bitkit icon indicating copy to clipboard operation
bitkit copied to clipboard

Published 20 hours ago verified publisher icon synonymdev

[Feature]: Require PIN for payments for transfers made with Manual Setup flow

Open catch-21 opened this issue 4 months ago • 0 comments

Describe the problem

With 'Require PIN for payments' enabled, only regular payments are protected. Now we have the option to send onchain to any LN node (not just Blocktank), it is possible for a malicious actor to use their own LN node to extract funds from the bitkit wallet because this action it not PIN protected.

Describe the solution

It would be good to protect the payment step of the Manual Setup flow with the PIN/Biometric when this setting is enabled. Alternatively, we could add an separate toggle but that is adding to complexity.

Additional context

No response

catch-21 avatar Oct 09 '24 06:10 catch-21