A place for developers to talk about building on Farcaster.

/dev

tldr; got $40k drained just now

i was submitting OP retro grants app.
had to make github repo public for a sec.
forgot i had my secret key in there (cuz im quite literally retarded, my IQ is 26).
got drained of everything.

Yes, this was a mistake.

BUT it’s also a very clear sign that devtools in this industry have a long way to go. Plaintext private keys (in a .env or not) are WAY TOO COMMON.

If you’re trying to work with wallets or smart contracts and need help, lmk. There’s a lot of easy things you can do to avoid this.

Making the blockchain invisible at /thirdweb

Man, that's horrifying. At the same time, even when uploaded "securely", a lot of .envs and config jsons containing keys get placed on less-than-great platforms.

Cloud instances and VMs are not a great place to keep your keys either. *Especially* with basement-level startups.

e/acc || Building @ /nova || Catgirl maxi @ /imgnai || Dogecoin core dev 2013/14

Yep, keys should never even go through your code