Most web apps use JavaScript with NPM dependencies, known to be hard to secure against upstream injections. Most people use Bitcoin by sending each other invoices and addresses over messaging apps. Sometimes web apps. Some of these can be attacked to replace addresses. Even if *your* Bitcoin wallet is not affected, the messaging app where you sourced the address from may be. A hardware signing device will not really protect you, since you will just confirm on the device the (fake) address you see in the message.
Long term, this makes the case for good payment protocols (like generalized forms of BIP21, BIP321, BIP353, Bolt12, etc.), integrated into good messaging systems (partially unrelated cool experiments are going on with stuff like Bitchat, Whitenoise, Keet, SimpleX, etc.).
Short term: for relevant amounts, confirm the address with the recipient over at least 2 decently secure channels.
Show original
25.39K
142
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.