Original author: OneKey Chinese (X: @OneKeyCN)
Editors note: The upgrades of Taproot and Segwit have introduced new features to the BTC network, and have also allowed block data to be indirectly expanded, contributing to the explosion of the BTC ecosystem since 2023. However, the introduction of new assets and features also comes with new security challenges. How to maximize asset security in the BTC ecosystem with limited security infrastructure? OneKey Chinese has prepared an anti-phishing guide for Bitcoin ecosystem players. Odaily has compiled it as follows:
In late 2021, the Taproot upgrade took effect at block 709, 632. At that time, people were immersed in the craze of Ethereum NFT, and no one knew that this would be the most wealth-creating upgrade of BTC.
Taproot and Segwit upgrades have introduced new features to the BTC network, and also allowed block data to be indirectly expanded (equivalent to 1 MB to 4 MB), which has become the trigger for the explosion of the BTC ecosystem from 2023 to the present. The emergence of new assets such as Taproot Assets, Ordinals BRC-20, ARC-20, Runes, etc. has also kept Taproots transfer adoption rate at half or more.
However, the introduction of new assets and features also comes withNew security challenges。
The Bitcoin ecosystem has a different underlying model from the Ethereum ecosystem. The current situation in the BTC new asset ecosystem where many things need to be built and the threshold for understanding is relatively high is believed to make many users excited - after all, this often means the opportunity to get rich.
But this will also put forward new requirements for users awareness of safe operations, otherwise it will be easy to lose coins without knowing it. There have even been incidents such as the previous accident in which the Atomic market incorrectly used signature types, leading to hacker attacks.
Below, OneKey explains in simple terms how to protect asset security to the greatest extent and prevent phishing in the BTC ecosystem with limited security infrastructure.
A brief analysis of the specific impact of Taproot upgrade
Before describing the specific anti-phishing measures, we need to lay out the impact of the Taproot upgrade.
In addition to the previously mentioned indirect promotion of the prosperity of the BTC multi-asset ecosystem, great changes have actually taken place at the bottom of BTC transactions, mainly two: Schnorr signature and MAST technology. The combination of these two with PSBT (Partial Signature Transaction) gives hackers more room for phishing.
One is a Schnorr signature. Thats right, this upgrade has replaced the ECDSA signature in the white paper. The technical characteristic of this signature is that multiple signatures or public keys are aggregated into one. In the past, work that required multiple signatures for confirmation now only needs to be verified once, which directly reduces the space occupied by the signature.
One is MAST technology. If the former is an aggregated signature, then MAST is used to aggregate multiple scripts (for scripts, you can understand them as Bitcoins limited smart contracts). At the same time, when submitting for verification of unlocking spending, you only need to verify one of the spending conditions. The space occupied by complex scripts with many conditions can be greatly reduced.
These two technologies have the greatest impact on privacy, and they also imply room for security risks.
For transfer records, all UTXO transfers will look the same after the upgrade. In Mempool, the transfer type is displayed as P2TR, and the addresses are all addresses of the same length starting with bc1p.
In the past, you could easily distinguish the difference between transferring to a normal address (P2PKH/P2WPKH) and transferring to a script address (P2SH/P2WSH).
Now before you watch other people spend a UTXO, you cant tell the difference between transferring to a normal address and transferring to a script address.
For scripts, miner verification only needs to expose one spending condition of the script, and other branch scripts are unknown to the outside world.
5 tips to prevent phishing of new assets in the Bitcoin ecosystem
Obviously, the security infrastructure of the current BTC layer asset ecology is far less powerful than that of Ethereum, and there are many things that users need to understand and learn first.
At the same time, the principle of phishing is different from that of Ethereum. Many phishing attacks may not be well understood by the entire market before they are discovered. For example, the *SIGNHASH_NONE signature security incident in the Atomic market, and the Unisat/Xverse wallet also added security reminders later.
(1) The first trick: the commonplace basic skills of encryption security
That is to say, pay attention to the security of offline storage of private keys, pay attention to whether it is a trusted website, pay attention to protecting the computer from being infected by Trojan viruses, etc.
However, in a FOMO market, users may want to rush on a new project before a trust consensus has been formed. At this time, the next few tricks are particularly important.
(2) The second trick: clarify input and output
Ethereum has blind signatures. That is to say, when signing, if the wallet does not parse it, you can only see a mess of characters, and you cannot predict what will happen to the assets after signing. This also creates the risk of losing coins.
In Bitcoin, the input and output of a transaction must be clearly defined, as well as the corresponding transfer address of the input and output. (That is: Where did it come from, how many coins came and Where did it go, how many coins did it go.)
When signing, regardless of whether PSBT is used or not, the changes that will occur before and after the transaction will be clearly displayed in the wallet. Therefore, it is very important to check whether the input and output meet your expectations.
For example, if a hacker wants to steal all your Ordinals NFTs at once, the transaction input (INPUT) will definitely show that all your Ordinals NFTs have been put in. At the same time, the output (OUTPUT) will show that they have gone to strange addresses.
