A place for developers to talk about building on Farcaster.

/dev

tldr; got $40k drained just now

i was submitting OP retro grants app.
had to make github repo public for a sec.
forgot i had my secret key in there (cuz im quite literally retarded, my IQ is 26).
got drained of everything.

Yes, this was a mistake.

BUT it’s also a very clear sign that devtools in this industry have a long way to go. Plaintext private keys (in a .env or not) are WAY TOO COMMON.

If you’re trying to work with wallets or smart contracts and need help, lmk. There’s a lot of easy things you can do to avoid this.

Making the blockchain invisible at /thirdweb

what would you advise for working with wallet pkeys/seeds from dev thru prod?

building /automod, /glass • prev manifold.xyz, twilio.com

Depends what you’re using the wallet for

But the best rule of thumb is you should never see a production private key in plain text for any reason, there’s lots of tools that allow programmatic interaction with backend wallets so you don’t need to manage their authentication (keys) directly