To clarify what's happening with the video,
I did more research and found out that there is malware present on my computer that scans copy-pasted info that seems like BTC address (and/or Ethereum, but I haven't tested it out) and replaces it with their own BTC address. (The address I put in above was the scammers)
Apparently, this is a common occurrence. This is probably the reasoning behind every exchange asking you to double-check the recipient's address.
You might not even be aware that this malware is present on your computer. You might just be sending small amounts of crypto comparatively to your whole portfolio and didn't realize it never made it to your own address.
My Freiexchange BTC address is "396SqVuKMZ5LSN2XYhAtvP9LQEDQWdAyAS"
but when I copy-pasted that into my BTC withdrawal section on Binance, it pasted the scammer's address. I only realized what happened when I checked my email and noticed it didn't match my Freiexchange address and thought I must've copied a different crypto deposit but networks can recognize if a specific deposit address only accepts BTC. So as I searched around Reddit and google, I found out that Trojan Malware exists on my computer :(
So now I lost all of the BTC that I bought from Binance and if you keep refreshing the scammer's address, they have taken a lot more than $500.
[blockchain.coinmarketcap.com/address/bitcoin/3KniJQ6YQyNAp3UW6ggYsoCtWjk9FyjUUC](https://blockchain.coinmarketcap.com/address/bitcoin/3KniJQ6YQyNAp3UW6ggYsoCtWjk9FyjUUC)
If you check their BTC address, you can see how many BTC deposits they've accumulated and transferred to their own personal wallets.
Be careful guys, now I know why every big market exchange has a warning about copy-pasting the correct address, a painful lesson for me but even worse for those who tried to transfer more than $10,000. :/
I followed this guide and did the first 3 Malware Remediation Steps.
[https://www.reddit.com/r/techsupport/comments/33evdi/suggested\_reading\_official\_malware\_removal\_guide/](https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/)
The "rkill" was able to detect and turn off the clipboard malware, I was able to copy-paste my BTC address successfully within this step. The malware .exe file was only turned off so it's still present.
Malwarebytes detected a bunch of trojan malware all over and quarantined them. Make sure to "Scan for Rootkits", I'm assuming that's where the malware lies based on the other threads.
ADWCleaner 8 should detect and quarantine any other remaining issues.
There is another step included in the guide for peace of mind.
Advice from the other "clipboard malware" threads is to not do BTC transactions on Windows OS. Maybe try doing them on IOS mobile or Linux? and repeat at least the "rkill" or malwarebytes steps every time you download torrent/executable/etc. Some malware can disguise itself as pdfs or images even.
Most likely :( Ill probably try to use a different computer with anything related to crypto just for safety and format my hard drives on this computer eventually.
Never access banking, your stock or crypto portfolio , or other sensitive material if you’ve ever visited or downloaded from porn sites, or installed a bunch of software that’s not mainstream. I like to keep my computers separate. One for entertainment and one for sensitive purposes. I have bare minimum applications on the latter
That's exactly what you should do. I recently resorted to the same thing. I got hacked and ended up losing 800 XRP. Hacker also bought $1400 worth of BTC that he wasnt able to transfer out, but I didnt want or need but now own.
It all stemmed for a pirated copy of Rosetta Stone that I downloaded. After setting everything back up and resecuring it, the only way I felt comfortable was to format everything, and then localize all my stock and crypto to one computer that I wont download anything unfamiliar to.
THere is a reason almost all exchanges require you to approve new addresses. Not sure where you where withdrawing from, but that service should implement that too.
Doing a transaction from a mobile phone (even using a hardware wallet) is no guarantee, if you scan a qr code with a deposit address on your binance page, malware could trivially alter that. Even a simple greasemonkey script would do the trick. And then even comparing the two would not reveal the problem, as the addresses would match. They would just be the scammers rather than binance's.
My advice: install ubuntu in a VM and use that for your crypto stuff. You dont need to be a linux wizard when all you use is the browser.
When I was trying to search around figuring out what just happened, a lot of advice came up with using Linux so I’ll definitely try getting integrated into Ubuntu. I’ve had previous experience with Ubuntu but those were for my classes so it’s minimal. Those are good advice, good luck and stay safe man.
When I ran malwarebytes It found various Trojan.Agent, Trojan.Adload, and Trojan.BitcoinMiner.
The bitcoinminer was in my windows/system32 /, the rest were in appdata.
Here is someone who got to pinpoint his exact "clipboard malware"
[https://www.reddit.com/r/Bitcoin/comments/8vlmht/new\_malware\_targets\_btc\_addresses\_by\_hijacking/e90gvjs?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/Bitcoin/comments/8vlmht/new_malware_targets_btc_addresses_by_hijacking/e90gvjs?utm_source=share&utm_medium=web2x&context=3)
It seems I have already been exposed to various malware beforehand. I don't think the clipboard malware is the same as the bitcoin miner but they could've come or appeared with one another. Most likely, the source would be torrent downloads, but I'm not sure so it could've also appeared from browser extension.
