If this happens the culprite practically has control over your connected wallet to zap with it and deplate it.
So you need to be careful not to stack big ampunts in it and transfer your funds asap
Discussion
How to transfer?
I meant nothing complicated. Just transfer your big amounts to another wallet which is not connected to your nostr account.
I don't think this is true. They could change your LN address in your profile so they are receiving zaps to their wallet, but they don't have access to your wallet and funds.
You can zap all your funds in the nostr connected wallet right?
So do anyone who has the nsec
Crizzo is right, even if they have your nsec they still wouldn't have access to your wallet. In fact, you could post a message signed by your wallet and others could verify it against zaps they have received from you, proving that your account was compromised and directing followers to a new account. That would require a little technical knowhow (a little) today, but maybe that would be a good feature, maybe a good candidate for a nip nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z
Perhaps if you can reject an invoice and send back a message explaining why it wasn't paid
Every time I zap it opens WoS separately. They wouldn't have access to the WoS app on my phone.
I don't get this part. How is it different if you put your nsec in another phone and zap from there.
You've signed the zap feature before.
Maybe I'm thinking of one tap zaps ?!🤔
When you tap the zap button all it does is create an invoice to be paid and send it to your wallet app. If a hacker were to log in with your nsec and try to zap someone it would create an invoice and then send it to whatever wallet app he has on his phone already. If he then paid the invoice the zap would appear to have come from you in nostr, but would have been paid with their own wallet, not yours. Once the invoice is paid then an event is broadcast to relays that says you zapped someone.
I'm not totally sure how 1-tap zaps work though as I've never been able to use Damus, but I think it's still segregated. I don't think there are any nostr clients that have built in wallets that you access with your nsec yet.
The question of one tap zap remains. And now Im thinking about alby users who put their nsec in their wallet.
And I didn't know that the zap invoice goes to the wallet in the same device. Not the wallet that you've put its address in your profile. Thanks for teaching that.
In that case doing fraud need a bit more stealthness and some soicial engineering and gaining trusts and so on.