Developer posts secret key on GitHub, loses $40K in 2 minutes - eviltoast
  • Web3 developer Brian Guan lost $40,000 after accidentally posting his wallet’s secret keys publicly on GitHub, with the funds being drained in just two minutes.
  • The crypto community’s reactions were mixed, with some offering support and others mocking Guan’s previous comments about developers using AI tools like ChatGPT for coding.
  • This incident highlights ongoing debates about security practices and the role of AI in software development within the crypto community.
  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    5 months ago

    Put your private data into a private space. Never put private data into a mixed use space or a public space.

    Sure, but nothing I said conflicts with that.

    I’m talking about a situation where someone has a private repository, and then one day down the line decide that they want to transition it to a public repository.

    You’re not creating the repository with the intention that it is public, nor intending to mix information that should be public and private together.

    • barsquid@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 months ago

      If you don’t have a policy of never committing private keys to any repo, you should choose a policy of never transitioning any private repo to public. IMO if you don’t choose strict and effective policy with low cognitive burden, you will burn yourself sooner or later.