Nostr Phising: Avoid Getting Your Bitcoin Stolen
Nostr’s privacy flaw is that anyone can see the metadata in real time of who is messaging who

Nostr’s Privacy Flaw
Nostr’s privacy flaw is that anyone can see the metadata in real time of who is messaging who. Ameythst client currently lets you literally login as them, just the DM itself is jibberish. When you combine this with the fact that most Nostr users have Bitcoin and are constantly downloading or trying out new clients, this makes Nostr the ultimate place for phishing scams. Even if Bitcoin is not gotten directly, simply tricking someone into entering their private key into a scam client can be used to make them pay Bitcoin to not wreck their account.
Examples
In this article, I will give you some example scams I came up with, so you can immediately recognize real ones in the wild.
Scam #1)
Target Developer accounts
Hacker watches the incoming messages of a developer account. For example if I were doing this, I’d target Lume, since his code has bugs and people are likely writing him to complain about it. Then when the incoming message comes in, I’d write from a different account claiming to be the dev on the desktop, not mobile, and link them to a scam download link with the bug fix.
Scam #2)
Fake SimpleX
Many people on Nostr list their SimpleX URL in the profile. Whenever this person sends an OUTGOING message, I’d fake being the recipient and immediately message them on SimpleX saying to talk here it’s safer.
Scam #3)
Snowden’s DMs
Edward Snowden is among the most popular Nostr influencers. I’d watch Snowden’s incoming DMs. Literally anyone that contacts him, I’d immediately message from a different account saying that I’m trying to avoid surveillance with this burner account and let’s talk on SimpleX. Then after a lot of back and forth, I’d tell them about a new privacy client to download.
Conclusion
Spread the word to prevent this kinda stuff before these scams are real.
If you really want to learn and take your privacy to the next level, subscribe to our new content via: Podcast RSS, Session list, Nostr, Bastyon, Article RSS, or join the Signal Group
Related Posts

Tutorial: How to Post to Nostr from Our Forums
Using the Nos2x Extension in a Web Browser
[SP]
May 11, 2025

New Nostr Client: Our Forums
Brand New Tech & Open to the Public
[SP]
May 9, 2025

Who Watches the Watchman?
Gabriel Custodiet Quits
Apr 26, 2025

Crypto-Anarchy 101: Protocols over Pictures
In 5 minutes, learn the structure of liberty tech.
[SP]
Mar 8, 2025