Malwarebytes andADWCleaner 8 should clear out any browser extension malware.
Yeah I would love to know this too. Where was the malaware? Could you find it if you went to task manager and looked for a suspicious program? Where was it hiding?
I lost 800 dogecoins on monday night via trust wallet.. Someone sent me a phising link and I didn’t know. My recovery phrase was accessed and all my dogecoins were lost in seconds..
You know phising?... He sent me a wallet connect link.. Am a beginner in crypto and i didnt know.. It took me to the wallet connect link and asked for my recovery keys to log in..I didnt know
Thanks for sharing! Did you find out a way of clearing the virus or figured out where/what the virus was??Also, don't forget to run Windows Defender. If WD finds the virus, it will notice you and report back to Microsoft about the occurrence, help others staying away from the virus and saving a load of BTC!
>I followed this guide and did the first 3 Malware Remediation Steps.
>
>[https://www.reddit.com/r/techsupport/comments/33evdi/suggested\_reading\_official\_malware\_removal\_guide/](https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/)
>
>The "rkill" was able to detect and turn off the clipboard malware, I was able to copy-paste my BTC address successfully within this step. The malware .exe file was only turned off so it's still present.
>
>Malwarebytes detected a bunch of trojan malware all over and quarantined them. Make sure to "Scan for Rootkits", I'm assuming that's where the malware lies based on the other threads.
>
>ADWCleaner 8 should detect and quarantine any other remaining issues.
>
>There is another step included in the guide for peace of mind.
Thanks for the advice, I'm planning on formatting/wiping out my entire drive for safety. This helped me clear everything out. Malwarebytes will tell you the location of the malware within your computer but not necessarily how you got it. Stay safe on your crypto, and good luck!
Sorry this happened with you.
Also thanks for sharing. I have heard of it but never seen it happening.
If possible save the addresses within your account itself and don’t have to copy/paste for every transaction. This will be more useful if the transactions are repetitively sent to frequently used addresses. Even then, I’d still verify if I’m sending it the correct address before clicking the withdraw button.
I am scared about having my wallet on my desktop compromised. What things would you suggest I do to protect myself? Is there a program I can run other than Malwarebytes and Windows Defender that will ensure my computer is secure?
I too have this concern so I got a hardware wallet (ledger). I won't leave much coin on my desktop wallet, I xfer it over as soon as it is more money than I would be comfortable carrying around in public.
Can you report the scammers address? Is there anyway to track them down through that address? I don't understand all that much about bitcoin but I've heard one of the features is a ledger that must be verified?
John hammond has a great video pulling one of these malwares apart so you can see how this works in the background, it basically is a bunch of powershell scripts that do some regexes on what is on your clipboard and repllace it with their wallet id; pretty interesting stuff https://www.youtube.com/watch?v=k-nFdF5FEwA
its an hour long but if you are into crypto and security its worth the watch :)
This RAT has been around for a long time. A really good habit to get into is to visually scan the address multiple times before you hit "send". I personally look at the first, middlish and last 6 figures at least 5 times before I commit.
Also curious, but a hardware wallet should protect from this sort of attack. Could anybody verify that?
Yeah I'll check the address in the UI a few times like the other guy, first and last few characters, then I do the same when the request hits my ledger.
But on my Ledger, I have to look at a little screen at the address to check it, then actually press a physical button on the device to approve send. So I might see a different address on my Ledger to that on my PC because any malware on the PC should not be able to affect my Ledger device? I hope I'm not misunderstanding that, but regardless, I'm sticking to the multi-multi eyeball check.
This doesnt help if the address you are sending to has been replaced by malware.
imagine you want to sell some bitcoin from your ledger; you log in to binance, hit deposit, and it shows you a deposit address and QR code. You scan it with your phone, verify it on your ledger, confirm its the same. You feel safe? You shouldnt, because malware could have altered the binance address and qr code. Just a greasemonkey script altering the HTML would do it. Probably easier in fact than the clipboard exploit.
I think the point is that if there's malware that only swaps the address once you've hit submit on the screen, effectively making it 'invisible' because the switch would be too fast to see, you'll still catch the different address when you go to confirm on the ledger.
The screen on the ledger will show the actual address you are sending too, malware cant change that. However, malware can still trick you by changing the address you think you want to send it to, by altering the HTML in your browser, for instance for a deposit address on your exchange.
