Sabitlenmiş Tweet

Community, We Need Your Help
Before we bring the server back online, we need your help identifying the actual cause of the hack. So far, I haven't been able to determine how the attacker gained access.
I'm not a cybersecurity expert, and my knowledge in this area is limited. To help investigate, we're making our source code public so the community can review it and help identify any potential vulnerabilities.
codeberg.org/nonlogs-io/cor…
Our current suspicion is that the attack may have involved JWT token forgery, possibly due to a leaked secret key or a successful brute force attack against the secret key. However, this is only a hypothesis, and we need experienced developers and security researchers to help verify the real cause.
If you have experience with backend security, authentication systems, or JWT, your help would be greatly appreciated. Our goal is to fully understand what happened before bringing the service back online to ensure everyone's funds remain safe.
Thank you to everyone willing to help.
English