Take using Unisat to place an order for Ordinals NFT on MagicEden as an example. When you place an order for one or more inscription NFTs in the MagiEden market, the pop-up PSBT signature request will show that the input (INPUT) of the transaction is one of your inscriptions or multiple inscriptions, and the output will be displayed. Once the transaction is successful, you will receive How many Bitcoins to get.
(3) The third trick: be careful with the signature type
You can see a general introduction to Bitcoin’s current signature types here (https://btcstudy.org/2021/11/09/bitcoin-signature-types-sighash/…)。
The only signature types that need attention here are SIGHASH_NONE (0x02) and SIGHASH_NONE - SIGHASH_ANYONECANPAY (0x82). Both of these mean that you only sign the input of the transaction, regardless of the output of the transaction.
For transaction inscription assets, the safe signature type should be SIGHASH_SINGLE - SIGHASH_ANYONECANPAY (0x83), which can construct a complete transaction without trust through PSBT. This is also the signature type used by mainstream inscription trading markets such as MagicEden and OKX.
Take the Atomic markets previous mistake in using the SIGHASH_NONE - SIGHASH_ANYONECANPAY (0x 82) signature as an example.
When you place an order for the Atom inscription asset, you do see the correct input and output when you sign, that is, it specifies that the asset I placed the order is in the input, and the output also contains the money I can receive.
However, hackers can completely obtain the PSBT modification output, and the submitted transactions will also be packaged by miners, ultimately preventing you from receiving the money for the pending order. In short, it is because the signature type used only signs the input part, which ultimately leads to zero dollar purchase.
Fortunately, the current mainstream BTC ecological wallets, such as Unisat and Xverse, already support highlighting reminders or prohibiting signature types such as SIGHASH_NONE. If you see a prompt about a related signature type, do not use this signature unless it is for special purposes.
(4) The fourth tip: be careful when using scripts
If a project or platform requires you to transfer assets to a script address, you must be extra careful. When signing, you will see your assets go to an unfamiliar address in the output.
According to the previous content, you will know that after Taproot is upgraded, the script address and the user private key address are the same.
If the thief tries to use the private key address to spoof, the received assets can be transferred directly. If it is a real script address. That depends on whether they disclose the full contents of the script address. If incomplete content is published, although users can normally sign and transfer assets during use, one or more malicious UTXO unlocking conditions may be hidden. It may be that one day in the future, all UTXO assets will be suddenly closed and transferred away.
Even if they open source the entire script, currently the wallets on the market do not have the function to verify the integrity of the script MAST and the correspondence of the output address. Users who are technically savvy need to use Taproots algorithm to confirm. Or trust the project and team very much.
Fortunately, for current applications, transactions of various inscription assets do not require the use of complex scripts. PSBT (Partial Signature Transaction) can be used to specify input and output.
However, in future BTC L2 operations, there is a high probability that complex and multi-condition Bitcoin scripts will be involved. For example Babylon (@babylon_chain)’s Bitcoin staking script has relatively complex slashing logic and unlocking logic.
If you want to use this native staking method of Bitcoin script, it is particularly important to open source the script and verify its security and integrity. Otherwise, users need to absolutely trust the project side.
(5) The fifth tip: Pay attention to safety developments and take precautions before they happen.
Pay attention to leading accounts in the security field to ensure that you can keep up with the latest phishing techniques and get warnings as soon as possible. Cosine such as SlowMist@evilcos, Go Plus Security Official@GoPlusSecurity、Scam Sniffer@realScamSniffer, our OneKey official account@OneKeyCN 。
Regarding preventing problems before they occur, we can transfer security experience from other places. For example, in Ethereum, there is such a phishing method - that is, constructing addresses with similar heads and tails, causing users to mistakenly copy in the history and lose their assets. When constructing a BTC signature transaction, it is also possible to step into a trap because the output address is not clearly checked.
In mainstream BTC ecological wallets such as Unisat/Xverse, the Taproot address is displayed as bc1px…e9wh0 (example), and bc1p is the fixed beginning of the Taproot address.
This amounts to only showing 6 letters for confirmation. It has a common address address book function and basically displays more than 10 digits as standard for Ethereum wallets, which is obviously not enough.
This means that it is quite possible for hackers to conduct customized phishing by generating matching addresses (although not much on Bitcoin yet).
So if you do something extreme and nip it in the bud, you should check the address as completely as possible.
Anyway...
Study Bitcoin.
Study Bitcoin Security.
As Taproot introduces new assets and new scenarios to Bitcoin, we must also learn about new forms of security threats, especially evolving phishing techniques.
Especially now that the ecological infrastructure is imperfect, even misoperations such as coin loss and coin burning occur from time to time, let alone well-planned fishing.
Finally: OneKey always puts security first, keeping up with technological developments and updating shared security policies. The BTC ecosystem is one of the protagonists of this bull market. We will continue to pay attention to the security challenges of the BTC ecosystem and work together to promote and build a safer crypto asset environment.