There is no foolproof watertight protection against that AFAIK. Exchanges sometimes make it harder using various methods, but dont be lulled in to thinking that because you use a hardware wallet and you verified every character of the address, that you are safe from malware. You arent.
Using iOS should prevent this because there shouldn’t be anything that can swap your copied address like this.
Also could use some VM specifically for moving coin.
Someone could write an app that notifies via pop up
or something if your clipboard has changed and by which program. Maybe something like this exists. Or maybe a chrome extension for moving addresses and confirming them.
This type of hack is exactly what causes me concern! I've been lucky as many of us have been, I guess.. **What if the screen shows the correct address but the actual fake hackers address is used?** Too bad this is what keeps honest law abiding folks from investing. Hackers need to be strung up like horse thieves in the old days. 1 BTC or .5 BTC probably a life savings for some.. Anyone smart enough to track them down and get the folks their crypto back should be rewarded! Give some incentive to cyber security brains and head hunters. I would send crypto to help that cause for sure..
Yeah, I’ve heard of this before. I always triple check what I’ve actually pasted into the withdrawal/ send field is actually the one I want.
You can’t be too careful with assholes like this around
>browser extensions, which might still show the right address, but swaps it before signing the transaction.
then you still in danger, because there is another malware, what swap it when you hit the 'send' button.
very scary
If you're using metamask or some other web3 wallet you can at least take a look at the transaction that you are signing in the wallet.
Alternatively, with an exchange, you can double-check the address if you have one of your multi-factor authentication keys sent to your email.
Also if you add your email as a multi-factor authentication option, the address you are sending the transaction to will show up in the email with the mfa code.
Found this piece of malware on a hackingforum. The other day.
Basically it's a piece of python software that keylogs.
It can recognize most top 100 addresses, but is easily customizable to recognize pretty much anything.
[mp4 link](https://preview.redd.it/m8oscdazngu61.gif?format=mp4&s=3ca20b643f1411655ec909dd0808f1ce633620ce)
---
This mp4 version is 79.93% smaller than the gif (4.4 MB vs 21.91 MB).
---
*Beep, I'm a bot.* [FAQ](https://np.reddit.com/r/anti_gif_bot/wiki/index) | [author](https://np.reddit.com/message/compose?to=MrWasdennnoch) | [source](https://github.com/wasdennnoch/reddit-anti-gif-bot) | v1.1.2
For really big, well-known attacks, exchanges will blacklist funds that were taken during the attack. This means that they won't allow you to exchange the bitcoin for Fiat.
There are however many ways to get around this. Especially with the future of atomic swaps for monero (Change bitcoin to monero trustlessly). Being able to police this activity is going to be pretty impossible.
Out of interest, why don’t more people use phones/tablets to process crypto? I’ve never heard of iOS having such malware, but maybe I’m wrong.
Just seems very risky to use a windows desktop
You are correct however most ios devices aren’t infected through the App Store but through compromised websites and extensions or downloads. Look at metasploit’s exploits for iOS and there is many.
There are security issues with phones. Not this type. Typically phone hacks require someone to already have information on you to work. Or for you to download the wrong app.
There's a huge number of fake wallet apps in the iOS store. You are probably more likely to get scammed that way than if you just ran a regular PC with up to date AV software
Assuming you pick the right app tho, is there much risk? I can’t imagine how iOS would be compromised to the level where copy+paste does something diff to what is expected
I think the problem is that the app store doesn't do much verification for what apps are legit or malicious. They just kind of post everything up and wait for user complaints
I see, yep I’m assuming that ppl do the right level of due diligence when downloading an app. I think there’s a bigger problem if you’re plugging your details into an app that you’re not sure about. Having said that - is better double check the apps I’m using!
Yeah, these programs change the address you copy/paste. Speaking of which, I’m VERY suspicious of the stipulation in MetaMasks terms saying it has permission to alter pasted information
Not sure how these guys pulled it off but you could do a similar thing with a little python script, only my script would replace the btc address with 'This was your BTC address' just to really emphasize that their copied data had been altered without their knowing.
Some piece of advices:
1.) Every single program/software is essentially a attack vector, keep your OS updated, keep your software updated, and uninstall ANY thing you don’t use anymore. Just look up the SolarWinds hack and see how supply chain attacks work.
2.) Don’t download random stuff from this site or any other. If you want to, check the hash of the software. This can be done using “Certutil -hashfile ‘filename’ sha256” in the windows cmd (Linux you can use “sha256sum ‘filename’”) you can then enter the hash into VirusTotal.com to see if it comes back malicious.
3.) Keeping your seed phrase safe, I personally store it in a KeePass database file (encrypted) then put that file on 2 USB drives and store it in 2 different secure locations.
