Transactions Made On Invalid Addresses

I did mention the microtransactions cons point.
Regarding the green and red bar - it can be implemented at the client side ensuring that there exists this address on which you want to sell. But after hearing to this type of malware, I think the idea which I proposed would be really safe.
How my idea works :-
With every Address there is a keyword associated which remains constant forever.
So while sending the coins we input 2 fields : Destination Address & Receivers Keyword.

If these 2 match with the receivers address and keyword, the transaction takes place.

So even if the address is changed by any such malware, the transaction won’t take place because the keyword and address doesn’t match (like login id & password pair). And since these keywords can be small, therefore if even this phrase is changed by the malware it will be easily noticed (or we can even type it since it will be small).

2 Likes

@tom.kelly This topic seems to have taken on a more technical discussion with some ideas for future use case implementation.

Do you think this should be moved to the Dev sub forum?

4 Likes

Just random thoughts, I don’t know if this could be done or if it breaks some fundamentals.

What if like traditional mail you could have 2 options:

  • The current one where you send ADA to a certain address and that’s it, they’re gone, faster and cheaper fees but riskier, just like when you put your envelope inside mail box.

  • A “signed for” option where you pay a slightly higher fee. After sending payment this way ADA moves to a pending state but recipient has to confirm transaction before actually receiving anything. If recipient doesn’t exist then after X time determined by developers transaction gets cancelled and pending ADA would move back to sender’s wallet.

2 Likes

I guess this would require a trusted holding account as the initial transaction would have to go somewhere, it couldn’t just sit as pending on the blockchain.

Nice idea though and i’m sure there will be a way to implement this with a trusted intermediary and smart contract to decide which way the balance got sent (forward to recipient on confirmation or returned after timeout)

1 Like

Uploading…
Okay, so this thing just happened with this guy, and the amount involved is huge.
Found this post on a fb group.
This is actually a serious concern.

1 Like

Stellar network has a similar simple mechanism called federation address, maybe Cardano can adopt?

Definitely an urgent matter.
Hope IOHK is working on it? @io_jeremy

Nonetheless, there is a possibility that the victim has been phished using API calls like this guy a few months ago. The first answer on my link (by all_is_all_to_all) is a great explanation

Hello ADA Cardano Community. A strong believer from the get go on this project. Great work. I have a question when sending ADA from the Daedalus wallet. I copied and pasted a Binance address to send. I sent roughly 750 coins to that address. The transaction confirmed on the wallet.

My question is, how come it is not showing on my Binance wallet after 1hr of waiting? Any help will be greatly appreciated.

There is a checksum on the address, meaning you can’t just change one number/letter and send. It would be invalid. You can of course send to a valid but wrong address.

2 Likes

Yes, but not all coins are lost by sending to wrong addresses. I think most of it is lost due to hardware loss (broken HDD), missing key or death of the owner.

When I send a large transaction in crypto currency, I always do a test transaction of a much smaller amount to make sure the money goes to the correct wallet, this is to avoid and invalid address, or even worse a wrong address. This causes double the transaction fees.

I would like to see a feature that allows a sending user to confirm the receiving users wallet address, and provide some form of positive confirmation to both parties , or at least the sender, prior to the transaction.

The main purposes improving the addressing issues, in my opinion, is to reduce redundant transaction fees and improve user confidence when sending digital currency.

You could consider installing Qubes OS if your current system can run it.
Get yourself a new hard drive and install it into your current computer then install Qubes OS on it.
Keep your current hard drive around in case you forgot to transfer something over.

1 Like

Thank you, yes I explored that possibility already, and I am sure it is a great advice, but I am not a developer and only able to write basic lines of code. So I have been advised to choose the Virtual Machine option instead (such as VMware Fusion) with Ubuntu installed on it.
And currently waiting for the Linux version of Daedalus to get released, as I am not sure to be able to compile it myself from scratch with nix.

Will probably send the lot on Ledger Nano S when ADA will be supported, and cold stake it via a proxy key as Charles mentioned.

1 Like

Well blow me down - I’ve managed to do exactly this - send ADA to an apparently valid but wrong address.
Still not sure how I managed it. Other than obviously becoming a bit careless after successfully sending two smaller test amounts.
I (mostly) use a separate machine for cryptos - disconnected when not in use - and copied the receive address generated on it by my Daedalus wallet to a thumb drive - which I then moved to a different box for sending. The send was from a Cardano wallet on an Australian-based exchange - the send-to address simply copied & pasted from the stick as done before on quite a few occasions with other cryptocurrencies.
It never reached my Daedalus wallet and it’s only today that I investigated & finally reaslise the receive address is incorrect. [Bits of the address seem to be like the one generated, but other bits seem quite alien. Possibly I’ve mixed up two bits of the text - dunno.]
But the ADA - about $1k’s worth - has gone off…somewhere.
To my chagrin, the exchange even sent me a confirm-before-send email which quite clearly shows the errant address - I just didn’t notice and approved.
Blockchain explorer tells me the receive address I’ve sent the ADA to doesn’t exist.
As mentioned above - in a banking situation, transfers to a non-existent account simply bounce back. But not here I gather.
Is there any way I might recover this ADA ?..

Respect.

Seeing that you have no receiving party it is fixable, a contract run should be able to sweep it back to the originator from their it would be up to them to credit you if I’m thinking this through correctly.

We can have customized addresses too just like email addresses.

I think we can adopt something like bitcoin’s payment protocol in our wallet.
Instead of sending coins to a pubkey address, you send them to a url, wallet would request the url and get the address returned.
So when we deposit to exchange, instead of copy a pubkey address to our wallet, we copy a human readable url, that’s much better.
The problem is normal people don’t run a server, so they don’t have this url to receive payment.
Maybe we can run a name registry system on the p2p network, then we input the receiver’s name in our daedalus wallet, it finds receiver’s online wallet by name, query the pubkey address and send the coins.
“I have no idea if this p2p dns thing works at all, still thinking about it.”

1 Like

On the cardano roadmap is the development of human friendly adresses. I think in the implementation of this one could also look at this problem. First one should be aware of some of the limitations:

  1. Whatever you do it should not give a big overhead to the blockchain information being sent. Firstly for efficiency concerns but secondly for speed concerns as I think one of the main reasons for a distributed desentralized currency is that it would allow AI economies where contracts are resolved in the matter of milliseconds. In such a system the old traditional paper/credit card system would not work well. So one needs to accomodate for this.
  2. It should quickly allow the user to get the information it needs to verify if sending correctly.
  3. It should stop currency from being stuck in a adress thats void.

I think what best captures this is either a verifying system that is resolved once and then you trust the adress and with option to re-verify. This would cause some efficency slow downs but much less than verifying every single time. It could be sent across the current blockchain but it would be slow and not well suited for AI economy only when something has been verified would you get the very fast transfers. Another system would transfer adress info in a different layer and could be envoked only when required by the sender. This would fit into a human friendly adress and could be programmed as a layer in the blockchain. This would allow humans to send with verification while AI who do not do mistakes could have theyre own program rutines to verify adresses and send faster with adress only.

Also the system has to void any transfer to a adress that is not valid. In verifying methods this can be done simply by not allowing to send when the adress cant be verified. For the fast transfer with adress only there should perhaps at time interwalls be done verification runs of transactions sent to unverified adresses (a sort of garbage collection rutine) and a microtransaction back to the user who tried to send to a void adresss.

To my amazement & relief, the originating exchange (Coinspot) has been able to cancel my errant transaction and the lost ADA have been returned to my original Sending wallet!
I am most grateful for their prompt and superb support.