Nostr Web Client

I don't get this part. How is it different if you put your nsec in another phone and zap from there.

You've signed the zap feature before.

Maybe I'm thinking of one tap zaps ?!🤔

When you tap the zap button all it does is create an invoice to be paid and send it to your wallet app. If a hacker were to log in with your nsec and try to zap someone it would create an invoice and then send it to whatever wallet app he has on his phone already. If he then paid the invoice the zap would appear to have come from you in nostr, but would have been paid with their own wallet, not yours. Once the invoice is paid then an event is broadcast to relays that says you zapped someone.

I'm not totally sure how 1-tap zaps work though as I've never been able to use Damus, but I think it's still segregated. I don't think there are any nostr clients that have built in wallets that you access with your nsec yet.

Reply to this note

Please Login to reply.

Discussion

L 2y ago

The question of one tap zap remains. And now Im thinking about alby users who put their nsec in their wallet.

And I didn't know that the zap invoice goes to the wallet in the same device. Not the wallet that you've put its address in your profile. Thanks for teaching that.

In that case doing fraud need a bit more stealthness and some soicial engineering and gaining trusts and so on.