Detecting a covert address swap

Dmitry Petukhov published a detailed article on cover address swap. We present a summary and explore covert swaps, how they can affect Bitcoin users and a few simple solutions wallets (or even you!) can implement to protect themselves.

There was a recent hack a few months ago that involved Bitcoin but was in no way a hack on Bitcoin, it was a hack on the users. The hack targeted users of the windows platform and was a malware that replaced their copy-pasted addresses with the address of the attacker, so unless the sender double checks the address he is sending to, he could send his coins to the Hacker’s address without ever realizing that this wasn’t the intended address.

This is called a covert swap and can be done through many different attacks. You can use malwares to replace the address on the receiving computer or on the sending computer, you can even intercept the address in the communication stream and replace it if its not encrypted, if for example the website showing the address is not using the https protocol.

Currently there is two ways to protect yourself from this attack, the first way is a pretty obvious one, you can communicate the address on a separate communication channel and manually check it, this is easy but a tad tedious and error prone, humans mostly check just the first few characters and assume if they’re equal then the address is probably the same, in this case a [vanitygen_wiki][vanitygen] address generator can be used to specifically fool these persons.

The other option is using one of BIP 47 or BIP 75 (both still in draft status), the drawbacks of this option is that both BIPs are quite complex and not all wallets do support them, very few wallets support these and of the ones they do, there’s still usage problems.

One of the simpler solutions here is using a visual fingerprint the same way other crypto-currencies like Ethereum have already done , an example for a visual fingerprint is Chernoff’s faces. Chernoff’s faces depend on the address and even a slight variation in it creates a totally different face figure, so it might be easier for humans to see the variations in these faces than detect variations in the characters of the receiving or sending address, these figures can be transmitted in a different communication channel or even in the same channel in the form of pictures, a malware analyzing an image and replacing the face is much harder than just replacing a block of text.

The other solution is a bit harder to implement but can be much safer, every Bitcoin wallet has a signing mechanism, this allows you to sign a message using one of your keys that is considered as a proof of ownership to that address. Standardizing a message that could include the destination address in that signing message can help establish trust between two parties, that way in no point of communication an address swap can happen because it was encrypted at the source and decrypted at the destination, if a message form is standardized wallets can take the message, decrypt it and fill the transaction from the decrypted message without the need of a user copying and pasting the address himself.

These are just a few simple solutions for the problem, some services are already making “avatars” for users addresses, enabling them to check in a much friendlier way, we hope some of these solutions can make it to mainstream wallets and help their users avoid getting scammed.


Comments powered by Talkyard.