bitgould on Nostr: Seems like clients don’t verify that signatures actually come from that hardcoded ...

Seems like clients don’t verify that signatures actually come from that hardcoded key (which they are definitely able to do). Until that is done clients are still vulnerable to a coordinator tagging attack.