Be cautious when copying wallet addresses

Dave1

hero member

Activity: 1414

Merit: 542

Quote from: Ambatman on April 06, 2024, 02:51:23 PM

I made same post in Altcointalk.
Can't really start writing another different speech so will do well to copy it here.

Quote

I never knew this was possible so usually just copy the address and send without confirming much. Well turns out that was a big mistake on my part. Never knew that clipboard can do such. I don't know if it's a malware, I ended up using an address that wasn't mine and funny holds some units of Bitcoin.

Still confused how something like this could happen, but try to be cautious and don't feel too lazy to cross check your address before sending or posting. Recall Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone. You can tell the wallet address it went to but not the owner. Except they are careless, which I doubt they are

.

I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

Yes, this is the obvious copy and paste malware that has been plaguing us crypto enthusiast for years as we have been a target by criminals criminals by creating this malware and then uses a lot of ways to get to us.

As for the phone or hardware wallet, the latter is the better, it's better design to hold our coins for longer and security is very high as compare to a mobile phone that you don't know might break in the next couple of years.

acroman08

legendary

Activity: 2436

Merit: 1104

Quote from: Charles-Tim on April 06, 2024, 03:02:53 PM

Exactly. Even dust attack and address poisoning is possible on clean devices. But the one that has been reported led to coin loss is address poisoning as the attacker make use of address similar to the victim's address.

I've read about this before here in the forum, o. This scam, the scammers are relying on the person carelessness to fall victim to their trap. this is why it's important to always double check(as you have mentioned on your previous post) the addresses before making the transaction.

Faisal2202

hero member

Activity: 1386

Merit: 513

Payment Gateway Allows Recurring Payments

Quote from: Ambatman on April 06, 2024, 02:51:23 PM

I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

I must say you are new to the crypto sphere because this method of stealing money has been in the market for a long time. Many have been affected by it and lost a hell lot of money. I hope you did not lose much. I can't agree more with you on the fact that we should not be lazy and double-check the wallet address especially when the TX is big. I normally double-check the address fully when the tx is big otherwise I only check the last digits.

Oh, I just remembered you did not said, or suggested to check the whole address. as you are new to the field (I assume) I must say, that there is another hack type, in which hackers even have the ability to make addresses that have the same letters as of yours only the first and the last words are the same other words are not. So, people who only check the first and last should also check the full address.

PS: I had forgotten the term that was used for this hack, can anybody recall plz?

GeorgeJohn

hero member

Activity: 1498

Merit: 711

Enjoy 500% bonus + 70 FS

I don't know why some people find it very difficult to observe their crypto wallet before the copy out to the wallet address and paste to person then want to test it to so for me it is not much problem for someone to cross check and also take a proper precaution of cryptocurrency investment so I believe that is better for we to understand the system by ourself before we can be able to enter into a problem because I have not seen anything wrong for someone to copy each address wrongly and paste, where I noticed that there is some problems when the come to a platform is all this exchange someone coming to your wallet so when you copy the wallet and you copy the wrong one so it is only exchange a such happen but when you use non custodian wallet I don't think such can happen

Kelward

sr. member

Activity: 588

Merit: 338

I think that the best precautionary measure someone who is sending Bitcoin from one wallet to another is to double check to confirm if it's actually the correct address that is being sent. It's quite a task to do this but the benefit of being sure that you're not sending to a wrong address is worth the stress, because if your transaction is confirmed, then there's no going back, meaning that the Bitcoin is lost. You'll not know when your phone has been compromised and totally relying on clipboard to paste your accurate wallet address can be quite costly.

Coyster

legendary

Activity: 2184

Merit: 1302

Quote from: BitMaxz on April 06, 2024, 03:52:59 PM

and the good thing is you can review the transaction you made from outside or from any online device if it's your address or if it was a different address right away you can cancel the transaction.

Yes, but one must doube check the address before signing the transaction with the offline device, one cannot just "cancel" the transaction after it has been broadcasted. "Cancelling" means replacing the transaction with another one, if it is RBF'ed, which is called double spending, and then pay a higher fee in the new transaction, but it might be too late and the initial transaction could have already been confirmed.

Quote from: tvplus006 on April 06, 2024, 05:07:46 PM

This is not the solution to your problem. You need to devote more time to the security of your equipment by using antivirus programs. But in any case, your care when sending a transaction will be indispensable if you carefully check the correctness of the address for sending coins.

Antivirus programs are good, but it is not a complete solution to the problem, some of them even steal people's data. Offline storage is a great solution and then attentiveness to double check output addresses.

cryptoaddictchie

legendary

Activity: 2254

Merit: 1377

Fully Regulated Crypto Casino

Quote from: Peanutswar on April 06, 2024, 09:26:05 PM

Ive seen some cases right here in the community, and people with this issue of the malware that gives a different paste content once they copy the clipboard, could be the script already designed once detected a pattern of the Bitcoin address could be a segwit or legacy address.

