Integrity of ensuring the correct recipient of a BTC public address?

2

If a hacker gains access to a website and proceeds to vandalize the website, including changing the public-key of a BTC wallet, this would direct all payments to the hacker. Is this a security risk inherent to the use of BTC or is there something implemented that could prevent this? I am new to BTC/crypto-currency, so I don't fully understand all the details.

Michael

Posted 2013-05-17T14:15:35.463

Reputation: 206

Answers

2

Yes. Somehow, you need to tell the client what public key/address to send to. If the attacker has full control over the client, or your server, they can replace your address with whatever they'd like.

Nick ODell

Posted 2013-05-17T14:15:35.463

Reputation: 26 536

0

Your described situation is a security risk inherent in posting payment destination details for any payment system, not just Bitcoin. If a charity were to post bank wire information or a PayPal account, it's just as vulnerable.

Bitcoin is actually somewhat ahead of the pack here because of the ease of creating new payment destinations. Ideally, each new payment should be received at a new address. This helps the receiver determine when a payment has come through absolutely. The charity would have something that creates a new address for each donor, and then makes the private key available for spending somehow (or just use one of the established payment provider services that will do this for you).

As an aside, having any payment destination information be inside a digitally-signed block of text would greatly increase its authenticity. Bitcoin provides this signature system out of the box, but it is greatly underused!

Colin Dean

Posted 2013-05-17T14:15:35.463

Reputation: 6 559

Except, many payment processing applications provide recourse in the case of a fraudulent transaction. BTC at its core cannot enable this. Can a CA be used for generation of the public-key under a commercial merchant?Michael 2013-05-17T17:18:51.373