Say you want to send someone a digital asset. Bitcoin for the sake of conversation.
Say you want to send a value of half a million US Dollars.
How would such an exchange work? Let’s assume that you’re both on opposite sides of the world, and you have textual communication, fully encrypted (but using software that you didn’t audit yourself).
You’d agree on the amounts, on the methods, be it fiat vs crypto, or asset vs asset, or payment for a service or a product. You’d agree on the final amounts to be transferred. You have everything written down as clear as day, and there are no open ended issues that you didn’t discuss or agree on.
You are the side that is required to send the crypto. You ask for your counter-party for an address. Where do I send my asset to?
The other side goes in their wallet, clicks on “Receive”, clicks on “Copy to Clipboard” after carefully looking at the generated public key. They then go back to your chat software, and click paste.
From here on you could go about it in a few ways, I’ll describe the paranoid method that I advise using. It’s not the best, and far from being enough, but that’s the most valuable imho action considering the cost/effect in such cases.
So now you see in the chat application a 30-something string of letters and numbers, for example: 1KFHE7w8BhaENAswwryaoccDb6qcT6DbYY
Nice.
You select the message received, and click on “Copy” to copy the address, public key, given to you.
You go ahead into your wallet. Setup the transaction, enter the amounts, and when the time comes to enter the address, you paste the address you only seconds earlier copied from the encrypted chat with your counterparts.
You take a very good look at the address copied, and you kind of memorize the first 4–6 characters, and I’d also recommend doing the same for the last 4–6 characters. At best it’s a 8 characters long string that you need to remember, recommended is to memorize, or simply verify visually, 8–12 characters (6 from the start, 6 from the end).
Just before clicking send, once you’ve been satisfied that our actions didn’t mangle the recipient’s address, you go back to the chat, and you Paste from Clipboard to your counterparts, and ask them to verify that the address that you have pasted is actually correct.
After receiving a confirmation, you aptly click send on your wallet software. If everything went well, you and your counter-party will be both satisfied within the next 10 to 60 minutes. Depending on your mutual trust for the entire cryptographic asset mechanism, and familiarity with the risks involved.
Silence
After a few dozen seconds your counter-party asks you if the transaction was published, just as you copy the transaction ID from your wallet software to paste it in the mutual chat.
You reply that indeed it was published, and you both check the transaction on a block explorer.
It looks normal. Your wallet shows the balance updated sans half a million dollars. You look at the chat history and look up the address sent by the counter-party, 1KFHE7w8BhaENAswwryaoccDb6qcT6DbYY, you look at the address in the transaction, and something blocks your breath as you mumble each character of the address.
One. K. F. H. E. Seven. V. D. W. W… see… nine…
You see three notifications in the chat, and you scroll down to the last messages.
Transaction confirmed. The address is wrong. Why did you enter the wrong address? Is this your transaction? It looks like the right amount. Didn’t you check before sending? Check your wallet, maybe you sent it to yourself?
The messages just keep scrolling faster and faster, and then stop for a while as you stare blankly at the screen trying to figure out what’s going on. Still haven’t manage to draw a breath properly.
You check the wallet again, and sure enough the balance is no longer unconfirmed. You check the transaction in the software, and see that indeed it showed the wrong address. It looks somewhat similar, but only matching in the first six characters and the last four. You notice too late.
Panic sets in. You’re starting to look for exits. Scroll up the chat history and check the pasted address. Sure enough, you’ve asked for a confirmation for the wrong address and your counter-party confirmed that indeed this is the address.
You take a screenshot. You click on “Reply” for their confirmation, and say that they’ve indeed confirmed the address. And then you notice dozens of unread messages that in the meanwhile piled up. They’re threatening to pack up shop and go if you don’t reply immediately. And then the messages stop.
The argument that arises as a result you can imagine for yourself. Who’s fault is it? Who’s to blame? Was there a theft? Did the deal go through? Every question just opens up more questions.
Some answer might be resolved if we knew exactly what happened, and forensics would show that there was malware on your device that eavesdropped your activity and once detected a bitcoin address it quickly generated a new address and replaced the one you copied.
In some cases such events might lead both sides to the court of law to settle who’s money was lost. In other cases it might be settled outside of court. Nonetheless, a tiny mistake, overlook, cost both sides grief and a hefty sum of money.
This scenario, I hope, is fictional and based mainly on my own experiences transacting with bitcoin and other cryptocurrencies, and some additive imagination fueled by rumors and hearsay’s around this subject.
The sums, along with the rest of the details, are not actually important, as different people have different associations of a lot. The address used in the example was randomly picked from the network while writing this.
The purpose is to illustrate that we’re currently ill-equipped to deal with the technology of private and public key handling. There’s if a fundamental shift in the way that we interact with pieces of information that’s need to occur before cryptocurrency is relatively safe to interact with as traditional money is today.
It’s simply not the same. Copying and pasting urls of cat memes does not teach us to worry about the integrity of the information being copied and pasted. And we all grew up to these habits.
I know this subject is detached from the average person and even those who deal with crypto on a daily basis will find these worries far fetched or overly paranoid. I do hope that it’ll find the right audience to begin searching for solutions to these problems.
If you know of a possible tool or method that addresses the problem above, or have an idea of how to construct such a thing, by all means inform the world.
