262 sats \ 5 replies \ @jeff 17 Jun \ parent \ on: My project got hacked and user funds were stolen devs
Your metaphor breaks down a bit, when you realize the hacker knew the rightful owner.
So, in your metaphor, its more like leaving an envelope in the street, with all your contact information on it, as well as the owner being physically nearby and ready to answer thr phone.
If you find a wallet full of cash, and the ID in it, and you take the money but return the wallet, you are taking somebody else's property.
Did they know the owner? was the owner the maintainer of the app or the user of the app who connected their wallet to it?
reply
They knew the host of the service via the domain they would have been hitting, (presumably?) they knew the maintainer's handle as the code was open source, and the OP said that they knew the victim, as the hacker had some kind of identifier used in the attack. They had enough to triangulate the owner and/via the maintainer.
If someone uses weak entropy and their wallet gets drained, was that theft? Whats the difference between using weak entropy and trusting insecure software?
reply
Weak entropy is closer to the anonymous envelop. There is no way to contact the owner of a wallet created with weak entropy.
But, put it this way: if your mother created a wallet with weak entropy, and you serendipitously found the weak entropy wallet and then took the funds, but you honestly didn't know they were hers until months later when she complained about an anonymous "hacker".
Would you give her, her funds back? Would you tell her you 'just found an anonymous wallet' and so you wouldn't give it back? Would you just stay quiet, lie by omission?
Does this change, if its a stranger?
You asked to have somebody change your mind. I have tried. I have my own answers to the above. I wish you the best, in figuring out your own answers.
reply