People's private keys are public on GitHub
Do not push private keys or passwords to public repos on GitHub

Currently reading:
People's private keys are public on GitHub
Do not push private keys or passwords to public repos on GitHub

Ogyn

Ogyn

(¬_¬;)
comfy friend
Joined
Feb 21, 2024
Messages
45
Reaction score
15
comfy coins
💠4,403
I'm writing this as a cautionary tale to anyone pushing to GitHub, or any other similar service. Be careful what you make public.

GitHub made a patch relatively recently where they made this harder to do, so I feel better about sharing info on this.

You can search on GitHub or something like Grep code patterns for private keys of crypto wallets, and the insane thing is, I know people who made (stole) a lot of money doing this. To me, this is unethical, but that's the world we live in.

So please, be careful what you make public, or that 20 ETH you've got can disappear
 
Description
Do not push private keys or passwords to public repos on GitHub
Pardon me for my ignorance, but how can your private keys become public? Is it user error?
 
Troy Gulban said:
Pardon me for my ignorance, but how can your private keys become public? Is it user error?
Click to expand...
Click to shrink...
Yes. To simplify, the public key is your username and the private key is your password. Unfortunately, plenty of people expose their private keys. In this example, they write some code to do something crpyto-related, and then publish the code with the private key being used publicly.
 
oooh so some people
Ogyn said:
Yes. To simplify, the public key is your username and the private key is your password. Unfortunately, plenty of people expose their private keys. In this example, they write some code to do something crpyto-related, and then publish the code with the private key being used publicly.
Click to expand...
Click to shrink...

basically forget to remove their private key from the code they wrote when publishing it to Github? that's actually unfortunate as hell
 
Troy Gulban said:
oooh so some people


basically forget to remove their private key from the code they wrote when publishing it to Github? that's actually unfortunate as hell
Click to expand...
Click to shrink...
Forget to remove it or keep the repo public instead of making it private. Either way, you shouldn't develop with the private key of a wallet you're actually storing value in.
 
Yeah that's true and is pretty much common sense. Hopefully some of them realize their mistake and act as soon as possible
 

Similar threads

rufus
Private trackers
Replies
0
Views
1K
rufus
rufus
ninturez0
Quackster / Alex-dev Habbo Hotel Reverse Engineering & Private Server Archive
Replies
0
Views
1K
ninturez0ninturez0's icon
ninturez0
snekmuffin
Looking for an 88 key MIDI with weighted keys
Replies
6
Views
2K
Stereoplupp
S
FaustineSpirit
    • Like
2024 National Public Data breach
Replies
12
Views
2K
mbappe19
M
/pub/ ~ public channel
Help Users
      C (Guest) Commenter: chat
      Back
      Top