|
|
|
|
|
|
by nullc
2175 days ago
|
|
|
> This would be easily detectable, but it does seem like problem with the concept. I think it would be better to describe it as detectable but not practically so. There have been many javascript "bitcoin wallet generators" that defrauded users this way. In both cases where they were backdoored from day one and cases where they changed the code later (sometimes on the fly based on useragent and referrer!) the detection has always been from users noticing their coins were stolen. Its simply too difficult to review a javascript application given the ubiquity of deeply nested superfluous dependencies and toolkits-- and too pointless given that the code can be selectively substituted any any time, so almost no one does the review. |
|
|