Or did you mean from the first time? Because I agree there, which is entirely the point of this post because I forked the mining script to not view the keys as described. Reread what I wrote about it and check the fork 🤙
Discussion
I meant the vanity mining as a service part. It isn’t a code problem, it’s a which bits have existed at any point in time somewhere you don’t control.
It’s not as pretty, but this may interest you. May still offer a way to provide value and make money. https://gist.github.com/blakejakopovic/6c0ea718c0f956c461e9e8952d8c6533
Thanks for sharing that I'll definitely check it out, though, I'm still not sure where there is compromise here.
There'd need to be an attacker with physical access to my machine conducting a buffer overflow to try and pull out the keys from memory. Or more likely, the email of the target is comprised in some way.
Other than those scenarios, I don't see how the key could be extracted by a bad actor during the mining -> email process?