Developer posts secret key on GitHub, loses $40K in 2 minutes - eviltoast
  • Web3 developer Brian Guan lost $40,000 after accidentally posting his wallet’s secret keys publicly on GitHub, with the funds being drained in just two minutes.
  • The crypto community’s reactions were mixed, with some offering support and others mocking Guan’s previous comments about developers using AI tools like ChatGPT for coding.
  • This incident highlights ongoing debates about security practices and the role of AI in software development within the crypto community.
  • redcalcium@lemmy.institute
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    5 months ago

    They notify but iirc only if you push a commit to a public repo. The dev in the article pushed it to a private repo, then later made the repo public.

    • PumaStoleMyBluff@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      The docs say they can reject if you enable push protection, which is also available for private repos, just as a paid feature. It’s free for public, but still needs to be enabled.