firoorg / firo

The privacy-focused cryptocurrency
https://firo.org
MIT License
720 stars 355 forks source link

Better warning message against scammers on dumpprivkey command #1351

Open nrsimha opened 11 months ago

nrsimha commented 11 months ago

Recently I have seen 2 different users asking in Firo Telegram group how to dum private keys and they mentioned admin/support asked them to do. Although there is already warning, it could help if warning will be more visible.

Currently when user uses dumpprivkey ADDRESS he sees this warning:

WARNING! Your one time authorization code is: XXXX
This command exports your wallet private key. Anyone with this key has complete control over your funds. 
If someone asked you to type in this command, chances are they want to steal your coins. 
Firo team members will never ask for this command's output and it is not needed for Znode setup or diagnosis!

Please seek help on one of our public channels. 
Telegram: https://t.me/firoproject 
Discord: https://discord.com/invite/TGZPRbRT3Y
Reddit: https://www.reddit.com/r/FiroProject/

(code -1)

It could help against scams to make warning more visible and warn against people preteding to be admin/support:

WARNING! 

!!!!!! 

Possible SCAM ALERT!!! If someone asked you to type in this command, chances are they want to steal your coins.

Often scammers pretend to be support or admin trying to steal your Firo like this. Don’t share anything with them!

!!!!!!

Firo team members will never ask for this command's output and it is not needed for Masternode setup or diagnosis!

Your one time authorization code is: XXXX
This command exports your wallet private key. Anyone with this key has complete control over your funds. 

Please seek help on one of our public channels. 
Telegram: https://t.me/firoorg 
Discord: https://discord.com/invite/TGZPRbRT3Y
Reddit: https://www.reddit.com/r/FiroProject/

(code -1)
justanwar commented 9 months ago

Unfortunately users will continue doing this regardless of how big we make the warning text :(

As for why dumpprivkey, the issue I think is somewhere out there there is a guide that uses this method to backup. Which we all know only backs up one address and not the whole wallet.