Nostr Archives

Over the past few hours, some Keychat users may have noticed several strange messages like the one shown in the screenshot — “null invalid HMACtrack: decrypt failed” — when sending messages in a large group. Our current suspicion is that someone was spamming NIP-17 messages to the receiving address subscribed to by the large group. Those messages were received by the group, but failed during decryption, which led to the error shown in the screenshot.

💬 4 replies

Replies (4)

Flowey6d ago

How was this resolved?

0000 sats

Keychat6d ago

It appears that the spam has stopped — they’re no longer sending spam. However, we still can’t be 100% certain at this point.

0000 sats

Flowey6d ago

I understand. What approach do you think could be used to prevent this?

0000 sats

Keychat6d ago

When the Keychat client fetches messages from Keychat relay, the relay requires the client to specify the receiving address. In other words, the client must say which receiving address it wants messages for, rather than simply asking the relay to return all kind 1059 messages from the past hour. We are not sure whether other relays enforce the same rule, but for private notes this requirement is very reasonable. We hope more relays will adopt it as well. That would make it much harder for outsiders to discover a group’s receiving address. Users can also click “Update My Group Key” from time to time. This will rotate the group’s receiving address.

0000 sats