PSA: An autowithdraw exploit for nostr:npub1h2qfjpnxau9k7ja9qkf50043xfpfy8j5v60xsqryef64y44puwnq28w8ch has been confirmed. Check your settings if you’re using this wallet.
Felt bad for not giving them more time to respond privately, but hopefully this saves some of your sats.
nostr:note1254fjxr40grrsd30gh0qn5anmhfxchy7s8hnusqly99y6x2r32qq3rd74m
I can't remember why I stopped using #coinos but it wasn't something this bad. ouch!
#exploit
#bitcoin #btc #ln #asknostr #nostr
#smij #zapd #freedom #decentralized #unity #rossisfree #grownostr
I blame the bad vibes, damn that "Vibe Coding"!!!
Damn. Didn't they need to restore their DB & rebuild histories a couple months ago?
😖 I don't know, but that really sounds like a shitty situation. Best of luck to that team!
Yes.
No DevOps, apparently.
DevOops
This reminds me of the time nostr:npub1c878wu04lfqcl5avfy3p5x83ndpvedaxv0dg7pxthakq3jqdyzcs2n8avm pushed an update to the demo server without testing it, that led to loss of multiple BTC
And they said “oops this is a beta software we are not responsible”
And how they had multiple ways for “read only” API keys to empty wallets
And that one time where it took them months of nagging to fix a critical SQLi vulnerability (this affected their entire codebase(!!!!))
And how they called me a FUDer for pointing out their security track record is shit
A lot of them are really rich. For most of us, even losing €10 is painful.
Things are good here!
Holy fuck every month there's a new issue/exploit on Coinos...
We're doing some digging over at SN: https://stacker.news/items/1001011/r/optimism
The coinos nsec may be compromised too because the kind 0 changed 4h20m ago.
FYI, I never turned on ‘Auto Withdraw’, unless it ‘Auto Turned On’..
Good to hear it didn’t get enabled for you. It did for Sergio.
nostr:note1254fjxr40grrsd30gh0qn5anmhfxchy7s8hnusqly99y6x2r32qq3rd74m
Yea I’ll be done using them. Never really needed it anyway.
Thankfully my 5 sat burner account is safe
👀👀
