Simplified Privacy

Nostr Phising: Avoid Getting Your Bitcoin Stolen

Nostr’s privacy flaw is that anyone can see the metadata in real time of who is messaging who

Nostr Phising: Avoid Getting Your Bitcoin Stolen

Nostr’s Privacy Flaw


Nostr’s privacy flaw is that anyone can see the metadata in real time of who is messaging who. Ameythst client currently lets you literally login as them, just the DM itself is jibberish. When you combine this with the fact that most Nostr users have Bitcoin and are constantly downloading or trying out new clients, this makes Nostr the ultimate place for phishing scams. Even if Bitcoin is not gotten directly, simply tricking someone into entering their private key into a scam client can be used to make them pay Bitcoin to not wreck their account.

Examples


In this article, I will give you some example scams I came up with, so you can immediately recognize real ones in the wild.

Scam #1)

Target Developer accounts

Hacker watches the incoming messages of a developer account. For example if I were doing this, I’d target Lume, since his code has bugs and people are likely writing him to complain about it. Then when the incoming message comes in, I’d write from a different account claiming to be the dev on the desktop, not mobile, and link them to a scam download link with the bug fix.

Scam #2)

Fake SimpleX

Many people on Nostr list their SimpleX URL in the profile. Whenever this person sends an OUTGOING message, I’d fake being the recipient and immediately message them on SimpleX saying to talk here it’s safer.

Scam #3)

Snowden’s DMs

Edward Snowden is among the most popular Nostr influencers. I’d watch Snowden’s incoming DMs. Literally anyone that contacts him, I’d immediately message from a different account saying that I’m trying to avoid surveillance with this burner account and let’s talk on SimpleX. Then after a lot of back and forth, I’d tell them about a new privacy client to download.

Conclusion


Spread the word to prevent this kinda stuff before these scams are real.


If you really want to learn and take your privacy to the next level, subscribe to our new content via: Podcast RSS, Session list, Nostr, Bastyon, Article RSS, or join the Signal Group

Related Posts

Tutorial: How to Post to Nostr from Our Forums

Tutorial: How to Post to Nostr from Our Forums

Using the Nos2x Extension in a Web Browser

[SP]

May 11, 2025
New Nostr Client: Our Forums

New Nostr Client: Our Forums

Brand New Tech & Open to the Public

[SP]

May 9, 2025
Who Watches the Watchman?

Who Watches the Watchman?

Gabriel Custodiet Quits

Apr 26, 2025
Crypto-Anarchy 101: Protocols over Pictures

Crypto-Anarchy 101: Protocols over Pictures

In 5 minutes, learn the structure of liberty tech.

[SP]

Mar 8, 2025