YeOldDoc (old account) on Nostr: I think all damus.io/web users should consider having their private keys leaked (if ...
I think all damus.io/web users should consider having their private keys leaked (if it was known to the browser). The XSS alert did not contain malicious code and probably was a mere warning, but that does not rule out any other parties who exploited it before.
Published at
2022-12-19 16:12:38Event JSON
{
"id": "119628cf0b2b215b442c1e207abd7bdef2d71e580ac855fc258104d3fd6c709f",
"pubkey": "e3e4b33353023e06fb8904aa75dfaa3f297d17fca9648c15b991b8c671c09311",
"created_at": 1671466358,
"kind": 1,
"tags": [
[
"p",
"f290d1f306764ec8ef54fcabc7613830b8b6b51cc95720ef7e84f4806f738098",
"wss://nostr.onsats.org"
],
[
"p",
"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245",
"wss://nostr.rocks"
],
[
"e",
"978ec28260707292956c8ce89ed6e5083472f10be77087f5a4cafff805cb5aff",
"wss://nostr-pub.wellorder.net",
"root"
],
[
"e",
"d913f9c6109505f694de6791429460b30e6081fbcb33e401d52d3e8c1d7688a3",
"wss://nostr-pub.wellorder.net",
"reply"
],
[
"client",
"astral"
]
],
"content": "I think all damus.io/web users should consider having their private keys leaked (if it was known to the browser). The XSS alert did not contain malicious code and probably was a mere warning, but that does not rule out any other parties who exploited it before.",
"sig": "d9c58c295f4d2fd8eec37c77849412c7f4faa6899523a83b0baeb1dcc201e6ee84f8fd5b84421773ee0179343db732919770fe5edd5ea5ed148f635859d942ef"
}