A place for developers to talk about building on Farcaster.

/dev

tldr; got $40k drained just now

i was submitting OP retro grants app.
had to make github repo public for a sec.
forgot i had my secret key in there (cuz im quite literally retarded, my IQ is 26).
got drained of everything.

Yes, this was a mistake.

BUT it’s also a very clear sign that devtools in this industry have a long way to go. Plaintext private keys (in a .env or not) are WAY TOO COMMON.

If you’re trying to work with wallets or smart contracts and need help, lmk. There’s a lot of easy things you can do to avoid this.

Making the blockchain invisible at /thirdweb

sops and agenix made me realize how few developers have hardware-backed cryptographic keys and care about 2fa even with their net worth at stake