.bit, an open-source Web3 identity provider of permissionless decentralised identifiers, has followed up its recent warning about the risks surrounding the usage of decentralised identifiers for crypto asset transactions by revealing a powerful tool, .bit Alias that reduces the risks for users associated with sending assets using mainstream crypto wallets and exchanges.
.bit aims to enhance the security and user-friendliness of Web3. The company provides a decentralized identifier that is compatible with multiple chains and supports various asymmetric encryption algorithms for signature verification. Users can use it as a data container and write data on different chains according to their needs, providing more possibilities based on sovereign identity. The .bit Alias feature can convert complex blockchain addresses into simpler and more readable .bit accounts to improve convenience. Due to the compatibility of .bit with multiple chains, users can set a .bit Alias for an address on any chain. By setting a .bit Alias for an address, users can trigger double verification when transferring funds, avoiding risks such as hacker attacks, internal manipulation, program errors, outdated data, and expired DID, preventing assets from being transferred to the wrong address, and ensuring the security of transfers.
How .bit Alias ensures more secure transfers
The asset receiver provides the address and the corresponding .bit Alias to the sender. The wallet or exchange then initiates a .bit Alias Lookup request to the application programming interface (API) service. Once the result is found, the user will be prompted to complete the alias of the receiving address. When the user enters the alias, the wallet or exchange compares the filled-in content with the result of the query and the user can only complete the transfer if the two exactly match. For transfers of small amounts, the wallet or exchange can only prompt to confirm the name of the alias of the receiving address is correct.
This method is somewhat similar to fiat currency transfers in the traditional world banking system. When transferring money in legal currency in the traditional banking system, transfer errors are of little concern as it is necessary to enter the other party’s matching bank account number and name simultaneously and if there is a mismatch, funds will eventually be returned. Using .bit as an auxiliary verification method when sending assets achieves the same effect while keeping all the data on chain. When the application finds that the .bit Alias completed by the user is inconsistent with the query result, it will not allow the user to continue sending assets
Upon recognizing and studying the risks, .bit also provides recommendations for all parties as below:
1. For wallets or exchanges:
- Disable the function of directly sending or exchanging assets using DIDs;
- Use solution such as .bit Alias for securer assets sending or exchanging, referring to the guideline at https://dotbit.notion.site/bit-Alias-Interaction-Design-Guidelines-b8e8718dd0554e17b5e31a196b8e7ed5 .
2. For asset recipients:
- Set a .bit Alias for your own address;
- Provide both the blockchain address and the corresponding .bit Alias to the sender when receiving the asset.
3. For asset senders
- Avoid direct assets transfers using DIDs;
- Use a wallet/exchange that has upgraded its security level for its users’ assets.