|
Title: API key with bitcoin signing SQRL Support Post by: Rassah on February 09, 2014, 06:44:40 AM Regarding this: http://www.theverge.com/2014/2/7/5386222/a-string-of-thefts-hit-coinbase-bitcoins-most-reputable-wallet-service
I propose the following: Exchanges working with wallet developers to implement a standard for a SQRL type system, where users have to add an authorized bitcoin address to their account, changing which will send out a warning e-mail and take 24+ hours to enable, and on the client side use messages signed by the private key of that bitcoin address to make all API calls. That way, no one can hijack the key and use it to steal funds without having direct access to the user's wallet. Comments? |