. So its risky to use CoinOS linked with Amethyst?
using any custodial wallet is risky. there are no guarantees there are no security issues in any custodial wallet.
Yes, but coinos has had like three security issues lately that I know of.
thats the nature of open source custodial nodes though. people read the code and find flaws. they also get patched so that it becomes more secure over time.
True. Was wondering if the wallet connect could compromise my nsec also?
I don't think so, however their traditional sign up was storing nsecs and those could be compromised.
Agreed considering the old coinos account is active…
