- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Fri, 8 Aug 2025 16:07:30 +0200
- To: public-nostr@w3.org
Received on Friday, 8 August 2025 14:07:46 UTC
Hey everyone, Just a heads-up that a security paper on Nostr has been published. It found some vulnerabilities in older versions of clients like Damus, Iris, FreeFrom, and Plebstr. The main issues included impersonation attacks, DM forgery, and a way to recover the plaintext of some encrypted messages. The good news is that many of these issues have already been patched. The paper’s biggest recommendation for the community is to always verify event signatures and never trust relays. https://crypto-sec-n.github.io/#poc Best Melvin
Received on Friday, 8 August 2025 14:07:46 UTC