Guide Add info about address poisoning attacks

There was another address poisoning attack incident over the weekend, and discussion around address UX followed. I put together a quick mock of how wallets could warn about this.

My proposed addition would either go in the address page in the glossary, or the send page. We would suggest that wallets look at their transaction/address history and try to find identical or similar addresses to what the user has entered. Based on the finding (like an address with the same start and end that only sent dust to the wallet), the UI could ask the user to double-check or use a different address.

Peter Todd stated that this should have been baked into the Bech32 address format (bc1-qep2un4-cvwmhf...), but to me it's more of a UI-level issue. We should be able to rely on wallets to do some basic checks for us and help prevent mistakes.

May 08 '24 10:05 GBKS

@GBKS assgin this issue to me

Mar 17 '25 17:03 wareeshaali2003

Done! Thanks for your interest in this issue. How familiar are you with GitHub and the contribution guidelines? Anything I can do to help you get started?

Mar 18 '25 10:03 GBKS

@GBKS I want to contribute to the main design. Where can I access the Figma file for this issue?

Mar 18 '25 11:03 wareeshaali2003

I put that particular visual from above in a new Figma file for you. https://www.figma.com/design/qbZF91H7fLYtrx11zy2zHC/Address-poisoning-attack?node-id=0-1&t=dVV34vBt2kZdJkNn-1

You'll have to duplicate it to edit. Giving you edit rights on this file would cost me $30 or so per month.

Mar 18 '25 11:03 GBKS

@GBKS Thank you so much! I am starting work on this issue from today.

Mar 18 '25 11:03 wareeshaali2003

Awesome. Just to give you a little guidance, there is not a huge amount of visual design to do here. It's all about:

Communicating as clearly as possible to the user that there may be a problem with the address they entered.
Giving them easy-to-understand options on how to proceed.

It's a lot about choosing the right words.

Mar 18 '25 12:03 GBKS

https://www.figma.com/design/OIB6ySRustNKtaFeL5O9yB/Address-poisoning-attack?node-id=0-1&t=A8LLPHLxNYcUPW5b-1 @GBKS I have made some UI enhancements that will be useful for the user, such as changing the warning to an alert icon and adding a "Learn More" option where the user can learn about poisoning attacks and how to stay safe from them. Do you think any further changes or additions are needed? Can you guide me on this?

Mar 18 '25 18:03 wareeshaali2003

Nice work. I like the additional information. What do you think of using the toggle to let the user decide to continue with the address they entered? It does not feel super intuitive to me. What options do you think we should show?

Mar 24 '25 13:03 GBKS

That's a great point! The toggle might not be the most intuitive option, as it doesn't clearly communicate the risk or next steps. Instead, we could provide two clear buttons: 'Proceed Anyway' (with a confirmation prompt) and 'Choose a Different Address.' This way, users have a more deliberate choice and are fully aware of the potential risk before continuing. What do you think about this approach?

Mar 25 '25 01:03 wareeshaali2003

@GBKS I have made some new changes. Do they look fine, or do they need further adjustments? Your guidance would be very helpful to me. I have added some user flows to guide the user in a better way. https://www.figma.com/design/OIB6ySRustNKtaFeL5O9yB/Address-poisoning-attack?node-id=0-1&t=BGunOXdx0XPzk4Kd-1

Mar 26 '25 03:03 wareeshaali2003

Thanks for iterating. I am not sure "Choose a different address" is the best option here. Maybe:

Move the two options into the grey box, so it's clear they are related to the warning
Change "Choose a different address" to "Use other address"
"Choose a different address" may not be needed as an option, since the user can just edit the input field

I am not super happy with the wording of "other address". We are dealing with two addresses - the one the user entered, and the one in the users transaction history that has a similar start & end characters. What is a good name for this second one that we can use? I think this can be made more clear with some small tweaks.

Mar 26 '25 08:03 GBKS

Great suggestions! Moving the options into the grey box makes the connection to the warning clearer. I agree that we need a clearer term for the second address. Maybe Previously Used Address or Historical Address? This would differentiate it from the one the user is entering. Let me know what you think!

Mar 27 '25 01:03 wareeshaali2003

I have another suggestion: What if we bring back the toggle button? When the user toggles it, a popup appears, and then the warning message is shown.I have made some changes and tried to incorporate the provided information. Your review would be very valuable to me. Thank you! https://www.figma.com/design/OIB6ySRustNKtaFeL5O9yB/Address-poisoning-attack?node-id=0-1&t=WFF4bXNtWcWemCz0-1

Mar 27 '25 01:03 wareeshaali2003

@GBKS Just wanted to follow up I’ve updated the design. I’m looking forward to your feedback whenever you get a chance. Thanks!

Apr 12 '25 11:04 wareeshaali2003

Thanks for keeping iterating on this. After seeing your iterations, I also wanted to take a stab. It's very elaborate, but should be much clearer for users. I think it's fine to be very explicit when the users funds are at stake. What do you think of this one?

Apr 23 '25 13:04 GBKS

@GBKS Thanks a lot! I really like this version it’s much clearer and focuses more on the user. I agree that being very clear is super important, especially when people’s money is involved. I’m going to use this layout as inspiration to improve mine too. One thing I’d like to add is a confirmation popup after the user clicks “Continue with entered address.This would give them one last chance to double-check. Something like: “Are you sure you want to proceed?” and a warning that the address hasn’t been used before, and if it’s wrong, the money could be lost. What do you think about adding that extra confirmation step? here are the some changes https://www.figma.com/design/aMfLysUWs3IsKWmg1BUZrs/send-bitcoin?node-id=0-1&t=880TedrFxVLRoA5H-1

Apr 26 '25 03:04 wareeshaali2003

After inputting information, users are usually shown a review screen (see guide examples) that summarizes what they entered. How about just adding a small not there?

Let's try to wrap something up and create the pull request for the guide. I'd love to see this live. I stumbled on another report of an address poisoning attack a few days ago where someone lost a lot of money.

Apr 28 '25 09:04 GBKS

@GBKS I’m a bit confused about which folder in the guide I should make changes to. Or should I create a separate .md file specifically for address poisoning and then create a pull request? I would really appreciate some guidance on this.

Apr 29 '25 20:04 wareeshaali2003

Since this is a small addition about a very specific scenario, it would be best if we could find an existing page that this logically fits into. Some related pages:

Sending bitcoin in the daily spending wallet. Not a 100% fit, since much of this is about lightning network payments.
Savings wallet fits because this is an onchain wallet. There is a paragraph about making large payments that this is particularly relevant for.
Security in the daily spending wallet. Fits with the topic of proactive security.
Address in the glossary. We have a paragraph about address validation that this could fit in with.

There might be other candidates. What do you think is a good place?

May 02 '25 07:05 GBKS

Just watching up with this thread - I think creating a section for Preventing Address Poisoning Attacks under the Sending Bitcoin section would make sense.

May 02 '25 11:05 swedishfrenchpress

This also ties up with the test transaction section we want to add, as well as silent payments which help prevent repeated handling of addresses that in the first place!

Jun 02 '25 14:06 yashrajd