[feature]: adding a "recovery section" to the wallet to allow burns to DC for compromised wallets

[nosmaster89]

feature

after helping someone the other day from discord who had given up their seed keys to a scammer, i gave the person advice on transferring their hotspot out of their wallet, the scammers had already flushed the hnt from the wallet , this person had to move funds into the wallet to remove the hotspot. the scammers know this hnt is needed for the transfer so they sit waiting for hnt to enter the account and attempt to remove it before the hotspots have been transferred . this can be solved by adding the ability to burn hnt from a new "safe" wallet to the compromised wallet . meaning those funds are not at risk . everything went smoothly for this person but had the chain had a hiccup at that time or the app had issues the scammers could have beaten the victim to the newly transferred hnt.

its a-bit like going to the bank to say you lost your bank card and pin number . then they tell you to pay in money to secure your account .

I have been told this would be technically possible for the new app to do as its a similar transaction to voting .

---

after doing a bit more thinking on this rather than this be a Normal thing to do in the app i think this would be better suited to a recovery tab , this would ensure that people are aware of its function and could also be a better place to display instructions to a user other than a website , people may not have access to another device at the time they need it . and with the app resetting if you jump to other apps like a browsers to read the instructions . there should be a tab dedicated to securing compromised account , that list the steps required , asking the user to input the amount of hotspots they need to transfer out of the compromised wallet so they only burn the needed amount. this would ultimately change the flow of the securing procedure currently its:

1.open a new wallet 2.transfer hotspots to the new wallet , leaving the funds vulnerable during this process.

3. move remaining funds if possible ,( currently a smart scammer would instantly try to transfer just under the balance total to ensure the transaction doesn't collide with the transfer and fail lack of funds).

in my new proposal the order would become: 1.open a new wallet.

2. secure all funds from the compromised account. this leaves the hotspot protected as no funds exist to transfer it out.
3. move required DC into the account from the new wallet.

the only downside that still exists is the hotspot could be transferred out by the scammer to a new wallet when dc hits the account. but i do not see any way of stopping this without a flag on the blockchain

[kellybyrd]

Following up here, I made the suggestion to the OP that he file a ticket. What is being asked is some UI around the ability to burn some DC from the current wallet to a destination payee. In the "scam recovery" case it would be: log into new wallet, burn HNT in new wallet with a payee/destination of old wallet, then log into old wallet and use that DC to transfer hotspots.

Since DC is not transferable, the UI should probably have warnings around it to prevent folks from doing this accidentally and not being able to transfer the DC out of the destination wallet.

[nosmaster89]

having a look into the dc burn from the console the console creates a json {"type":"dc_burn","address":"112qB3YaH5bZkCnKA5uRH7tBtGNv2Y5B4smv1jsmvGUzgKT71QpE","amount":"0.00117727","memo":"TNfCVxNuMBw="} that i then assume gets sent to the consoles wallet and the memo would be used to assign to the account on the console . i dont think this would be needed aslong as the new app is capable of creating dc_burn transactions. i think this would be sufficient , but i agree with kellybyrd that there needs to be warnings , or a limit to the amount of dc that can be burned in a single transaction ,

EDITED to add the photo this is the kind of transaction i think this can stop. where the scammers sit in wait for the hnt to hit the account

[waveform06]

Maybe this could alternatively/additionally be implemented by a vendor app if Helium decides not to do it. Its been mentioned that vendors could implement a new discovery function so is this a similar transaction?

Burn HNT from wallet 1 to DC in wallet 2 is exactly what the vote function does

[kellybyrd]

Maybe this could alternatively/additionally be implemented by a vendor app if Helium decides not to do it.

Huh, that feels weird from a user perspective. The vendor apps are supposed to not be wallets, just hotspot management tools. Yes, I know with the new deep-linking and "hey wallet, please sign this txn" features it is technically possible to do it from a vendor app, but it just feels like it is in the wrong place to me.

[waveform06]

Huh, that feels weird from a user perspective. The vendor apps are supposed to not be wallets, just hotspot management tools. Yes, I know with the new deep-linking and "hey wallet, please sign this txn" features it is technically possible to do it from a vendor app, but it just feels like it is in the wrong place to me.

I dont disagree with you what people could think about this. But vendor apps will already will do something similar to this when you do a 2nd location assert with a vendor app. They burn HNT from wallet 1 so are accessing from your wallet using deeplink.

[nosmaster89]

dc burn has now been added to the new wallet so this feature has been implemented to a degree