1. Nuup Custodial Wallet Vulnerability: Stellar Private Keys Stored Unencrypted in Database Despite Encryption Field
A critical security gap has been identified in Nuup's custodial wallet infrastructure. The platform's `Wallet` model includes an `encrypted_secret` field intended to store AES-256-CBC encrypted Stellar private keys, but the actual implementation in `authController.js` stores raw secret keys in plaintext. This means any...