225 sats \ 1 reply \ @petertodd 22 Oct 2022 \ on: Don’t bother with hardware wallets in card format bitcoin
Good writeup.
The way I describe this problem to consulting clients is to say it's a matter of validating user intent. The only thing that a card can validate is that you intended to make a payment at that time. How much, and to whom, you can't validate at all.
Though even hardware wallets with screens are tricky to use re: intent too. Yes, they can tell you what BTC address you're paying, and how much. But that's not the same thing as telling you who you are paying.
If you're making a 50BTC payment with a hardware wallet - indeed, any wallet - double check the address in an entirely different way! Eg if the address is a deposit address for an exchange, call them up and verify it over the phone in case your browser got hacked and the address has been replaced by the hacker. This does happen.
Thanks! I'd argue intent validation can be done in various forms though, such as an encrypted software wallet or 2FA key (f.e. Blockstream Green).
I think there's actually a lot of room for improvement in address verification, for example signed deposit addresses.
At least for withdrawals, most exchanges nowadays make you confirm the bitcoin address via email, which the user can (and should) check on another device. This is not the case for deposits though. BIP47 payment codes could help with this, but unfortunately have other downsides, like poor light client support.
reply