Nostr app developers will always have an incentive to steal keys. People have done it a lot already. Stealing Lightning zaps by specifying a new LN address is just as much of a financial incentive as stealing on-chain, as well as the pushing of ads and roping people into coin scams and other fraud. The incentive to steal keys will always be there, and will only grow as more people adopt Nostr.
That being said, there is a reasonable level of concern here, but the solution is not to disallow on-chain zaps. It is to allow me to specify an alternative Bitcoin address in my profile to allow on-chain zaps to go to. I will not use LN addresses, as they are centralized via the domain name system. By using LN addresses, I am giving authority to the domain name system, which is controlled by the state, to allow me to continue to receive funds. Domain names are state-issued identities and state-issued identities are immoral. I don’t wish to involve them in any way in any financial transaction.
weev
npub1we…409xg
2026-05-07 07:35:06 UTC
in reply to nevent1q…unfy
Author Public Key
npub1weev88wc43slz6jjlq2h30ltmd0ccu9utfe8wet2kkax0w6epavqw409xgPublished at
2026-05-07 07:35:06 UTCEvent JSON
{
"id": "8d16feeedcb6945bd4e5567e97a369e9fae71f3b7e92edea946111aae2314e2f",
"pubkey": "7672c39dd8ac61f16a52f81578bfebdb5f8c70bc5a7277656ab5ba67bb590f58",
"created_at": 1778139306,
"kind": 1,
"tags": [
[
"e",
"aac1c41252127f73f4ca5daabab25118485cc689596370c9deb0455030ba62ee",
"",
"root"
],
[
"e",
"d61b62cfe22effe08fbf2cbdd51894c04fad5abb1b38fe664b050c2ec25d7fad",
"",
"reply"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"dd1f9d502c7951df47e8f8ed245e8bfa24f7e82c28f19399a8f0e74b06113a21"
],
[
"p",
"0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd"
]
],
"content": "Nostr app developers will always have an incentive to steal keys. People have done it a lot already. Stealing Lightning zaps by specifying a new LN address is just as much of a financial incentive as stealing on-chain, as well as the pushing of ads and roping people into coin scams and other fraud. The incentive to steal keys will always be there, and will only grow as more people adopt Nostr. \n\nThat being said, there is a reasonable level of concern here, but the solution is not to disallow on-chain zaps. It is to allow me to specify an alternative Bitcoin address in my profile to allow on-chain zaps to go to. I will not use LN addresses, as they are centralized via the domain name system. By using LN addresses, I am giving authority to the domain name system, which is controlled by the state, to allow me to continue to receive funds. Domain names are state-issued identities and state-issued identities are immoral. I don’t wish to involve them in any way in any financial transaction. ",
"sig": "a35f0030bc8ddbb53f066a31fc5f14da4130782ea72e3f6d87becb010fbf51be00298131b9d66de7c788a8d2b218a8ad790f71e812b73c0a23b8d0d5d1e74d49"
}