Nostr Attack Vectors Every User Should Know About & How to Mitigate Them

Published on: May 29, 2026 by

Many Nostr users assume that because it’s decentralized and uses cryptographic keys instead of passwords, it’s inherently secure and private. That assumption is incorrect in several important ways, but that doesn’t mean we cannot engage with Nostr in a secure and private manner. This article covers known attack vectors and how to mitigate them. I cover each point in plain language for regular users who aren’t reading the GitHub threads where developers are discussing these questions.

Note: My work is sponsor-free and ad-free; I am not being compensated to recommend the companies or tools I mention below. I am mentioning them because I actually use them myself.

1. Your IP Address Is Exposed to Every Relay You Connect To

When your Nostr client connects to a relay (decentralized remote server), that relay logs your IP address. Every relay you connect to does this. By default, most clients connect to anywhere from 5 to 20 relays simultaneously. Each of those relay operators, people you’ve probably never heard of and have no relationship with, now has a log associating your IP address with your npub.

Your IP address reveals your approximate physical location and your internet service provider. Combined with your npub and all your public activity, a motivated relay operator could correlate your IP with your identity. Most relay operators are not doing this, but the data is there if they wanted to. Nostr was designed for censorship resistance but the protocol makes no attempt to hide your IP.

Mitigation: Use a trustworthy, privacy-focused, Bitcoin-friendly VPN such as Mullvad or IVPN before connecting to any relay. This is the single most impactful thing a non-technical user can do for their Nostr privacy. You can also use Tor or the Nostr client Amethyst that can be setup to send your traffic through Orbot (Tor) on Android.

2. Your Encrypted Direct Messages May Not be Private

For most of Nostr’s existence, the standard for encrypted direct messages was NIP-04. Researchers at the University of Osaka and NEC, publishing in the proceedings of IEEE EuroS&P 2025, documented several concrete attacks against it.[1]

The core problems with NIP-04:

  • Metadata leakage. Even though message content is encrypted, the fact that you messaged someone, when you messaged them, and how often, is visible to every relay that handles those messages. Relay operators can map your communication graph, who talks to whom, without decrypting anything.
  • Broken encryption. NIP-04 uses AES-CBC without a message authentication code (MAC). This is a well-known cryptographic mistake. Without a MAC, an attacker can manipulate encrypted messages in predictable ways without knowing the key. The researchers demonstrated a full plaintext recovery attack by chaining this weakness with the link preview feature in clients like Damus, which had over 100,000 downloads at the time.

The attack worked like this: When you receive a message with a link, your client fetches a preview of that URL. The fetch goes out from your device, revealing your IP address and the exact moment you opened the message. More critically, the researchers showed that by exploiting the CBC malleability flaw, an attacker could craft encrypted messages that, when your client fetched the link preview, would leak the plaintext content of your private messages through the URL itself. NIP-17, combined with NIP-44 and NIP-59, is the replacement. It uses proper authenticated encryption and wraps messages in multiple layers that hide the sender from relays. However, NIP-17 adoption across clients is incomplete as of mid-2026.

Mitigation: Switch to a client that uses NIP-17 for DMs. Disable link previews in your client settings regardless: Receiver-side link previews are a privacy and security liability across all NIP versions.

3. A NIP-05 Combined With a Lightning Address Collapses Your Pseudonymity

If you have a NIP-05 address like name@yourdomain.com and a Lightning address served from the same domain pointing at your own Lightning node, you have created a publicly queryable chain that connects your human identity to your node’s full financial picture.[3]

The chain works like this: Your name resolves to your domain, your domain serves your Lightning address, your Lightning address points to your node’s public key, and your node’s public key is visible on the Lightning Network graph with all channel capacity and UTXO information attached.

From there, balance probing attacks (sending fake payments in varying amounts to find the threshold where routing fails) can reveal the spendable balance on your side of each channel, accurate to within a few satoshis. This is a published, academically documented attack.[2]

Before NIP-05 linked everything together, someone would have needed to already know your Lightning node’s public key to associate it with you. Now they just need your handle and a script.

Mitigation: If you run your own node and care about financial privacy, keep your node off the public payment path or focus on client that accept anonymous zaps. Otherwise do not use your own domain for NIP-05. Instead, consider using a separate self-custodial wallet, a node dedicated to Nostr, or even a custodial Lightning address that routes payments through their infrastructure like Coinos.