Yes Ive seen this happened on my friend but not on bitcoin but on his ronin wallet when he noticed that the address is almost the same but at the end of thr string there some different letter and number which he didnt notice cause from the stsrt the address is almost identical and in the end. The jumble words and number somewhere close at the latter. When he figured he got victim of a malware or virus that change some address. This is quite scary actually cause some might not check his wallet figure by figure.

Mrbluntzy

member

Activity: 378

Merit: 66

Axioma Holding - Axioma Pay Crypto Card

You are not the first person to have made this mistake, so many people who were not aware about clipboard virus have also been victims of send their coins to the wrong address, that's why people are advice to properly check and re-check the address they are sending their coins to avoid this kinds of mistake. You already said it, bitcoin transactions can not be reversed back to you once you mistakenly send it to another wallet and the transaction have been confirmed, that is the reason why we even have to be extremely carful.

dansus021

copper member

Activity: 2156

Merit: 983

Part of AOBT - English Translator to Indonesia

Yeah there is actually new kind of scam and CZ the ex-CEO of Binance warn about this Binance's CZ Warns Crypto Community About Emerging Scam https://www.binance.com/en/square/post/900401

I want to share this (luckily) unsuccessful, but very clever and close scam incident from yesterday . Saved $20m. Hope it may also save you one day.The scammers are so good now they generate addresses with the same starting and ending letters, which is what most people check… https://t.co/DFpdX8aNay

— CZ Binance (@cz_binance) August 2, 2023

they can generate the first and end letter that is insane so yeah we better to look out twice before make any transffer

Peanutswar

legendary

Activity: 1708

Merit: 1280

Top Crypto Casino

Ive seen some cases right here in the community, and people with this issue of the malware that gives a different paste content once they copy the clipboard, could be the script already designed once detected a pattern of the Bitcoin address could be a segwit or legacy address. If you can have an investment in the asset why not invest too with security, we are using daily the internet, devices to browse, to watch, etc. and of course make transactions there's nothing wrong invest too with security so you feel safe. But again sometimes hacker makes a way to inject into your system so you need to be more cautious with the things you are trying to download or access. People most likely overlook things, or else you will cut the transactions into partitions but it costs another fee.

SquirrelJulietGarden

hero member

Activity: 1442

Merit: 775

Quote from: Ambatman on April 06, 2024, 02:51:23 PM

I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

Recommend hardware wallet is good but a first part of your sentence is vague in meaning.

What did you imply with "I would suggest using a phone or system you don't usually use to browse the web to hold your coins"?

You can get dust attacks, address poisoning scam attacks with non custodial wallets like Electrum wallet too.

Dust Attack, what it is, why it is dangerous and how to prevent falling to it
A History of Bitcoin Transaction Dust & Spam Storms

Be careful when copy & paste a Bitcoin address for a transaction and always check it a couple of times.

How to lose your Bitcoins with CTRL-C CTRL-V

tabas

hero member

Activity: 3024

Merit: 745

Top Crypto Casino

Certainly a malware, it's been there since years and many have been victimized by it already. Those that don't check many times when they're about to send their transactions, they're the targets of this malware. Also, I've seen some situation wherein the copied address from your own wallet has some identical first and last characters of the hacker, I'm not sure how it goes but always check your entire bitcoin address from start, to mid and last characters of it. It will take you a minute but that minute will save you from trouble.

Cryptomultiplier

full member

Activity: 952

Merit: 232

Unlike back in the days when students like to copy perhaps assignment or term papers from their friends, only to copy along the name and i.d number of same friend and submit it without rechecking.
The punishment then was maybe a result of mark deduction.
In this case however, anyone not careful enough to properly confirm their sending and receiving address when copying from a storage location or from previous transaction information or from sent details, will have to either loss their funds or at best have it sent back if it is to someone with the kindest of hearts.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

If the person who posted that make some research about ways that a scammer or hacker do to be able to scam or steal crypto from other people then that person should be able to know or came across a discussion about clipboard hijacking which is what we can read on OP. It's better if we always triple check everything when sending crypto to other person or yo your other wallet if it's the right wallet address and the right amount that you are going to send to avoid making mistakes and would also be able to tell if your device have malware like this one.

Wakate

hero member

Activity: 1176

Merit: 543

fillippone - Winner contest Pizza 2022

Quote from: Ambatman on April 06, 2024, 02:51:23 PM

I made same post in Altcointalk.
Can't really start writing another different speech so will do well to copy it here.

Quote

I never knew this was possible so usually just copy the address and send without confirming much. Well turns out that was a big mistake on my part. Never knew that clipboard can do such. I don't know if it's a malware, I ended up using an address that wasn't mine and funny holds some units of Bitcoin.

