Damus
Coincards.com
Recent notes
We’re sharing this publicly because we believe in transparency, especially when things go wrong. Recently, a vulnerability in our system led to fraud on our platform. Here’s what happened — and what we’ve done about it: • Only 6 user accounts were affected. • All were fully restored to the rightful owners. • No payment data was accessed. • The vulnerability was patched immediately. • The affected system was removed entirely. The attacker used the flaw to change emails, place fraudulent gift card orders, and extract real value. Because gift cards are instant and irreversible, the financial impact hit us directly — in the tens of thousands of dollars. We’re a small team. We’re not VC-funded. We don’t have insurance for this. It’s a hard loss — and it hurts. Even worse? The attacker used privacy tools we've long supported to do it. We believe in privacy because it protects users from censorship, surveillance, and exclusion. But it can be exploited too — and this time, it was. Still, we’re not going anywhere. We’ve acted fast, cleaned up the mess, and are still building with our core values intact: non-custodial, privacy-first, and transparent. If you want to throw a little love to help offset the loss — grab a gift card or toss a couple bucks our way: 👉 https://btcpay.coincards.com/apps/mKibdqJwJJ7terKfCx7TMB7X7Z9/pos Or read the full write-up here: 📝 https://coincards.com/security-incident-august-04-2025 We’re still here. Still building. Still privacy-first. https://blossom.primal.net/dc8351fb31db1de8089e1d9005fcf94fecfe727239f3c2096f1bfaad95d51faa.jpg