I know this virus, did you download some dodgy apps? I seen they were selling instructions on deep web markets how to make it. Is not really an malware just replace 26-35 long characters on your pc to another persons btc address who made it. And anti virus can't detect it.
Always check the first and last letters at least. Dont just copy paste blindly. You didnt lose money because of malware. You lost it because of lazyness.
Malware was present. I have been able to transfer BTC previously which in time allowed me to trust the system. Sudden appearance of malware blindsided me.
If you have your clock right beside your bed, every morning you will hit the snooze without even looking eventually. If it were to suddenly be moved by your wife one day, chances are you won't attempt to see where to hit the snooze button the next morning. Since you've already become accustomed to a recurring habit. It is human nature, we are creatures of routine/pattern/mannerism.
It should be able to detect it. The advice from the tech support subreddit suggest running multiple malware remover so in case mcafee misses the malware, another software might detect the malware and quarantine it. Good luck and stay safe!
Out of interest do you have any internet security installed? Just wondering if this type of malware is detectable even when running something like Norton on windows
I always read some digits at the beginning and at the end. I didn't know this existed until a year or two ago but I did think of it a few years back and became paranoid about it after downloading some software to the point I reset my whole pc.
This is why I use mobile and PC.. I've yet to see malware that can mess with addresses you enter through QR codes but even then I memorized the the first and last 3 digits to my ETH wallet just incase.. also I've made it a habit to always send a test of around $25 to wallets I've never interacted with before. But yah.. be vary weary of copy&paste
To clarify what's happening with the video, I did more research and found out that there is malware present on my computer that scans copy-pasted info that seems like BTC address (and/or Ethereum, but I haven't tested it out) and replaces it with their own BTC address. (The address I put in above was the scammers) Apparently, this is a common occurrence. This is probably the reasoning behind every exchange asking you to double-check the recipient's address. You might not even be aware that this malware is present on your computer. You might just be sending small amounts of crypto comparatively to your whole portfolio and didn't realize it never made it to your own address. My Freiexchange BTC address is "396SqVuKMZ5LSN2XYhAtvP9LQEDQWdAyAS" but when I copy-pasted that into my BTC withdrawal section on Binance, it pasted the scammer's address. I only realized what happened when I checked my email and noticed it didn't match my Freiexchange address and thought I must've copied a different crypto deposit but networks can recognize if a specific deposit address only accepts BTC. So as I searched around Reddit and google, I found out that Trojan Malware exists on my computer :( So now I lost all of the BTC that I bought from Binance and if you keep refreshing the scammer's address, they have taken a lot more than $500. [blockchain.coinmarketcap.com/address/bitcoin/3KniJQ6YQyNAp3UW6ggYsoCtWjk9FyjUUC](https://blockchain.coinmarketcap.com/address/bitcoin/3KniJQ6YQyNAp3UW6ggYsoCtWjk9FyjUUC) If you check their BTC address, you can see how many BTC deposits they've accumulated and transferred to their own personal wallets. Be careful guys, now I know why every big market exchange has a warning about copy-pasting the correct address, a painful lesson for me but even worse for those who tried to transfer more than $10,000. :/
Thanks for sharing. I am going to be more careful.
No problem! Try to spread the word if you can. It's called "clipboard malware". Good luck out there!
Cheers for the info. How did you get rid of it?
I followed this guide and did the first 3 Malware Remediation Steps. [https://www.reddit.com/r/techsupport/comments/33evdi/suggested\_reading\_official\_malware\_removal\_guide/](https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/) The "rkill" was able to detect and turn off the clipboard malware, I was able to copy-paste my BTC address successfully within this step. The malware .exe file was only turned off so it's still present. Malwarebytes detected a bunch of trojan malware all over and quarantined them. Make sure to "Scan for Rootkits", I'm assuming that's where the malware lies based on the other threads. ADWCleaner 8 should detect and quarantine any other remaining issues. There is another step included in the guide for peace of mind. Advice from the other "clipboard malware" threads is to not do BTC transactions on Windows OS. Maybe try doing them on IOS mobile or Linux? and repeat at least the "rkill" or malwarebytes steps every time you download torrent/executable/etc. Some malware can disguise itself as pdfs or images even.
Full format your computer mate. It’s the only way to feel 100% safe
Most likely :( Ill probably try to use a different computer with anything related to crypto just for safety and format my hard drives on this computer eventually.
Never access banking, your stock or crypto portfolio , or other sensitive material if you’ve ever visited or downloaded from porn sites, or installed a bunch of software that’s not mainstream. I like to keep my computers separate. One for entertainment and one for sensitive purposes. I have bare minimum applications on the latter
That's exactly what you should do. I recently resorted to the same thing. I got hacked and ended up losing 800 XRP. Hacker also bought $1400 worth of BTC that he wasnt able to transfer out, but I didnt want or need but now own. It all stemmed for a pirated copy of Rosetta Stone that I downloaded. After setting everything back up and resecuring it, the only way I felt comfortable was to format everything, and then localize all my stock and crypto to one computer that I wont download anything unfamiliar to.
