Address Spoofing

While the Casa system is highly secure, the user still needs to obtain a destination address for each transaction from an exchange or wallet outside Casa’s systems. Malware on a user’s computer could theoretically cause their web browser or other communication software to display an incorrect address. This would defeat the security of any storage system, as it occurs outside of that system.

Mitigation:

  • Use of a mobile app mitigates browser extension based address modification.

  • We re-derive receiving addresses independently on both server and mobile device. The app will throw an error if there is a mismatch between server and mobile device.

  • Use of Casa’s Sovereign Recovery tool allows an external validation of addresses. We are working on improved methods for this secondary check.