Topic: Solution for getting rid of clipboard malwares. (Read 327 times)

Hi dkbit98,

Thanks for your response. CRUXPay is actually using Bitcoin Blockchain as it's core to store the mapping of CRUX ID's with a priate key of the wallet. It is built on top of Blockstack. CRUXPay is useful for both the begginers and experienced users because it hides the complexity behind Blockchain based systems and now users can just use crypto's like in other payment method, Paypal.

The Image you have shared is the login page of wallets which are going to integrate CRUXPay in their systems. No login required on CRUXPay by any end user. The integration of CRUXPay is already live in ZelCore and Magnum wallets. I request you to please give it a try and share your valuable feedback.

Lets look at newbies that are first introduced to Bitcoin and crypto addresses.
They would benefit for something like this,
but I would prefer that we have some second layer solution on Bitcoin network to solve this
instead of using CruxPay or any other alternative

I think we need Website and account here, and this things can be hacked very easy :/
or maybe I am wrong?!



What tracking monster should I choose for registration?
How about NONE

Even the problem can be resolved by re-check before send , this new feature can help prevent great damages with lazy persons and make more difficult for hackers to steal your coins. AFAICU, if the device is infected by some(any) keyboard malwares , it can be used to send btc without the need to copy paste addresses.
After reading all comments , i think this is interesting . I really want to know more opinions from experts and blockchain devs.
I suggest op to move the topic to [project developpement] section or the [technical discussion] .

We have already discussed it with most of the wallets. The CRUXPay is currently live in Zelcore and Magnum wallet. The integration is currently on going in many wallets including Exodus.

We appreciate if you can use it and share your valuable feedback.

@ETFbitcoin

Thanks for your response. The mapping of CRUX ID with a private key of the seed of a wallet is Stored on Bitcoin Blockchain that is why I mentioned it is as secure as Bitcoin Blockchain.

By design CRUX does not enourage address reuse because this decision is taken by the wallet which is integrating CRUXPay. CRUXPay has features to update the address as soon as it gets used.

Updated antivirus is enough to get rid with clipboard malware there are many developers making new tools which is duplicate of any other software just to get $$.

You can protect your PC for any clipboard malware if you have both malwarebytes or any updated AV you don't need that tool which needs ID. 

@iasenko
@o_e_l_e_o
It is better if all the addresses are saved in the keypass but, CRUXPay is much more than that.

• You get decentralized human readable addresses mapped with all the addresses of your crypto assets so, sending and receiving funds is like sending an email or tagging a handle in a tweet.
• CRUXPay also explain a feature to recieve pull payments from the services you are using like how Amazon or UBER withdraws funds from your creadit card. In case of CRUXPay any service can send a withdrawal request to your CRUX ID and you can approve with a single tap to send the fund from your wallet.
• CRUXPay can also act like an identity manager in Crypto space like how metamask does for ETH based dApp's. Any dApp which has integrated CRUX protocal can connect With your wallet and talk to it for sending and recieveing funds and also use it as an identity for the dApp

@khaled0111
Your CURX ID and the asset address mapping will not be edited if the seed of your wallet is secured because the mapping of a private key from your seed and the CRUX ID is stored on Bitcoin Blockchain as a transaction so noone can change that if the wallet seed is safe.

Linking the new address to your CRUX ID when your previous address has recieved the funds can be done by your wallet so, if the wallet decides to update the address they can do it. CRUXPay has a provision for it.

@ETFbitcoin
CRUXPay is not a centralized system instead it is a decentralized naming service built on top of Blockstack. The CRUX ID is actually mapped with the seed of your wallet and this mapping is stored on Bitcoin Blockchain as a transaction so, noone can temper that mapping, if the seed of wallet is secure.

CRUXPay does not own the CRUX ID to address mapping so, this is as secure as bitcoin blockchain. Only the owner of the wallet seed can change the mapping.

CRUX protocol is a developed on Blockstack so, the naming is trustless.

Yes, CRUXPay is indeed a new service. It's very difficult to scan the QR code when the QR code image and the wallet both are in the same device [/list]

Is this different than zilliqa / unstoppable domains?
Do you have discussions with the most popular wallet providers to use this naming system? Because if not, it's all in vain.

Hey HeRetiK - Thanks for your response. Your human readable CRUX ID is basically mapped with a private key of your wallet seed and this mapping is store on Bitcoin Blockchain as a transaction so, noone in the world can temper that mapping if the seed of your wallet is secure.

You can visit this Doc to know more about the tech implementation of CRUX protocol:
https://docs.cruxpay.com/docs/cruxpay-protocol

We need to be aware of how we work to get rid of clipboard malware And the interesting services offered here should be avoided. These are commonly used to hack hackers You protect your privacy and do not use an ID for various purposes Different IDs should be used for each job.

That's what I thought too. Why need a software for such a little task... So much risks for so little reward. I've been crosschecking addresses I've been sending tx to and so far so good, it's the safest option. It has even become a routine for me. Being security conscious to that extent has helped me a great deal. But since we're different, I wouldn't blame anyone for using a software to take the "little" workload off.

This is a completely over-engineered solution to what is a very simply problem to solve.

Double check the address. It's literally that simply. Look at the address you are about to send to. Check it against the address you want to send to, direct from source (be that website, email, PM, wallet, whatever). You are introducing unnecessary trust for a third party as well as another attack vector for attackers because you are too lazy to double check an address?

I also went to their website and clicked on "Get Started", just out of curiosity. The only way to proceed is by logging in with either a Facebook or a Google account. What a huge invasion of privacy.

Absolutely avoid.

Seems like a great solution but haven't heard of them before. We should be careful using new service like this because their server will now be the hackers target. Why not scan qr codes of the wallet you are sending to.

it's as risky as using web wallets. If it's hacked, the hacker can simply edit the address linked to your user id and replace it with his address.
Also, there are some privacy concerns. As far as I can see, you can only link one address to your uid whilst it's advised to use a different addy for each transaction.
If you care about your privacy, you will have to login to your account and add new address whenever you expect to receive funds which is not practucal at all.

Read this thread created by LoyceV How to lose your Bitcoins with CTRL-C CTRL-V.

Is it your first time using their service or not? Interesting service to try to avoid these kinds of attacks, thanks for sharing it here as well as to iasenko for the information.

Isn't it better to use KeePass auto-fill function instead of using copy-paste. Just save all your addresses you are using to KeePass. So easy and safe.

Here is what I'm talking about, it looks like this:

What if an adversary changes the Bitcoin address that is aliased by human-readable shortname though? According to their site "you can easily delete or modify your addresses linked to your CRUX ID" which has me wondering what would prevent such an attack from happening. To make matters worse, people would feel safe that their clipboard hasn't been tampered with, while in the background payments are being routed to the wrong address without the user even having the chance to double-check.

Interesting service though, will keep an eye on it.

Recent days we have been seeing news and users reporting some clipboard malwares where the copied address were changed and the funds getting sent to hackets address etc., Getting a human readable short address that are typeable would mostly clear off this issue. I reacently can accross a similar service where your multiple coin address can accept payment through one human readable id created.

I tried it and fellt secure and easy. I call it because even when I am doing other work and not near the system my trading is "on". That is I enter this simple address no tension of cross check or malware hack or which coin I am trading it is just simple. It is just like a email id that's it.



Image source