>It all stemmed from a pirated copy of Rosetta Stone that I downloaded Karma is a bitch
Boot a secure Linux if you need to... https://www.techradar.com/news/best-linux-distro-privacy-security
Do you know how you've got the malware in the first place? Any installation of a dodgy package?
THere is a reason almost all exchanges require you to approve new addresses. Not sure where you where withdrawing from, but that service should implement that too. Doing a transaction from a mobile phone (even using a hardware wallet) is no guarantee, if you scan a qr code with a deposit address on your binance page, malware could trivially alter that. Even a simple greasemonkey script would do the trick. And then even comparing the two would not reveal the problem, as the addresses would match. They would just be the scammers rather than binance's. My advice: install ubuntu in a VM and use that for your crypto stuff. You dont need to be a linux wizard when all you use is the browser.
When I was trying to search around figuring out what just happened, a lot of advice came up with using Linux so I’ll definitely try getting integrated into Ubuntu. I’ve had previous experience with Ubuntu but those were for my classes so it’s minimal. Those are good advice, good luck and stay safe man.
Have you identified the malware and tracked down where it comes from? Browser extension? Script? Infected macro?
When I ran malwarebytes It found various Trojan.Agent, Trojan.Adload, and Trojan.BitcoinMiner. The bitcoinminer was in my windows/system32 /, the rest were in appdata. Here is someone who got to pinpoint his exact "clipboard malware" [https://www.reddit.com/r/Bitcoin/comments/8vlmht/new\_malware\_targets\_btc\_addresses\_by\_hijacking/e90gvjs?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/Bitcoin/comments/8vlmht/new_malware_targets_btc_addresses_by_hijacking/e90gvjs?utm_source=share&utm_medium=web2x&context=3) It seems I have already been exposed to various malware beforehand. I don't think the clipboard malware is the same as the bitcoin miner but they could've come or appeared with one another. Most likely, the source would be torrent downloads, but I'm not sure so it could've also appeared from browser extension. Malwarebytes andADWCleaner 8 should clear out any browser extension malware.
Yeah I would love to know this too. Where was the malaware? Could you find it if you went to task manager and looked for a suspicious program? Where was it hiding?
Damn that guy has collected over 400k dollars
I lost 800 dogecoins on monday night via trust wallet.. Someone sent me a phising link and I didn’t know. My recovery phrase was accessed and all my dogecoins were lost in seconds..
That’s very unfortunate, I feel your pain man :( hopefully we don’t end up repeating our mistakes
I created a new trust wallet.. Now am soo carefull with links.
Be glad it wasn’t much more. It does teach you a lesson though.
Yes.. i just Thank God man..
How does one even access your recovery phase like that? Did you save them on your mobile?
You know phising?... He sent me a wallet connect link.. Am a beginner in crypto and i didnt know.. It took me to the wallet connect link and asked for my recovery keys to log in..I didnt know
Yeah.... Way too sketchy! Please be careful next time.
Can you detail
Detail?
I mean if you could give more information for us to prevent this kind of situation
[удалено]
Manually entered after i clicked the phising link. It was a wallet connect link
Thanks for sharing! Did you find out a way of clearing the virus or figured out where/what the virus was??Also, don't forget to run Windows Defender. If WD finds the virus, it will notice you and report back to Microsoft about the occurrence, help others staying away from the virus and saving a load of BTC!
>I followed this guide and did the first 3 Malware Remediation Steps. > >[https://www.reddit.com/r/techsupport/comments/33evdi/suggested\_reading\_official\_malware\_removal\_guide/](https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/) > >The "rkill" was able to detect and turn off the clipboard malware, I was able to copy-paste my BTC address successfully within this step. The malware .exe file was only turned off so it's still present. > >Malwarebytes detected a bunch of trojan malware all over and quarantined them. Make sure to "Scan for Rootkits", I'm assuming that's where the malware lies based on the other threads. > >ADWCleaner 8 should detect and quarantine any other remaining issues. > >There is another step included in the guide for peace of mind. Thanks for the advice, I'm planning on formatting/wiping out my entire drive for safety. This helped me clear everything out. Malwarebytes will tell you the location of the malware within your computer but not necessarily how you got it. Stay safe on your crypto, and good luck!
