Coinos has violated many basic operational practices at this point.
They did not have real-time replication of critical transaction data.
They stored user nsecs without a KMS system like OpenBao.
They did not have countermeasures against account breaches being able to extract confidential info.
Get your sats the fuck out of Coinos and don’t ever come back.
nostr:note1nqs0u0ctlcc4qdh5fmwfy82yzhatgx6jreetua8x2k5mpv3nhg5sxj2gs2
curious to hear coinos's reply
is it ignorance, lack of understanding and knowledge of the severity of the weaknesses or just blind spots
Didn’t Damus just integrate them? 😬
Yeah, they drained us with no tx listed, ‘Auto withdraw’ was not turned on, fucking shit show..
Oh no :-(
Who should I use as an alternative? I like coinos and would be more patient to see what their plan is. Can't you call for open audits instead of just bashing a good service? It's FOSS no?
The criticisms are valid but plenty of crapware has bubbled up in the Nostr space. It's not like it's surprising. Someone could vibe code nsec-stealing malware right now and shill it over plenty of relays and it would likely be an effective attack. Nostr has basically no expectation of privacy or security, except that some events are encrypted.
What's the solution for the average pleb in response to this? My sats are still in coinos and I withdraw manually. Don't seem to be personally affected but I rarely have more than 10k sats and never more than 50k.
1. Being FOSS does not release the dev of obligation to make secure products
2. If you make garbage and you reasonably could have known it was garbage, do not get upset if it gets called garbage and the dev an idiot
No one is obligated to make secure products.
Who's upset?
They are if they want to offer a service to end users.
Especially one that is a money transmitter
I'm saying even if they personally coordinated an attack on Nostr users, they still managed to create a decent framework. That's worth mentioning when our options are limited.
Plenty of crapware on Nostr wants to unencrypt my dm's just to visit the main page of their website. I don't see it as any different but I don't shit on every project that decides to implement an experimental and open protocol "incorrectly".
If it's proven to be a coordinated attack by the developers themselves then I would think less of them. At this time I don't have reason to suspect them considering their reasonable response.
They have just as much obligation to provide a secure service as any user has to choose them for money transmission purposes or custody of Bitcoin. We've mostly all tried multiple wallets and we're all pretty aware of the risk.
Were you affected? I just don't understand the "never come back" part. Why so serious?
Where is the source code to the full stack of nostr:nprofile1qqst4qyeqenw7zm0fwjsty68h6cnys5jre2xd8ngqpjv5a2j26s78fspz4mhxue69uhhyetvv9ujumrfvecxz7fwd4jsz9thwden5te0wfjkccte9e3k76twdaeju6t0qy28wumn8ghj7un9d3shjtnyv9kh2uewd9hsmryfpz? I'll absolutely run it for me & mine...if it's real.
I can't answer any questions about it but this is their GitHub which seems to include the UI and server.
Have you checked github?
Did you ever get an answer to the question on alternatives?
No, but I have seen people recommending Zeus wallet which I don't know anything about personally. Otherwise Alby probably. I'm sticking with Coinos until more is known.
Zeus is solid but not a product for a new pleb on nostr. Alby also requires learning to run your own node so I don't think it qualifies as beginner friendly either.
welcome to the era of vibe coded financial apps
Ugg. PWA with no channel management made, easy LNaddress and super easy to use.
Where to now? Back to Phoenix ? Zeus? Just looking for something easy for NOSTR and onboarding newbies.
With Phoenix/Zeus you can enjoy force closes and channel fees, transferring every sat you earn from zaps to miners and/or LSPs, before you could even spend 1.
And @nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpzpmhxue69uhkummnw3ezumrpdejqzrthwden5te0dehhxtnvdakq9g3y8r is onboarding people on to damus with this custodial wallet 🤷♂️
LND + lncli and you will be happy
LND is the shittiest LN node impl to exist
Why with arguments, please. 3 years of operating an LND node without issues...Could it be your ignorance as a LN bad operator? idk
Me and several people I have known have experienced significant issues with LND in terms of force closes, compared to CLN/Eclair
Former LND node opperator and current CLN node opperator and I can confirm that the statement by nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gprpmhxue69uhhyetvv9ujumn0wdmksetjv5hxxmmdqyg8wumn8ghj7mn0wd68ytnvv9hxgqg4waehxw309askwemj9ehx7um5wghxcctwvss2rp25 is accurate.
Feels good to be loyal to OG wallet apps like WoS, Cashapp, etc.