4. Your Zaps Are a Public Payment Graph

Every zap you send or receive on Nostr creates a public record. The zap receipt (a kind 9735 event) is published to relays and associates your npub with the amount, the recipient, and the timestamp. Over time, this creates a detailed, permanently archived map of who you pay, how much, and how often. This is the explicit design of NIP-57. The transparency is the point; it lets clients display zap totals on posts and profiles. But it also means anyone can reconstruct your payment history.

For most people this is a minor concern. For activists, journalists, or anyone in a jurisdiction where financial activity is monitored, it is worth knowing about before it becomes relevant. Anonymous zapping exists: Some clients let you send a zap without attaching your npub to the receipt, though most do not enable this by default.

Mitigation: If payment privacy matters to you, check whether your client supports anonymous zaps and use them. Be aware that even anonymous zaps flow through Lightning, which has its own correlation risks at the node level. Consider using eCash or other layer 3 solutions depending on your threat model.

5. Client Cache Poisoning Can Hijack Your Bitcoin Tips

This is one of the more alarming findings from the 2025 academic research, demonstrated as a working exploit.[1]

Nostr clients cache profile data (name, avatar, Lightning address) to avoid re-fetching it constantly. Several clients were caching this data indexed by an event ID supplied by the relay, skipping recomputation from the event’s actual content. A relay could serve a modified profile, replacing someone’s Lightning address with the attacker’s, and the client would display and use the attacker’s payment details while showing the victim’s name and avatar.

In practice this means: You think you’re zapping a creator you follow, you see their face and name, but the payment goes to an attacker. The exploit was demonstrated as fully working against past versions of Damus.

Mitigation: Keep your client updated. This is now patched in major clients that were affected, but it illustrates why blindly trusting relay-served data can be dangerous.

6. Your Posts May be Permanent, Even If You Delete Them

Nostr’s “delete” function (NIP-09) sends a deletion request event. It asks relays to remove the original post. It does not force them to. There is no mechanism to compel compliance.

Any relay that archived your post before your deletion request arrived keeps it. Any third party that scraped the relay before you deleted keeps it. Public datasets of Nostr events already exist and are used by researchers. Whatever you post publicly on Nostr should be treated as permanent.

This is the direct consequence of the censorship resistance that makes Nostr valuable. The same property that means no one can silence you also means you unsay something is very difficult.

Mitigation: Before posting, ask yourself whether you would be comfortable with that content existing forever. Do not post sensitive personal information.

7. Your Public Key Is Your Identity, and There Is No Recovery

Your nsec (private key) is the only thing that proves you are you on Nostr. There is no password reset. There is no account recovery. There is no support ticket to file. If you lose it, your identity is gone. If someone else gets it, they become you: Permanently in control, with full access to sign events as your npub and read any encrypted messages sent to you.

Most people store their nsec in ways that are more exposed than they realize:

  • Pasting it directly into web clients means the website has your key
  • Storing it in a notes app or password manager synced to the cloud means the cloud provider has access to it
  • Using it across multiple apps multiplies the attack surface with each app

The researchers who published the 2025 paper also documented key-replacement impersonation: multiple popular clients were not verifying event signatures properly.[1] A malicious relay could feed a client a forged event, a fake post or fake profile update, that the client would display as authentic because it wasn’t checking the cryptographic signature. The attack was demonstrated as working against past versions of Damus, Plebstr, FreeFrom, and Iris.

Mitigation: Use a dedicated signing extension or app like Amber on Android or Nos2x on desktop that holds your key separately and prompts you to approve each signature. Never paste your raw nsec into a web client. Keep an offline backup of your nsec in a physical location. Verify your client is updated to a version that enforces signature verification on all events.

8. Your Social Graph Is Public and Permanently Scrapeable

Your follow list, your follower list, who zaps you, who replies to you, who you reply to: All of this is public on Nostr by design. Combined across relays and over time, this data builds a detailed social graph that can be used to infer your interests, relationships, location, political views, and associations.

Anyone with the motivation to run a relay or scrape public ones can harvest this data. Unlike centralised platforms, there is no legal entity responsible for how it is used. The data is public by design, and that cuts both ways. Academic datasets of Nostr events are already publicly available for research. Whatever is on them is on them.

