The risk factor falls onto the end user who've been sent the keys. What's their OpSec like. Is their email secure? Will the email be deleted responsibly after they've sufficiently saved the keys? No different expectations from self-custody wallet.
I'm not following the part about DMs? How would they be viewable to me if I don't know their privkey?
Or did you mean from the first time? Because I agree there, which is entirely the point of this post because I forked the mining script to not view the keys as described. Reread what I wrote about it and check the fork 🤙
I meant the vanity mining as a service part. It isn’t a code problem, it’s a which bits have existed at any point in time somewhere you don’t control.
It’s not as pretty, but this may interest you. May still offer a way to provide value and make money. https://gist.github.com/blakejakopovic/6c0ea718c0f956c461e9e8952d8c6533
Thanks for sharing that I'll definitely check it out, though, I'm still not sure where there is compromise here.
There'd need to be an attacker with physical access to my machine conducting a buffer overflow to try and pull out the keys from memory. Or more likely, the email of the target is comprised in some way.
Other than those scenarios, I don't see how the key could be extracted by a bad actor during the mining -> email process?
