531

Developer posts secret key on GitHub, loses $40K in 2 minutes(cointelegraph.com)

posted
by
Avatar
AnActOfCreation@programming.dev
in
Avatar
technology@lemmy.world
78 comments
hidereport
  • Web3 developer Brian Guan lost $40,000 after accidentally posting his wallet’s secret keys publicly on GitHub, with the funds being drained in just two minutes.
  • The crypto community’s reactions were mixed, with some offering support and others mocking Guan’s previous comments about developers using AI tools like ChatGPT for coding.
  • This incident highlights ongoing debates about security practices and the role of AI in software development within the crypto community.
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
NOT_RICK@lemmy.world
26 points

And that’s why you always leave a note recheck your .gitignore file before committing

permalink
report
parent
reply
Avatar
BaardFigur@lemmy.world
4 points
Deleted by creator
permalink
report
parent
reply
Avatar
Scrollone@feddit.it
3 points

I can’t understand how people use git from the command line without a proper visual tool such as Sublime Merge

permalink
report
parent
reply
Avatar
chilicheeselies@lemmy.world
1 point

Visual tooks are great, but they all have their own idea of how to manage files commits etc. Understand the cmd line and then you will understand your gui tools. I use a little of both, depending on the task

permalink
report
parent
reply
Avatar
Faresh@lemmy.ml
1 point

You can also do git diff --cached to see all changes you added to the index.

permalink
report
parent
reply
Avatar
bamboo@lemmy.blahaj.zone
7 points

Does Microsoft’s GitHub offer any pre-receive hook configuration to reject commits pushed that contain private keys? Surely that would be a better feature to opt all users into rather than Windows Copilot.

permalink
report
parent
reply
Avatar
chilicheeselies@lemmy.world
1 point

They have something called advanced security that can scan for things like secrets. It works on PRs though, so not very helpful if you have a public repo.

permalink
report
parent
reply
Avatar
redcalcium@lemmy.institute
4 points
*

They notify but iirc only if you push a commit to a public repo. The dev in the article pushed it to a private repo, then later made the repo public.

permalink
report
parent
reply
Avatar
PumaStoleMyBluff@lemmy.world
2 points

The docs say they can reject if you enable push protection, which is also available for private repos, just as a paid feature. It’s free for public, but still needs to be enabled.

permalink
report
parent
reply
Avatar
alexdeathway@programming.dev
2 points

they notify but that’s all

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

Community stats

  • 16K

    Monthly active users

  • 12K

    Posts

  • 550K

    Comments

Community moderators