Mitigation: Be deliberate about who you follow and interact with publicly. Use multiple npubs for different aspects of your life if separation matters: One for public persona, one for private community. Nostr is not a private social network, and treating it like one is the main mistake to avoid.

9. NIP-46 Remote Signers Introduce Custodial Risk

NIP-46 (Nostr Connect or “bunker” signing) is a system where your keys live in a separate signer service and your client asks that service to sign events on your behalf. The intent is sound: It keeps your key out of client apps. The risk depends heavily on implementation.

Hosted (custodial) bunker services mean a third party holds your keys. That service is a target. If they are compromised, your identity is compromised. Unlike a custodial exchange where you might lose funds, here you lose your entire Nostr identity with no recourse. Self-hosted bunkers reduce this risk.

Mitigation: When using NIP-46, avoid services that hold your private key for you. The safer path is keeping your key on a device you control. On Android, Amber does this locally on your phone. For stronger protection, a self-hosted signing server or a dedicated hardware device keeps your key off shared infrastructure entirely.

Best Practices

On top of what was discussed in this article, here are a few basic best practices when creating your keys for the first time. Make sure your:

  • Device has a strong password
  • Device is up to date
  • Browser is up to date. I recommend using a dedicated browser or dedicated profile to isolate NOSTR from your personal and work browsing.
  • Make sure no screenshot software or AI tools are active on your computer, such as Windows Recall.

The Bigger Picture

Nostr is a young protocol. Its censorship resistance properties are real and valuable. But it was built to prioritise openness and decentralization, and the security and privacy assumptions that most users carry, that encryption means private, that decentralization means anonymous, that deleting means gone, regularly fail in practice.

Many developers are aware of this and the discussions are taking place in GitHub issue threads, NIP pull requests, and research papers; but most non-technical users never see them. The gap between what developers understand and what users assume is wide, and the consequences of that gap are real and documented.

The practical starting point for any Nostr user who cares about these things:

  1. Use Tor or a reputable privacy-focused VPN like Mullvad or IVPN before connecting to relays
  2. Use a hardware signer or signing extension. Never paste your nsec into a web app
  3. Switch to a client that uses NIP-17 for DMs and disable link previews
  4. Treat everything you post as permanent
  5. Understand that your zap history is a public financial record
  6. Keep your client updated: Several critical exploits were patched only after researchers demonstrated them publicly

Nostr is worth using. None of these risks require complex technical expertise to address, and most of them shrink significantly with a few deliberate choices.

Sources

[1] Kimura, S., Ito, R., Minematsu, K., Shiraki, K., & Isobe, T. (2025). Not in the prophecies: Practical attacks on Nostr. Proceedings of IEEE European Symposium on Security and Privacy (EuroS&P 2025). Also presented at Black Hat USA 2025. https://eprint.iacr.org/2025/1459.pdf

[2] A Byte’s Journey. (2021). Lightning Network privacy: Balance probing attacks. https://abytesjourney.com/lightning-privacy/

[3] Bouma, T. (2026). Nostr Note. “Not because I should or should not, but because I can. I created a utility that enables me to query any NIP-05 address and see if there is a bitcoin balance against it. […] The point here is that it can be done, so you need to figure this into your risk equation as a potential attack vector, asap. Your nsec is not only valuable for its reputation, but also money that might be attached to it.” https://primal.net/e/nevent1qqs2yswhhrk4ghmgph46dun3kxp7qcdnrc8c57jwyjmp93kzjxlw5lcma36aa

Daniella Liberati is the author of Beyond Money: Regaining Sovereignty, Rediscovering Humanity (foreword by Jeff Booth). She holds degrees in Economics, Corporate Law, English, and Teaching, and has spent over fifteen years working across technology and digital marketing. She is Bitcoin only with no sponsors or advertisers. You can find her work on this website as well as YouTube and Nostr.

Value For Value

The New Economy

I’ve never had sponsors and I don’t run ads. My content is fully self-funded and supported by readers like you.

This is value for value in practice; the peer-to-peer, no-middleman principle I write about in my book.

If you find value in the Bitcoin education I share, consider helping me scale my work by zapping me some sats ⚡️

⚡ Support this work via Lightning: daniella@coinos.io