Missing coins!!!

[hosseinimr93]

Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.

I just checked MetaMask to see how it works.
Once you paste an address, it changes to 0xXXXX...XXXX. As shown in the following image, it only shows the first 4 characters and the last 4 characters.



The receiving address is shown in the same way, even on "Confirm" window.

they dont care about security they just want everything to fit in that narrow window at the top right of the web browser i guess.

As you see in the above image, that's the same even in their Android application.
They can show more characters and the address still fits in the recipient address field. But they don't do that.

[nc50lc]

-snip- all i could see is the XXX....XXX type feedback on the final confirmation for the receiving address.Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.

I just checked MetaMask to see how it works.
Once you paste an address, it changes to 0xXXXX...XXXX. As shown in the following image, it only shows the first 4 characters and the last 4 characters.

Mine shows the full address after I pasted it; and just like larry, just the first and last 4 characters in the confirmation window.
Metamask version 10.10.1 | Monitor's resolution: 1920x1080 px
Images (test network):

	Send Window		Confirmation Window

Anyways, I think it's time to create another thread to continue the discussion about MetaMask.

[odolvlobo]

Anyways, I think it's time to create another thread to continue the discussion about MetaMask.

Yes, please. This has absolutely nothing to do with Bitcoin.

[larry_vw_1955]

Anyways, I think it's time to create another thread to continue the discussion about MetaMask.

Yes, please. This has absolutely nothing to do with Bitcoin.

Metamask has nothing to do with bitcoin yes. but it is tangentially related to the tangent discussion of how many letters in an address are needed to guaranteee no clipboard malware. apparently the answer is 4 letters in front and 4 at the end. for ethereum anyway. which is why i had said that when i send btc, that's what i check and nothing more.

[o_e_l_e_o]

but it is tangentially related to the tangent discussion of how many letters in an address are needed to guaranteee no clipboard malware. apparently the answer is 4 letters in front and 4 at the end.

That's not correct. Checking 8 characters makes it unlikely you will fall victim to clipboard malware for now, although the required number of characters to be relatively safe will continue to increase as malware becomes more sophisticated, vanity generators more efficient, and hardware more powerful. If you want to guarantee you have not fallen victim to clipboard malware, then the only right answer is the check the full address.

Again, this takes <10 seconds to do. I don't understand why people make such a song and dance about it. In the time it takes you to write a single post saying that you think checking the whole address in unnecessary, you could have checked the whole address for your next 10 transactions.

[larry_vw_1955]

Again, this takes <10 seconds to do. I don't understand why people make such a song and dance about it. In the time it takes you to write a single post saying that you think checking the whole address in unnecessary, you could have checked the whole address for your next 10 transactions.

well as has been illustrated, you cant always check the full address on the confirmation screen for some software wallets. yes the example came from an eth wallet but the point remains. if you're going to use that particular wallet, you have to accept that risk.

[capedbaldy]

well as has been illustrated, you cant always check the full address on the confirmation screen for some software wallets. yes the example came from an eth wallet but the point remains. if you're going to use that particular wallet, you have to accept that risk.

The confirmation screen does not show 1 full address line but only the beginning and end of the wallet address. If you are careful, it is helpful to match and verify with the recipient or deposit address.

I made a simple attempt to avoid the clipboard address malware issue:
- make sure you never install any app other than the official website, it is most likely infected with malware and other viruses.
- use "click" automatic copy of address to paste notepad or Google Chrome browser search bar (if using metamask) before pasting in the submit field.
- if possible, copy the address again in the confirmation text and CTRL+V in notepad to verify again with the previous address.

I always apply the steps above when making deposits and withdrawals by checking addresses carefully, so I never face any errors.
 

[erep]

The confirmation screen does not show 1 full address line but only the beginning and end of the wallet address. If you are careful, it is helpful to match and verify with the recipient or deposit address.

I made a simple attempt to avoid the clipboard address malware issue:
- make sure you never install any app other than the official website, it is most likely infected with malware and other viruses.
- use "click" automatic copy of address to paste notepad or Google Chrome browser search bar (if using metamask) before pasting in the submit field.
- if possible, copy the address again in the confirmation text and CTRL+V in notepad to verify again with the previous address.

I always apply the steps above when making deposits and withdrawals by checking addresses carefully, so I never face any errors.
 

Simple concept to avoid clipboard malware but very useful when sending large balance transactions, many cases have happened where someone didn't notice the change of address when pasting the address in the send field but different from the copied address, without following the steps to verify the address described above, then they made the mistake of sending the balance to the address of the clipboard malware.