Replying to Avatar JackTheMimic

I guess I don't understand what scenario we are talking about. In most cases of payment, you either own the domain that is displaying the address QR for your counterparty or you are in person to display the QR. In your proposed scenario you are sending a payment invoice over an unencrypted messenger? That on its face is an attack vector so, maybe I am misinterpreting what you mean.
Avatar
nick 8mo ago

Yeah! Anywhere along the transmission from wallet to sender, can be clipboard malware (most common) where you copy an address and the malware pastes in a similar but different address, or browser malware which substitutes addresses within web requests (after you hit withdraw on an exchange), or malicious QR code scanner, or intercepted during unencrypted message transmission like you say.

Software wallet is indeed a domain you control, can verify signatures etc. The other stages are less in your control.

Reply to this note

Please Login to reply.

Discussion

No replies yet.