In early October while the team was scrambling to complete the recent MTP release, we were hit with a wave of scams on our Discord server. Since the launch of Znodes, scammers have tried to scam people out of their hard-earned Znode collateral. Since our first high-profile case, we have warned people of impersonators and urged them not to reply to offers for “help” via private message. Much to our dismay, we still kept hearing from users who had lost the entirety of their coins, sometimes representing a big part of these people’s life savings.
The way this type of scam works is through social engineering. First, the scammer preys on users posting questions. Then, they impersonate a team member and offer help with diagnosing their issue via private message. Having gained their trust, they finally get them to reveal their private keys.
While we were still polishing MTP for release and we found a scam wave to be rolling, we said: enough is enough. Determined to change something about this situation, we decided to hold off the MTP release until we had built in a safety net for our users.
The Core Problem
How do scammers get a person to send their private keys to them? The answer lies in the ambiguity of the Bitcoin Core RPC command dumpwallet. Whatever you associate with the words “dump wallet”, for many users it is not “export private keys”. This, though, is precisely what it means.
To understand why users type in this command and send the output to a scammer, consider the context.
- They have just been approached by what they think is a team member. This immediately creates a basis of trust.
- On top of that, they are flattered that a team member is taking the time to personally diagnose their issue in private.
- The context of the conversation and pretext to get the user to type the dumpwallet command is diagnosis. The word “dump” in the computer sphere is a legitimate term associated with diagnosis through terms like “core dump”, “memory dump” etc. This distracts from the fact that dumping a wallet could just as well mean: open it and dump all your coins on the counter.
The Zcoin Solution
The obvious solution would be to rename the command to something like “dumpprivkeys” (dumpprivkey actually exists to dump just one private key). But we didn’t think renaming the command is good enough. Even if we had done this, a careless user could still copy and paste this command to their console to export all their private keys.
We needed to warn the user before the dump happens. Now the question was: How can we make sure people read our warning? If there’s one thing that users (including us) are good at, it is ignoring warnings. Years of “Next”, “Next”, “Finish” have left a mark on the neurons of computer users. Luckily, one of our developers had a bright idea. Why not make the successful completion of the command dependent on reproducing a part of the warning?
The solution that emerged looks as follows. The dumpwallet command now requires two parameters. Like before, the command first needs a filename to write the keys to. Secondly, and this is new, the user is asked to provide a one-time auth code (OTAC). This OTAC is part of the warning message.
The trick is that to get the OTAC, you first need to run the command unsuccessfully (!) and read the resulting warning. The warning then states what the command will do and what the consequences can be. Furthermore, it goes on to explain that the output does not have any diagnostic value and that people asking for this command’s output are planning to steal your coins.
We understand that this procedure might be slightly annoying for users who quickly want to dump their private keys to a text file. However, we have seen this scam happening more often than we can bear with. We strive to make Zcoin as anonymous as possible. We strive to make it easier to use, but we also need people to be safe when using our software.
By releasing this feature, we hope to have undertaken a good step toward making Zcoin safer to use for everyone.