A place for developers to talk about building on Farcaster.

/dev

tldr; got $40k drained just now

i was submitting OP retro grants app.
had to make github repo public for a sec.
forgot i had my secret key in there (cuz im quite literally retarded, my IQ is 26).
got drained of everything.

Yes, this was a mistake.

BUT it’s also a very clear sign that devtools in this industry have a long way to go. Plaintext private keys (in a .env or not) are WAY TOO COMMON.

If you’re trying to work with wallets or smart contracts and need help, lmk. There’s a lot of easy things you can do to avoid this.

In a decentralized future when we have decentralized git repos and decentralized hosting nodes for apps, I wonder how we're even going to do that sort of secret sharing. I might trust Vercel or Heroku with a hot wallet in an environment variable, but curious what that's going to look like on Akash or whatever 🤔

It means economic trust games. If you want true community owned infrastructure, then anyone in the community should be able to provide services. Maybe that means staking and burning for bad behavior, but if people are going to have others hosting their valuable keys, it opens up exit attacks as a possibility.