Might be even worse then that. Just after opening a cashu wallet and funding via LN with a STRIKE wallet .... my Strike wallet was drained.
Discussion
Strike wallet could only be drained if your account is compromised, nothing to do with cashu
Seems like he is trolling
nostr:note10h7qk4umamtxzvxhsg8kapk20cg9nnzwrfsr5u925y2nv64f5vys06mkct
ok, cool. Because I want cashu to work and I sent over more sats and will keep using it.
How does a wallet get compromised .... I have no clue. Strike is email , pin code, finger print controlled on my phone. I eat, sleep and shit with my phone.
Strike has no website.
i mean ... Strike is 100% phone based. not like Swan which can be accessed via their website or their app.
Sound like your opsec has a flaw and your phone and strike account is compromised. You should be able to see the details of the transaction on strike and can post it and people can see the transaction on mempool
transaction id fb3fdb86900c-42278966-fbf6bd9fb413
May 29 2024 00:26:16 (UTC)
amount -0.00062986
destination : 38EVDE651pp2fRuJFvw
XDy65s7WjvBqLLW
None of those are bitcoin addresses or txids.
probably someone inside Strike just draining me.
Go look at that address on mempool and see if the sats are still there or if the attacker moved them.
I kept one of the addresses before i nuked my app.
bc1qx800vuvedkc3k0hxvxkq8pgtrrl8hfjlcclm88r65jepkh4zdvzsehrj4q
all gone.
Strike did not even freeze my account after two days of emailing them. I could not delete my bank account to I just transferred out the last $2.00 and nuked the app.
Two days later they sent me a email saying they "froze it for security".
Thanks, guys.
That's one of the destination addresses your coins were sent to?
yes.
The coins aren't there anymore, and that's a multisig. But it was reused. You could use chain analysis to figure out if this is one or two people. But either way, you were clearly hacked.
This is not strike's fault. You should increase your opsec and. Especially because they made multiple withdrawals, this would imply you were compromised and didn't know for a significant amount of time. The other options is to use nonkyc tools.
