[Bitcoin-development] Proposal to address Bitcoin malware

Brian Erdelyi brian.erdelyi at gmail.com
Sun Feb 1 13:54:08 UTC 2015


> BIP70 is quite safe agains MitB. If user copies URL belonging to other
> merchant, he would see the fact after entering it into his wallet
> application. The only problem is, attacker can buy from the same
> merchant with user's money. (sending him different URL) This can be
> mitigated by merchant setting "memo" to the description of the basket
> and some user info (e.g. address to which goods are sent).

I think BIP 70 does a good job at verifying where the payment request came from.  I’m not convinced this is the same as verifying the transaction (ideally OOB).

> But if whole computer is compromised, you're already screwed. Trezor
> should help, but I'm not sure if it supports BIP70.

The reason for OOB verification is if the entire computer is compromised.  Again, this may only be possible with a trusted intermediary or a web wallet.

Brian Erdelyi



More information about the bitcoin-dev mailing list