Also worth noting here: Exposing wireguard is quite safe because the daemon doesn’t even respond unless it recognizes your key. It just drops the UDP packet otherwise.

Nothing is unhackable, but this is damn near close. Such a brilliant design.