- Web3 developer Brian Guan lost $40,000 after accidentally posting his wallet’s secret keys publicly on GitHub, with the funds being drained in just two minutes.
- The crypto community’s reactions were mixed, with some offering support and others mocking Guan’s previous comments about developers using AI tools like ChatGPT for coding.
- This incident highlights ongoing debates about security practices and the role of AI in software development within the crypto community.
The developer said he forgot that his secret keys were in the repository.
If you have your secret keys in your repository you’ve already fucked up, long before you accidentally make that repository public.
One of the first things you should do in a repo is add a .gitignore file and make sure there are rules to ignore things like
*secret*or*private*etc. Also, I pretty much never usegit add .because I don’t like the laziness of it and EVERY TIME one of my coworkers checked in secrets they were using that command.
They made 2 errors.
-
Use crypto
-
Storing the key anywhere close to the repo.
- Letting AI code for you
-
I’m sad I didn’t see any comments saying he shouldn’t be using a $40k wallet key to test his software in the first place. Anything could happen with simple code mistakes…just get an empty wallet or one with a few bucks in it.
I have no sympathy for him, if he is a crypto developer he knows how important those private keys are. And he also knows people scrape public areas all the time looking for keys just like that. The whole point of crypto is to be immutable, so that money is simply lost to him now.
He seems to know how much of a dumb mistake that was, although his description of himself was a bit more colorful.
I can’t believe someone would be so stupid and careless as to develop Web3 software.
That’s the kind of mistake you only make once.
Some speculate that AI assisting him in programming could have made the error, in which case I hope he gets fucked by it again in the future.
