(Found by way of @cstross@wandering.shop)
Tweet 1 - Oct 19, 2023:
I’m sorry but if you’re paying $200k for a smart contract engineer you’re ngmi
“no, the smart contract needs to be perfect and audited” bro hit $100k in daily volume then worry about it being perfect
Tweet 2 - Jun 5, 2024:
tldr; got $40k drained just now
i was submitting OP retro grants app. had to make github repo public for a sec. forgot i had my secret key in there (cuz i’m quite literally retarded, my IQ is 26). got drained of everything.
I’m sorry, but if you leave your private key in a repo and then make that repo public you’re ngmi
I’m sorry but if you put your private key in a repo at all and don’t immediately scream aaaaah! what did I do! and change all the locks on everything, you’re ngmi
100%. I wonder what the timing is on how quickly you get scanned for keys. Is there a feed or something?
Yeah, probably a matter of seconds
Wow, yikes. As if there wasn’t already reason enough to never commit a plaintext secret, there’s basically no grace period to recover.