Utilize copypaste malware defense

[nopara73]

@jlopp you mentioned in you Building Bitcoin talk that you are utilizing a copypaste malware blacklist to prevent users from falling for that. Can you point me to the blacklist? I am unable to find it.

[jlopp]

We had to compile it from a variety of sources. Looks like there was a pretty big list found recently that may have over 2M addresses https://techcrunch.com/2018/07/03/new-malware-highjacks-your-windows-clipboard-to-change-crypto-addresses/

And that's just for one of the malware payloads.

here's another list of addresses from a different trojan: https://securelist.com/tales-from-the-blockchain/82971/

[nopara73]

Thanks, however I think this is a serious performance hit. How do you solve that?

I drop here two ideas for us:

• Maybe Golomb Rice filters can help @lontivero ? But then there are false positives :/

• Or just add an "isblacklisted" query to our backend, our server is fast, but is it that fast? Or maybe we could combine the two ideas.

[nopara73]

Another idea:

Emphasize 4-5 characters in the address so the user is more likely to check it manually. (I think 4-5 is good enough, because that's how well one can generate vanity addresses.)

Interesting insight:

Bech32 addresses are complete defense against older malwares like this:) Of course it's just a matter of time.