There are a dozen of issues with this scammy paper.
The most important is that it only worked on a couple of clients that didn't check signatures. These clients only connected to a static set of semi-trusted relays and changing the relays they connected to would require a manual typing operation from the user.
For the attack to work it required victims to manually type the URL of the attacker relay, which makes it completely absurd.
It's like telling someone to visit "verysecretnotscammywebsite.com" and type all their secrets there, then read their secrets because the website leaked them and write a paper claiming that the web is broken.
fiatjaf
npub180…jh6w6
2025-11-01 02:19:50 UTC
in reply to nevent1q…qd8d
Author Public Key
npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6Seen on
wss://offchain.pubPublished at
2025-11-01 02:19:50 UTCEvent JSON
{
"id": "c6c576bc62b409479c350c45371ffad7bdc81985359ccbaa994b91138e644b92",
"pubkey": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d",
"created_at": 1761963590,
"kind": 1,
"tags": [
[
"e",
"a256168fad77de9e64f1dc4da4ae6246b10217a766cc9333ade9e264a921f8da",
"wss://relay.primal.net/",
"root",
"5729ad991a7e0cb88971ced2348758105790d51160a09b22d0d8f39ca762de11"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c"
],
[
"p",
"3efdaebb1d8923ebd99c9e7ace3b4194ab45512e2be79c1b7d68d9243e0d2681"
],
[
"p",
"d325f9e9f1ba609b8f3b0e95e97f352637a0aa281ca401edf518daee07ed2267"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd"
],
[
"p",
"5729ad991a7e0cb88971ced2348758105790d51160a09b22d0d8f39ca762de11"
]
],
"content": "There are a dozen of issues with this scammy paper.\n\nThe most important is that it only worked on a couple of clients that didn't check signatures. These clients only connected to a static set of semi-trusted relays and changing the relays they connected to would require a manual typing operation from the user.\n\nFor the attack to work it required victims to manually type the URL of the attacker relay, which makes it completely absurd.\n\nIt's like telling someone to visit \"verysecretnotscammywebsite.com\" and type all their secrets there, then read their secrets because the website leaked them and write a paper claiming that the web is broken.",
"sig": "0ddaba47c38dd482923bd52daa6fa54aee08ce7a0fb45b43f6e00ab9285e2eaeee1a3594627e80dc38a374d9d5d7dd4cada4dfe3e7834bd23729d2321fcbd14d"
}