Developer posts secret key on GitHub, loses $40K in 2 minutes - eviltoast
  • Web3 developer Brian Guan lost $40,000 after accidentally posting his wallet’s secret keys publicly on GitHub, with the funds being drained in just two minutes.
  • The crypto community’s reactions were mixed, with some offering support and others mocking Guan’s previous comments about developers using AI tools like ChatGPT for coding.
  • This incident highlights ongoing debates about security practices and the role of AI in software development within the crypto community.
    • BrianTheeBiscuiteer@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      For personal projects that’s definitely a good idea. For team projects I like to keep that stuff in the project still so the “experience” of working in the project is mostly consistent.

      • bellsDoSing@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        I started using git-secret 2 years ago. It’s nice for making secrets part of the repo, while not being readable by anyone that isn’t explicitely allowed to do so (using GPG).

    • Kazumara@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Better yet you can configure gitignore globally for git.

      I think you really need the project specific gitignore as well, to make sure any other contributor that joins by default has the same protections in place.