The creator of XRP tipbot, Wietse Wind upgraded the security of the tip bot which would otherwise allow attackers to claim tips of unclaimed Twitter handles.
Wietse Wind tweeted:
“I just added some @xrptipbot security. On changing your Twitter handle, the TipBot offers you to migrate your balance (from your old to your new handle). However, if someone would forget to do this, an attacker could register the old handle and claim the balance. Not anymore”
The issue with the tipbot was noticed by @michahesse and informed to Wietse Wind, which was rectified by upgrading the security. After the new update, the users who change their handles have to update their donation QR codes and even the destination tags.
This will help the users to retain the tips in their accounts and make sure that attackers will not take advantage of this loophole. The security update came with a bug which was again notified by the users to the creator leading it to be fixed.
The tipbot allows users to tip XRP on Twitter and Reddit with just their handle names. The creator had said earlier that he was enamored by XRP after watching an interview of Ripple’s CTO, David Schwartz.
A Twitter user, @Vigril_Hawkin asked Wietse:
“Strictly out of curiosity. If one were to change their handle and it was then taken by another does the @xrptipbot then freeze that account as it was at the time of the change and then a “new” account is created for the person who claimed that handle?”
“Exactly. And then, when the user with the changed handle logs on with they new handle the TipBot offers a migration of the balance.”
Another user, Kryptonian_23 asked:
“Would someone be ass out if they had their Twitter account banned, and never was able to get the ban lifted?”
Wietse answered the above saying:
“That would be a problem, yes. However, most users that had this happening to them got their funds back by me manually verifying and sending them back. If they deposited from a personal account instead of an exchange, so I can verify if they have access to the account”
The tip bot has come a long way from a normal tipbot to updates that allow users to open a paper account directly on the tipbot. Prior to this, the users would have to connect their Twitter or other social media accounts to create a new account, but the update on November 20 changed that.
Wietse Wind has become an important member of the XRP community after creating tipbot. Moreover, Wind has plans to start a new software company that develops useful products like the XRPtipbot using or consumer-oriented tools that are currently needed, but absent for the XRP Ledger.
The post XRP Tip Bot security upgraded; prevents attacks on unclaimed Twitter handles and loss of tips appeared first on AMBCrypto.