Whether it’s for trucker protests or defending against an invasion: crypto addresses need to be validated
Fundraising via cryptocurrency is officially a thing, in fact it has been going on for years.
Whether you supported or were hostile to the truckers, we are now seeing crypto crowdfunding being utilized in the Ukraine, where the government there is actively soliciting crypto donations as they defend against a literal military invasion.
To follow up on @VitalikButerin‘s tweet, I’ve confirmed directly with Ukrainian Ambassador @olex_scherba that the addresses are correct and in the control of the Ukrainian govt. Give!!! Defending free and open societies may be the best thing we ever do with our BTC and ETH…
— Tomicah Tillemann 🇺🇦🇺🇦🇺🇦 (@TomicahTD) February 26, 2022
(Twitter is not the best way to assert and validate crowdfunded crypto addresses)
In both cases, there was and will continue to be confusion around whether a crypto address is really controlled by the entity or cause one wishes to help, or by some opportunistic criminal hijacking the goodwill of others.
There is a very simple way to leverage existing infrastructure and protocols where much of the validation is already in place and that is to simply put a TXT record into the DNS zone for the entity seeking funding:
@ IN TXT "btc 357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P" @ IN TXT "eth 0x165CD37b4C644C2921454429E7F9358d18A45e14" @ IN TXT "erc20 0x165CD37b4C644C2921454429E7F9358d18A45e14"
Then, ideally, DNSSEC sign the zone.
All of the Ukrainian government’s nameservers for .gov.ua appear to be within the country, so there’s risk there as well. Ideally they would put a long TTL on the domain and then perhaps move a hidden primary outside the country. But I imagine this is the last thing on their minds right now.
Yes, the better solution would be for the entity itself to quickly stand up a VPS with something like BTCPayserver or CypherpunkPay on it and collect donations via their own subkeys. But unless that’s set up in advance, getting all that in place when there’s tanks in the streets is not realistic.
Yes, there’s Ethereum Name Service (which we’ve been involved with since 2017), but that isn’t widely accessible yet and doesn’t get you to a point where a simple DNS lookup can return the info you need.
Yes, people can stand up fake domains with their own addresses. But people who are actively seeking to validate an address should be able to find the official domain for an entity and go from there.
In the future should a convention like this be adopted there could be a standardized format using a well-known-hostname or standardized TXT record format which could aide discovery.
I’ve always thought we’re at the point where there should be a DNS RR specifically to point to blockchain resources, and there have been some proposals along these lines over the years,
- Blockchain address transparency by Mara Caldeira & Miguel Correia
- An IETF draft proposal to use DANE to associate payment info with email address
- Crypto Addresses as Universal Decentralized Identities by Michael Zima
- My own abortive shot at a BCPTR (Blockchain PTR) RR from 2018.
Re-reading my BCPTR Google Doc (I’ve opened it up for editing if anybody wants to weigh in), there are already things I would change about it, like getting rid for the major/minor numbering scheme I cribbed from SRV recs and simply replace it with a more readable convention. Maybe something that still delineates between the Layer 1 and then optionally specifies a resource on the layer one (like an ERC token on Ethereum).
Anyhoo, that’s overthinking it for now.
We’re entering an age of crypto and entities are going to want to solicit donations via crypto. Here’s a way to raise the bar for the scammers and increase the odds that people’s good intentions get their intended destinations.