My attempt to prevent private key phishing.
As you're all probably aware, Ethereum wallets and Slack channels have come under some major phishing campaigns and they've worked - a lot of people getting their wallets drained, a lot of people complaining, and a lot of people just don't know why their address is now empty.
I've been chatting to the guys that run MyEtherWallet and we've come up with a solution to help mitigate the phishings to the common user - EtherAddressLookup.
EtherAddressLookup is delivered as a Chrome extension and does 2 main jobs;
Automatically links Ether addresses to your favourite blockchain explorer
Initially, I built this feature for myself. Whilst helping people who were new to the cryptocurrency world, I came across a lot of copy/pasted addresses with no link, and I was becoming a little tiresome having to open a new tab to my favourite blockchain explorer and manually search it - but the users of the extension are finding great use for it also.
We've also implemented the option to highlight matched Ether addresses for easier finding on a crowded webpage - which I personally use, and find it very useful.
Blocks the user from interacting with domains with malicious intent to steal private keys.
The recent events of many users being phished brought us to our next addition to the extension. We wanted a way to mitigate the impact of the phishes, and to do it we've built a blacklist of domains which the extension uses.
Since we are updating it a lot, the extension will grab a fresh copy of the blacklist every 3 minutes and cache the results in your LocalStorage
.
When you land on a web page, the extension then checks the domain you're on to see if it's in the blacklist - if it is, then the extension will prevent you from interacting with the webpage by displaying an alert instead.
The feedback we've gotten back has been great, and we have plans for more features also.
You can download the extension to your Chrome browser here and receive updates automatically, or you can manually install it (though you won't get automatic updates).
I found a malicious domain, how do I report it to you?
You can do 1 of 4 things;
- Open up a new issue on the repo
- Fork the repo , make the change to
blacklists/domains.json
and issue a pull request. - Tweet either @MyEtherWallet or @sniko_ with a link of the domain
- Send a message to us on Slack.
I want to request a new feature/change
We welcome them, open a new issue and describe what you want. We can then discuss your thoughts there.
I want to support you with ETH/ERC20 tokens
You're awesome!
The donation address is: 0x661b5dc032bedb210f225df4b1aa2bdd669b38bc
.
Thanks for reading,
Harry.
Previous post: https://steemit.com/ethereum/@sniko/i-made-a-chrome-extension-to-link-addresses-to-your-favourite-block-explorer-beta
Thank you for all your doing for the ETH comunity :) I wonder how is the blacklist maintained ... maybe some people want to troll and put people on there ... Or how do I get my ETH adress whitelisted and how are you sure I am not a scammer ;)
Thats pretty cool. Any plans to add in other cryptocurrencies? and any plans to release this as a firefox extension?
Thanks :)
Other cryptocurrencies I'm thinking about, but I'm unsure which to release/look at first.
Yep, issue is logged here: https://github.com/409H/EtherAddressLookup/issues/26 show your support there by
:+1:
as a comment. I'm hoping to get to it this weekend, but no firm release date.How do I know that your extension is not a phishing scam?
You can go through the source (https://github.com/409H/EtherAddressLookup) and check it. Then if you don't trust the chrome store, you can install it manually: https://github.com/409H/EtherAddressLookup#manual-installation
Thank you for your excellent work and support to the community by doing this.
Awesome tool!
Im gonna follow, keep up the good work