BitClout uploads your keys to their server on every API request. Any employee with access to that server can steal all the money on the platform at any time

@nadertheory and team are too incompetent to build a browser wallet, so they decided not to 🤷‍♀️

10 pbkdf iterations đź’€
_every user_ has given their keys to the BitClout API server
I was wondering why I couldn't find tx construction logic in the frontend. It turns out it's because they post the key to the API so the API can sign for you

very polite of them to take custody of your funds without telling you
looking at users? That's a key upload
reading a post? key uploaded
checking your DMs? you better believe they upload your key
looking at users? That's a key uploadreading a post? key uploadedchecking your DMs? you better believe they upload your key
looking at users? That's a key uploadreading a post? key uploadedchecking your DMs? you better believe they upload your key
looking at users? That's a key uploadreading a post? key uploadedchecking your DMs? you better believe they upload your key
if you have used that seed phrase ANYWHERE, you need to consider it compromised, and rotate funds to new addresses from a new seed phrase

As a reminder:
_NEVER_ paste your key into a web page
official statement from @nadertheory on my thread

this "rumor" was started by their own API 🤡

I work as an auditor. No competent auditor would approve this tirefire of a wallet design. đź‘Ź Publish the audit reports đź‘Ź
"we take security very seriously" he said, while rifling through your wallet. "We promise that your credit card details and SSN are safely stored in my iCloud photos app"
in case it's not clear, "in-browser signing" is considered harmful by 100% of cryptocurrency experts

Bitclout admits that achieving trash-tier security was beyond their grasp, so they decided to just steal your keys instead
You can follow @_prestwich.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more