pull down to refresh
14 sats \ 3 replies \ @TSW OP 21 Nov 2023 \ parent \ on: How would you attack self-custody? bitcoin
I love the thoughtful blogposts and proposals @joko, keep them coming! I hope the SW & HW vendors can and work on these things more together. There are too many standards already, and all the different practices that are being used for self-custody aren't helping the end-user either.
Thanks for highlighting how the change address actually works. As I understand it the signature is only valid for the change address that is verified by the hardware wallet. So to attack the change address, you would need to attack the HW, which is more complicated than software.
Any idea/suggestions on protecting against address replacement when sending bitcoin as a user to anyone? Would that follow the same approach as in your blogpost if all wallets implement that? I guess so.
Right now, I'm considering doing a second verification over phone/chat/e-mail before sending bitcoin. Unfortunately, that cannot always be done since there will be many instances where the receiver also doesn't exactly know how their receive address is generated.
Currently, address verification through a second channel is probably the only viable option.
As I mentioned, silent payments (or any other payment code scheme) could be very helpful for this. You verify the receivers payment code on your hardware wallet and through a second channel once, then register it with a name on your hardware wallet. Next time you want to send a payment to that person, you just use the payment code that's registered on your hardware wallet. It's a big UX improvement too, because you don't have to ask for a new address every time you make a payment to that person.
The downside as of right now is that those payment schemes have limited liteclient support, so the receiver needs to have a copy of the UTXO set.
reply
Coming back to the browser malware idea. I'm not a programmer, but with help of ChatGPT it took me 30 minutes to modify a Chrome extension to swap the BTC address shown on a HodlHodl contract with my own BTC address using Javascript.
I took this open-source wallet to try this out: https://github.com/iamadamdev/bypass-paywalls-chrome
Only a matter of time before someone deploys this attack vector.
reply
wallet = extension
reply