In theory, could automated zaps with wallet connect be hijacked by a malicious actor to deplete a wallet? nostr:note15kw9nwcfyevj9u0vutcfse2v2924rh7h8ffzkh7pnrf2rtwxccrse09yjn
Discussion
Yes. If someone steals your private key they can send funds with your Lightning Wallet. The solution is quotas so your whole wallet can’t get emptied immediately.
So the nsec is still required to initiate any payment?
The nsec is required to sign the event, just like any other event. If you don’t have the nsec you can’t create a valid event from that pubkey. The only way someone could send malicious events to get funds from your wallet is to steal your nsec or if your wallet doesn’t check if the event has a valid signature.
Eh bien est-ce réel? C'est peut-être pour cette raison par simple mesure de précaution qu'on ne veuille toujours pas me créer depuis fin janvier une association de mon portefeuille à mon compte nostr afin que je puisse contribuer via les zaps . Eh bien c'est fort triste ce type d'actes , bonne fin de journée de Paris 💜⚡
I setup an Alby wallet specifically for this so I can have a one-tap zap wallet with limited funds in it. Complete separation of those funds from anything else.