Still confused how something like this could happen, but try to be cautious and don't feel too lazy to cross check your address before sending or posting. Recall Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone. You can tell the wallet address it went to but not the owner. Except they are careless, which I doubt they are

.

I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

It is good for anyone transferring funds to always confirm because anything can happen. I have seen a case where small fund was send to a wallet that looks like the usual wallet at address, at the end the fund was lost which was lesson for him to be always careful.
If you are suggesting one to use a wallet to hold fund always, what about in case when you feel like trading or buying other tokens, how do you intend to do that? No matter how we intend to support the use of wallet, it also has disadvantages just like the use of exchange for transactions.

tvplus006

legendary

Activity: 2268

Merit: 1655

To the Moon

Quote from: Ambatman on April 06, 2024, 02:51:23 PM

...I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

This is not the solution to your problem. You need to devote more time to the security of your equipment by using antivirus programs. But in any case, your care when sending a transaction will be indispensable if you carefully check the correctness of the address for sending coins.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Bitcoin addresses have a checksum(altcoin addresses usually have one too), thanks to the Base58Check encoding: the first 4 bytes(32bits) of the double SHA256 hash of the RIPEMD-160 form.

So if your wallet accepted this wrong address, it couldn't be due to a random error from you or your computer, it's due to a malware, a clipboard hijacker.

Quote

(note that below steps are the Base58Check encoding, which has multiple library options available implementing it)
5 - Perform SHA-256 hash on the extended RIPEMD-160 result ad3c854da227c7e99c4abfad4ea41d71311160df2e415e713318c70d67c6b41c 6 - Perform SHA-256 hash on the result of the previous SHA-256 hash c7f18fe8fcbed6396741e58ad259b5cb16b7fd7f041904147ba1dcffabf747fd 7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum c7f18fe8 8 - Add the 4 checksum bytes from stage 7 at the end of extended RIPEMD-160 hash from stage 4. This is the 25-byte binary Bitcoin Address. 00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31c7f18fe8

https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Quote from: Coyster on April 06, 2024, 03:32:52 PM

A phone you don't usually use to browse the internet sounds like a device that is connected to the internet sometimes, but not all the time. Mind you that such a device is not airgapped and it it is not safe for your coins, an offline set up has to be completely offline. In your case you were attacked by a clipboard malware, you can avoid that if you use your online device very well and also double check the address you want to send Bitcoin to.

Mine I have an extra phone only use for Bitcoin wallet no internet connection because the PA or the signal for wifi, bluetooth, and network is no longer working due to a broken network IC I can replace this but I'm thinking of making this as an airgap wallet it can only do is to sign a transaction through camera and QR code it works just like a hardware wallet and the good thing is you can review the transaction you made from outside or from any online device if it's your address or if it was a different address right away you can cancel the transaction.
Unlike phones with your wallet that is connected online when you make a transaction without checking the output, you might end up the same as other users fall victim to copy-paste malware.

DaNNy001

hero member

Activity: 644

Merit: 520

Leading Crypto Sports Betting & Casino Platform

Quote from: Charles-Tim on April 06, 2024, 02:55:24 PM

It is better to check and recheck the address that you are sending to someone before sending the address. It is better you check and recheck the address that you are sending coins to before sending the coin.

Quote from: Ambatman on April 06, 2024, 02:51:23 PM

Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone.

After 1 confirmation, it is gone. If the transaction does not support replace-by-fee, the coin has likely gone even when it is not yet confirmed. Even if the transaction support replaced-by-fee, it is possible that it might have been too late.

This is the part of the crypto system that some people actually find not cool but for me it's actually worth it because atleast it will teach you as a coin owner to be very careful when sending your coins to a particular user. The one time mistake I have done was not actually checking the minimum deposit for a particular exchange that I wanted to send some coins from my non custodial wallet to and that mistake cost me 15$ because the minimum deposit was the exchange was exactly 20$.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Ambatman on April 06, 2024, 02:51:23 PM

I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

Clipboard malware is amongst us for quite some years. People should read a little, really, else their money can go away very fast.
The easiest way to handle it is to simply double check the address you paste vs the address you've copied. Full check, not only the first and last few characters, since there are some smarter versions too that try to make look alike vanity addresses.

And about using an old phone, it's not the best idea. Just read this old thread: Old phone as cold storage?
The thing is that you cannot be 100% sure the phone is indeed airgapped.

Quote from: promise444c5 on April 06, 2024, 03:13:04 PM

I think you are trying to make reference to an Airgapped device, although you can create your Airgapped devices using some PC with a secure OS

If you are on a PC or laptop, even historically "not that safe/secure" OS like Windows will do, as long as the device will remain always airgapped.
The thing is that you better use an OS you're familiar with, so you don't make extra mistakes and also never (!) ever go online with the airgapped device, even for a second.

Topic: Be cautious when copying wallet addresses (Read 276 times)