Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve language around token storage security #1399

Open
Cryptograferio opened this issue Aug 3, 2024 · 0 comments
Open

Improve language around token storage security #1399

Cryptograferio opened this issue Aug 3, 2024 · 0 comments

Comments

@Cryptograferio
Copy link

Is your feature request related to a problem? Please describe.

This is not a problem with RoboSats, per se: the internet (and Bitcoin, and nearly any online chat/support forum) is unfortunately rife with people trying to steal your Bitcoin. For example, Telegram groups for mobile wallet apps like Phoenix are plagued by scammers who will DM anyone who asks for technical support, typically directing the user to a form where they should enter their seed phrase. Sadly, it works, because there are plenty of people who don't know better. As adoption continues and RoboSats grows, newbies will come and scammers will follow. A user's trade token is potentially vulnerable to this type of scammer.

When generating a token, there is a warning message that tells the user that they need to keep the token safe, to "recover your order or check its status". What isn't mentioned, is that if a scammer gets your token, and the initial lightning invoice payout fails, the scammer could easily replace your invoice with one to their own wallet/node. Considering that a user will likely join a support chat to ask for help when their invoice fails, we should expect them to receive scam DMs that say, "please provide me with your token so that I can look up your trade". Sooner or later.

Describe the solution you'd like

We could simply add a sentence to the token generation screen, and with a tool-tip/popup every time you copy the token, that says, "Do not let anyone else have your token! It grants access to your trading portal and puts your funds at risk. Protect it like you protect your money!"

Or something like that 😁

Describe alternatives you've considered

A warning message somewhere/anywhere would be good. A banner across the top of the screen would be a bit much, so just any time a user engages with the token (generation, copy/paste, recovery) would be a good place to show the message.

Additional context

N/A

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant