Author: Peter Todd 2014-02-10 19:40:32
Published on: 2014-02-10T19:40:32+00:00
On Tue, Feb 11, 2014, naman naman posted a thread on bitcointalk.org for a possible attack scenario and informed Gavin, Mike Hearn, and Adam about it. This is similar to what happened with Mt. Gox. The attack could have been prevented by training customer service people to ask the customer if their wallet software shows a payment to a specific address of a specific amount at some approximate time. Exact payment amounts unique can be made by adding a few satoshis to make sure payments can be identified uniquely over the phone. However, the procedure followed by Mt. Gox did not investigate why the funds didn't arrive and let front-line customer service reps manually send funds to customers was a serious mistake. The attack is more of a social engineering attack than a technical one, and it emphasizes the importance of well-thought-out payment protocols. The BIP70 payment protocol does not yet handle business to individual or individual to individual payments, but a future iteration can handle this type of problem better. Additionally, stealth addresses have an inherent per-tx unique identifier, the derived pubkey, which a UI might be able to take advantage of.
Updated on: 2023-06-08T02:50:17.131519+00:00