This bug was made public in 2023 by satoshihunter1. It lets an attacker change the recipient’s Bitcoin address directly in Bitcoin Core’s memory, redirecting the funds to an address they control.
Why won’t this bug be fixed?Why won’t this bug be fixed?
From what I’ve read and understand, this bug can’t be fixed because it’s a vulnerability at the lowest level of the operating system. For it to be exploited, the computer already needs to be infected with malware that lets an attacker read and modify Bitcoin Core’s memory.
Lesson to learnLesson to learn
Don't use the same computer/phone where you store your Bitcoin wallet for random stuff, installing whatever you want. Keep those devices clean, don’t mess around with serious things.
My understanding is that this is why you use a hardware wallet, or hardware wallet 'interface' to send and receive.
That way the attack surface is minimal for when you actually sign and broadcast a transaction. Do I understand this right?
I'm not sure if hardware wallets really solve this problem. And don’t forget, there are situations where you just can’t use a hardware wallet, like at market stalls or other point-of-sale places.
For PoS or market stalls... you are using Lightning anyway no? And for that some phone apps or mobile apps are best.
My understanding is that users don't typically use the built-in node wallet for their funds, or only temporarily or small amounts. And it's not portable anyway so...
windows shit...
This isn’t just a Windows problem. You gotta be really careful with the Linux versions you install. I’m not sure how easy it is to sneak in malware, but on Windows, it can happen in two ways: either it comes pre-infected from Microsoft, or the user installs the malware themselves.
With Linux, since it’s open-source and you can compile your own version, it can also be pretty vulnerable. I don’t trust just any Linux version!
yeah but your conclusion is 100% the punch line. Perfect explained.
Only stupid clueless noobs are doing such things and get malwared.