• Web3 developer Brian Guan lost $40,000 after accidentally posting his wallet’s secret keys publicly on GitHub, with the funds being drained in just two minutes.
  • The crypto community’s reactions were mixed, with some offering support and others mocking Guan’s previous comments about developers using AI tools like ChatGPT for coding.
  • This incident highlights ongoing debates about security practices and the role of AI in software development within the crypto community.
  • NOT_RICK@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    ·
    6 months ago

    And that’s why you always leave a note recheck your .gitignore file before committing

    • bamboo@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 months ago

      Does Microsoft’s GitHub offer any pre-receive hook configuration to reject commits pushed that contain private keys? Surely that would be a better feature to opt all users into rather than Windows Copilot.

      • redcalcium@lemmy.institute
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        6 months ago

        They notify but iirc only if you push a commit to a public repo. The dev in the article pushed it to a private repo, then later made the repo public.

        • PumaStoleMyBluff@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          The docs say they can reject if you enable push protection, which is also available for private repos, just as a paid feature. It’s free for public, but still needs to be enabled.

      • chilicheeselies@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        They have something called advanced security that can scan for things like secrets. It works on PRs though, so not very helpful if you have a public repo.

    • Faresh@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      You can also do git diff --cached to see all changes you added to the index.