- Web3 developer Brian Guan lost $40,000 after accidentally posting his wallet’s secret keys publicly on GitHub, with the funds being drained in just two minutes.
- The crypto community’s reactions were mixed, with some offering support and others mocking Guan’s previous comments about developers using AI tools like ChatGPT for coding.
- This incident highlights ongoing debates about security practices and the role of AI in software development within the crypto community.
6 points
Better yet you can configure gitignore globally for git. I do this mostly to avoid polluting repo ignore files with my editor specific junk but *.key and similar can help prevent accidents.
2 points
4 points
For personal projects that’s definitely a good idea. For team projects I like to keep that stuff in the project still so the “experience” of working in the project is mostly consistent.
2 points
I started using git-secret 2 years ago. It’s nice for making secrets part of the repo, while not being readable by anyone that isn’t explicitely allowed to do so (using GPG).