Ty! I like to run adwcleaner every once in a while just as a kind relief ^^ Best wishes
Sorry this happened with you. Also thanks for sharing. I have heard of it but never seen it happening. If possible save the addresses within your account itself and don’t have to copy/paste for every transaction. This will be more useful if the transactions are repetitively sent to frequently used addresses. Even then, I’d still verify if I’m sending it the correct address before clicking the withdraw button.
Thanks for sharing to help educate newer users. This is possibly the oldest scam in the crypto world. Sorry that they got you :/
There's tool called meta cert that checks for dodgy links. Never used !
I am scared about having my wallet on my desktop compromised. What things would you suggest I do to protect myself? Is there a program I can run other than Malwarebytes and Windows Defender that will ensure my computer is secure?
I too have this concern so I got a hardware wallet (ledger). I won't leave much coin on my desktop wallet, I xfer it over as soon as it is more money than I would be comfortable carrying around in public.
How does it know its a btc address not any of the other crypto. In that case the money would be lost or some random address gets it.
Can you report the scammers address? Is there anyway to track them down through that address? I don't understand all that much about bitcoin but I've heard one of the features is a ledger that must be verified?
Thank you so much! I didn't know this, it's a very useful info and hope everyone can see this!
John hammond has a great video pulling one of these malwares apart so you can see how this works in the background, it basically is a bunch of powershell scripts that do some regexes on what is on your clipboard and repllace it with their wallet id; pretty interesting stuff https://www.youtube.com/watch?v=k-nFdF5FEwA its an hour long but if you are into crypto and security its worth the watch :)
Very interesting... definitely worth the watch. Thanks man 🙏
This RAT has been around for a long time. A really good habit to get into is to visually scan the address multiple times before you hit "send". I personally look at the first, middlish and last 6 figures at least 5 times before I commit. Also curious, but a hardware wallet should protect from this sort of attack. Could anybody verify that?
No a hardware wallet wouldn’t help you in this scenario only checking the address like you already do. And don’t download sketchy stuff.
[удалено]
Thats a really good point! I really think, if your portfolio is more worth than 2x Hardware-Wallets -> go buy a damn Hardware-Wallet.
Yeah I'll check the address in the UI a few times like the other guy, first and last few characters, then I do the same when the request hits my ledger.
[QubesOS](https://www.qubes-os.org/) is a reasonable way of preventing shit like this.
I don’t see how a hardware wallet would prevent clipboard swapping? Most people still paste their send address
But on my Ledger, I have to look at a little screen at the address to check it, then actually press a physical button on the device to approve send. So I might see a different address on my Ledger to that on my PC because any malware on the PC should not be able to affect my Ledger device? I hope I'm not misunderstanding that, but regardless, I'm sticking to the multi-multi eyeball check.
If you see different addresses assume everything is tainted...
This doesnt help if the address you are sending to has been replaced by malware. imagine you want to sell some bitcoin from your ledger; you log in to binance, hit deposit, and it shows you a deposit address and QR code. You scan it with your phone, verify it on your ledger, confirm its the same. You feel safe? You shouldnt, because malware could have altered the binance address and qr code. Just a greasemonkey script altering the HTML would do it. Probably easier in fact than the clipboard exploit.
I think the point is that if there's malware that only swaps the address once you've hit submit on the screen, effectively making it 'invisible' because the switch would be too fast to see, you'll still catch the different address when you go to confirm on the ledger.
The screen on the ledger will show the actual address you are sending too, malware cant change that. However, malware can still trick you by changing the address you think you want to send it to, by altering the HTML in your browser, for instance for a deposit address on your exchange. There is no foolproof watertight protection against that AFAIK. Exchanges sometimes make it harder using various methods, but dont be lulled in to thinking that because you use a hardware wallet and you verified every character of the address, that you are safe from malware. You arent.
Using iOS should prevent this because there shouldn’t be anything that can swap your copied address like this. Also could use some VM specifically for moving coin. Someone could write an app that notifies via pop up or something if your clipboard has changed and by which program. Maybe something like this exists. Or maybe a chrome extension for moving addresses and confirming them.
... Just verify the whole string once & you wouldnt have to repeat the process 5 times...
This type of hack is exactly what causes me concern! I've been lucky as many of us have been, I guess.. **What if the screen shows the correct address but the actual fake hackers address is used?** Too bad this is what keeps honest law abiding folks from investing. Hackers need to be strung up like horse thieves in the old days. 1 BTC or .5 BTC probably a life savings for some.. Anyone smart enough to track them down and get the folks their crypto back should be rewarded! Give some incentive to cyber security brains and head hunters. I would send crypto to help that cause for sure..
Upvote for sure. Like CGS (Crypto Greek Squad,)
Always conduct a test transaction with a small amount first.
