how do i get hacked on nostr
Discussion
you enter your private key in nostr client to start using it, and then their database gets leaked
We definitely need other ways to sign in. Like hardware wallets got developed we need some kind of airgapped device which lets you sign in for a set amount of time or something like that.
We’re still early.
The db data can be hashed though
you don't even need to save nsec in database, it's supposed to stay on the client side.
unfortunately I know for a fact one client transmitted nsec to server and was saving it unencrypted for all their users in central db.
Nobody should ever be using a Nostr client that stores your nsec server-side.