Skip to content

Review the crypto address warning

We still have the patch "Bug 40209: Implement Basic Crypto Safety", which warns the user if they copy something that looks like some crypto address from a plain HTTP website.

A few questions I have:

  • Does this scam still exist? I'm guessing yes.
  • Has the scam been extended to other crypto currencies or address schemes? We only cover bitcoin (or bech32), ethereum, zcash (t-address only), and monero. Seems kind of arbitrary, and who knows what other crypto schemes have been hatched since this was first implemented.
  • Should we give up on this clipboard copy check? The user has to bypass the HTTPS-only screen to access this, we could just add a additional warning to the list of bullet points, maybe as part of #41555 (moved). Moreover, it is a hacky protection (e.g. see #41539 (closed)), which only works for known crypto address formats. We get both new crypto currencies, plus new ways to encode addresses for existing currencies.

/cc @richard

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information