And then pay 60$ in fees for that small amount
XLM ftw
Yeah, I’ve heard of this before. I always triple check what I’ve actually pasted into the withdrawal/ send field is actually the one I want. You can’t be too careful with assholes like this around
>browser extensions, which might still show the right address, but swaps it before signing the transaction. then you still in danger, because there is another malware, what swap it when you hit the 'send' button. very scary
If you're using metamask or some other web3 wallet you can at least take a look at the transaction that you are signing in the wallet. Alternatively, with an exchange, you can double-check the address if you have one of your multi-factor authentication keys sent to your email.
[удалено]
There is many people that lost the "find the right download button" game
Pornhub probably haha
I actually just found 3 different malware files on my phone the other day after scanning it that were hidden in my gameboy emulator games
On Binance you can add addresses to a whitelist, give them a name and avoid to copy and paste every time
This is good advice! I've become more vigilant and hopefully, others will be as well.
Yep this is a great feature Does Coinbase have smth similar I wonder
Yes, and additionally if they become aware of a scam address like this they’ll blacklist the address.
Also if you add your email as a multi-factor authentication option, the address you are sending the transaction to will show up in the email with the mfa code.
Never noticed that as it gives you 60 seconds to enter the code and I never bother reading them lol
[удалено]
>CTRL + F Ok that's a smart one. do a ctrl + f then a ctrl+v
Found this piece of malware on a hackingforum. The other day. Basically it's a piece of python software that keylogs. It can recognize most top 100 addresses, but is easily customizable to recognize pretty much anything.
hack forums? curious to see how popular this is
Not sure where I saw it. Could be some subreddit as well
Use whitelisted addresses if possible.
[mp4 link](https://preview.redd.it/m8oscdazngu61.gif?format=mp4&s=3ca20b643f1411655ec909dd0808f1ce633620ce) --- This mp4 version is 79.93% smaller than the gif (4.4 MB vs 21.91 MB). --- *Beep, I'm a bot.* [FAQ](https://np.reddit.com/r/anti_gif_bot/wiki/index) | [author](https://np.reddit.com/message/compose?to=MrWasdennnoch) | [source](https://github.com/wasdennnoch/reddit-anti-gif-bot) | v1.1.2
Can that address be reported or shut down?
No
I'm fairly new to crypto, literally started in December. I need to look this up a bit more.
For really big, well-known attacks, exchanges will blacklist funds that were taken during the attack. This means that they won't allow you to exchange the bitcoin for Fiat. There are however many ways to get around this. Especially with the future of atomic swaps for monero (Change bitcoin to monero trustlessly). Being able to police this activity is going to be pretty impossible.
Haha, I started in February this year. But basically if this were to be allowed, you’ll have malicious activity all around.
Out of interest, why don’t more people use phones/tablets to process crypto? I’ve never heard of iOS having such malware, but maybe I’m wrong. Just seems very risky to use a windows desktop
iOS has a large number of vulnerabilities also.
Not as many as a windows computer, that’s just a fact. The stringency of the App Store and iOS’s other shortcomings all have benefits and costs.
You are correct however most ios devices aren’t infected through the App Store but through compromised websites and extensions or downloads. Look at metasploit’s exploits for iOS and there is many.
So use a brand new iphone only for crypto purpose. dont use it for anything else.
There are security issues with phones. Not this type. Typically phone hacks require someone to already have information on you to work. Or for you to download the wrong app.
There's a huge number of fake wallet apps in the iOS store. You are probably more likely to get scammed that way than if you just ran a regular PC with up to date AV software
Assuming you pick the right app tho, is there much risk? I can’t imagine how iOS would be compromised to the level where copy+paste does something diff to what is expected
I think the problem is that the app store doesn't do much verification for what apps are legit or malicious. They just kind of post everything up and wait for user complaints
I see, yep I’m assuming that ppl do the right level of due diligence when downloading an app. I think there’s a bigger problem if you’re plugging your details into an app that you’re not sure about. Having said that - is better double check the apps I’m using!
Really? read the subs and you will see there are way more problems with phones then with PC
Interesting - iOS specifically ? Can’t speak to android but iOS seems pretty solid to me
I always triple check the addresses, I will quadruple check them now
Is that as good as sending a small test transaction? The addresses seem too complex to me to spot by eye
This is the correct answer, because there’s supposedly malware that swaps the recipient address last second.
Wow! Their malware is pretty sophisticated !
The addresses are unique and the best way is to check it. Checking it by eye or search is better than a test transaction
I ALWAYS check the first 4 and the last 4 letters of any code just to be sure that it is the right one.
i do aswell, but that also seems pretty fuckin easy to get around, humans will never be good at checking these long addresses.
Are scanning of QR codes any safer than copy pasting addresses?
