welcome messages and 2FA doesn't fix phishing but using 2-3 multisig on EIC does [explanation inside]

The onion cloner is a shitty thing. it proxies sites and switches out bitcoin addresses so you deposit to the wrong address.

it can even steal from people using 2FA -- yet people keep saying to use it when people get phished.

how it beats 2fa The onion cloner is a proxy - it will make the request for the 2FA - give the victim the the encrytped message. The victim decrypts it and submits it to the onion cloner and the onion cloner logs in. It then switches out your deposit address and you deposit to the wrong address and you lose your money.

welcome messages are useless proxying it just sends you the page with the welcome message from the real market after logging in.


how can 2-3 multisig fix his?

If you end up going to the onion cloner version of EIC, you don't deposit to the site. you make an order then it shows you the multisig address and the redeemscript.

the onioncloner cant detect multisig address,i tested. but even if it did you check the redeem script of the multisig address and if the address doesnt match the one on eic page and if your public key is not in the redeem script you know not to deposit.

no more fucking phishers stealing coins. even if they can access your accuont they can't steal your money, they need your private key on your computer.

stop getting your money stolen, lets make the darknets be where the bleeding edge of technology again like it used to before it got stuck


Comments


[3 Points] al_eberia:

PGP 2FA can easily defeat the onion cloner and other phishing sites if the markets would just give you a url to paste into the browser rather than just a string.

realmarketaddress.apple/verification/insertrandomseedhere

Even just having the real address in the 2FA message and telling people to double check it before sending the code would prevent nearly all phishing attempts.


[1 Points] akfir5io68:

any site has multisig nowdays, not just eic