Nostr Phising: Avoid Getting Your Bitcoin Stolen

Nostr’s privacy flaw is that anyone can see the metadata in real time of who is messaging who

Nostr Phising: Avoid Getting Your Bitcoin Stolen

Nostr’s Privacy Flaw


Nostr’s privacy flaw is that anyone can see the metadata in real time of who is messaging who. Ameythst client currently lets you literally login as them, just the DM itself is jibberish. When you combine this with the fact that most Nostr users have Bitcoin and are constantly downloading or trying out new clients, this makes Nostr the ultimate place for phishing scams. Even if Bitcoin is not gotten directly, simply tricking someone into entering their private key into a scam client can be used to make them pay Bitcoin to not wreck their account.

Examples


In this article, I will give you some example scams I came up with, so you can immediately recognize real ones in the wild.

Scam #1)

Target Developer accounts

Hacker watches the incoming messages of a developer account. For example if I were doing this, I’d target Lume, since his code has bugs and people are likely writing him to complain about it. Then when the incoming message comes in, I’d write from a different account claiming to be the dev on the desktop, not mobile, and link them to a scam download link with the bug fix.

Scam #2)

Fake SimpleX

Many people on Nostr list their SimpleX URL in the profile. Whenever this person sends an OUTGOING message, I’d fake being the recipient and immediately message them on SimpleX saying to talk here it’s safer.

Scam #3)

Snowden’s DMs

Edward Snowden is among the most popular Nostr influencers. I’d watch Snowden’s incoming DMs. Literally anyone that contacts him, I’d immediately message from a different account saying that I’m trying to avoid surveillance with this burner account and let’s talk on SimpleX. Then after a lot of back and forth, I’d tell them about a new privacy client to download.

Conclusion


Spread the word to prevent this kinda stuff before these scams are real.


If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push

Related Posts

Hate speech reactions on decentralized social

Hate speech reactions on decentralized social

If someone posted the N-word, the reaction would be:

[SP]

Oct 6, 2024

Who decides what to censor as spam?

Who decides what to censor as spam?

Nostr, Farcaster, Lens, Session, Arweave, and Bastyon all take different approaches. Who is right?

[SP]

Aug 22, 2024

Internet Structure is Lame. (& how to fix it)

Internet Structure is Lame. (& how to fix it)

I promote the idea of Agnostic Encryption as Identity.

[SP]

May 13, 2024

RebelNet Tutorials By Type

RebelNet Tutorials By Type

RebelNet Video Tutorials grouped by type.

[SP]

May 3, 2024