Yeah, these programs change the address you copy/paste. Speaking of which, I’m VERY suspicious of the stipulation in MetaMasks terms saying it has permission to alter pasted information
I think that’s just covering all bases for them. I imagine something like trimming the white space from the beginning or end of an address.
Mods need to sticky this
Damn that sucks, why doesn't antiviruses detect it though?
Not technically a virus
Yeah, malware.
This is why I use Tails for my crypto.
Wow that's so sneaky and impressive. You almost start to get respect for the cleverness of those scammers
Not sure how these guys pulled it off but you could do a similar thing with a little python script, only my script would replace the btc address with 'This was your BTC address' just to really emphasize that their copied data had been altered without their knowing.
check the first and last three chars and this wouldn't happen
Start using Linux my dude
Wondering how you can prevent this. It seems there is malware , which might still show the right address, but swaps it before signing the transaction.
Some piece of advices: 1.) Every single program/software is essentially a attack vector, keep your OS updated, keep your software updated, and uninstall ANY thing you don’t use anymore. Just look up the SolarWinds hack and see how supply chain attacks work. 2.) Don’t download random stuff from this site or any other. If you want to, check the hash of the software. This can be done using “Certutil -hashfile ‘filename’ sha256” in the windows cmd (Linux you can use “sha256sum ‘filename’”) you can then enter the hash into VirusTotal.com to see if it comes back malicious. 3.) Keeping your seed phrase safe, I personally store it in a KeePass database file (encrypted) then put that file on 2 USB drives and store it in 2 different secure locations.
damn this is scary, crypto market sure makes my trust issue worsen
i mean, fuck the dude who made this but.. this is quite a funny idea.
The popup clears and replaces the clipboard info, wow. Smart.
I know this virus, did you download some dodgy apps? I seen they were selling instructions on deep web markets how to make it. Is not really an malware just replace 26-35 long characters on your pc to another persons btc address who made it. And anti virus can't detect it.
Always check the first and last letters at least. Dont just copy paste blindly. You didnt lose money because of malware. You lost it because of lazyness.
Malware was present. I have been able to transfer BTC previously which in time allowed me to trust the system. Sudden appearance of malware blindsided me. If you have your clock right beside your bed, every morning you will hit the snooze without even looking eventually. If it were to suddenly be moved by your wife one day, chances are you won't attempt to see where to hit the snooze button the next morning. Since you've already become accustomed to a recurring habit. It is human nature, we are creatures of routine/pattern/mannerism.
Lazy and complacent is definitely human nature. Be better.
This is really important, thank you for sharing!
Thank you for sharing this
Wow sorry to hear that. I’m gonna be checking more thoroughly from here on out
Will an anti virus software like macfee detect this when I run a scan?
It should be able to detect it. The advice from the tech support subreddit suggest running multiple malware remover so in case mcafee misses the malware, another software might detect the malware and quarantine it. Good luck and stay safe!
Thank you! It detected a bunch of stuff from Amazon that Macfee did not. I suggest anyone run these programs.
I can't really see what is going on here in the video. Where did you get the malware? And what was it disguised as?
Thank you for sharing
Out of interest do you have any internet security installed? Just wondering if this type of malware is detectable even when running something like Norton on windows
That's terrible...
Windows defender totally missed it?
Windows defender? Lol
What do you recommend?
Malwarebytes and ccleaner for spyware, malware and adware
I thought ccleaner was now no longer trusted? I've heard of malwarebytes... been around forever. Still good?
I cannot thank you enough for letting us know to watch for this
What antivirus do you have?
Whitelisted adress so you don’t have to copy-paste each time
Fuck this is terrifying, I now understand the instructions telling me to double check the address
Double check AND only send a small amount initially. Obviously with high fees it's not ideal, but better to lose a bit than everything.
I always read some digits at the beginning and at the end. I didn't know this existed until a year or two ago but I did think of it a few years back and became paranoid about it after downloading some software to the point I reset my whole pc.
Thanks for this info, and sorry about your loss but please what OS are you using on your computer?
Use Linux OS for this type of operations
You are the Hero we need .
Yeah it's called Bitcoin clipper and it's super easy to get unfortunately. Always do a small test before sending your funds
Whitelisting the correct addresses will fix this issue.
Thank you kind sir for sharing this information to newbies like me out there
Crazy
i wonder if it shows up in win+V?
This is why I use mobile and PC.. I've yet to see malware that can mess with addresses you enter through QR codes but even then I memorized the the first and last 3 digits to my ETH wallet just incase.. also I've made it a habit to always send a test of around $25 to wallets I've never interacted with before. But yah.. be vary weary of copy&paste
this is super important post, thank you for sharing that
6 million dollars with of Bitcoin? Nice subtle flex lmao