Author

Topic: Be cautious when copying wallet addresses (Read 276 times)

hero member
Activity: 1414
Merit: 542
April 09, 2024, 04:38:04 PM
#28
I made same post in Altcointalk.
Can't really start writing another different speech so will do well to copy it here.

Quote
I never knew this was possible so usually just copy the address and send without confirming much. Well turns out that was a big mistake on my part. Never knew that clipboard can do such. I don't know if it's a malware, I ended up using an address that wasn't mine and funny holds some units of Bitcoin.

Still confused how something like this could happen,  but try to be cautious and don't feel too lazy to cross check your address before sending or posting. Recall Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone. You can tell the wallet address it went to but not the owner. Except they are careless,  which I doubt they are
.


I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

Yes, this is the obvious copy and paste malware that has been plaguing us crypto enthusiast for years as we have been a target by criminals criminals by creating this malware and then uses a lot of ways to get to us.

As for the phone or hardware wallet, the latter is the better, it's better design to hold our coins for longer and security is very high as compare to a mobile phone that you don't know might break in the next couple of years.
legendary
Activity: 2436
Merit: 1104
Exactly. Even dust attack and address poisoning is possible on clean devices. But the one that has been reported led to coin loss is address poisoning as the attacker make use of address similar to the victim's address.
I've read about this before here in the forum, o. This scam, the scammers are relying on the person carelessness to fall victim to their trap. this is why it's important to always double check(as you have mentioned on your previous post) the addresses before making the transaction.
hero member
Activity: 1386
Merit: 513
Payment Gateway Allows Recurring Payments
I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.
I must say you are new to the crypto sphere because this method of stealing money has been in the market for a long time. Many have been affected by it and lost a hell lot of money. I hope you did not lose much. I can't agree more with you on the fact that we should not be lazy and double-check the wallet address especially when the TX is big. I normally double-check the address fully when the tx is big otherwise I only check the last digits.

Oh, I just remembered you did not said, or suggested to check the whole address. as you are new to the field (I assume) I must say, that there is another hack type, in which hackers even have the ability to make addresses that have the same letters as of yours only the first and the last words are the same other words are not. So, people who only check the first and last should also check the full address.

PS: I had forgotten the term that was used for this hack, can anybody recall plz?
hero member
Activity: 1498
Merit: 711
Enjoy 500% bonus + 70 FS
I don't know why some people find it very difficult to observe their crypto wallet before the copy out to the wallet address and paste to person then want to test it to so for me it is not much problem for someone to cross check and  also take a proper precaution of cryptocurrency investment so I believe that is better for we to understand the system by ourself before we can be able to enter into a problem because I have not seen anything wrong for someone to copy each address wrongly and paste, where I noticed that there is some problems when the come to a platform is all this exchange someone coming to your wallet so when you copy the wallet and you copy the wrong one so it is only exchange a such happen but when you use non custodian wallet I don't think such can happen
sr. member
Activity: 588
Merit: 338
I think that the best precautionary measure someone who is sending Bitcoin from one wallet to another is to double check to confirm if it's actually the correct address that is being sent. It's quite a task to do this but the benefit of being sure that you're not sending to a wrong address is worth the stress, because if your transaction is confirmed, then there's no going back, meaning that the Bitcoin is lost. You'll not know when your phone has been compromised and totally relying on clipboard to paste your accurate wallet address can be quite costly.
legendary
Activity: 2184
Merit: 1302
and the good thing is you can review the transaction you made from outside or from any online device if it's your address or if it was a different address right away you can cancel the transaction.
Yes, but one must doube check the address before signing the transaction with the offline device, one cannot just "cancel" the transaction after it has been broadcasted. "Cancelling" means replacing the transaction with another one, if it is RBF'ed, which is called double spending, and then pay a higher fee in the new transaction, but it might be too late and the initial transaction could have already been confirmed.
This is not the solution to your problem. You need to devote more time to the security of your equipment by using antivirus programs. But in any case, your care when sending a transaction will be indispensable if you carefully check the correctness of the address for sending coins.
Antivirus programs are good, but it is not a complete solution to the problem, some of them even steal people's data. Offline storage is a great solution and then attentiveness to double check output addresses.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
Ive seen some cases right here in the community, and people with this issue of the malware that gives a different paste content once they copy the clipboard, could be the script already designed once detected a pattern of the Bitcoin address could be a segwit or legacy address.
Yes Ive seen this happened on my friend but not on bitcoin but on his ronin wallet when he noticed that the address is almost the same but at the end of thr string there some different letter and number which he didnt notice cause from the stsrt the address is almost identical and in the end. The jumble words and number somewhere close at the latter. When he figured he got victim of a malware or virus that change some address. This is quite scary actually cause some might not check his wallet figure by figure.
member
Activity: 392
Merit: 71
Axioma Holding - Axioma Pay Crypto Card
You are not the first person to have made this mistake, so many people who were not aware about clipboard virus have also been victims of send their coins to the wrong address, that's why people are advice to properly check and re-check the address they are sending their coins to avoid this kinds of mistake. You already said it, bitcoin transactions can not be reversed back to you once you mistakenly send it to another wallet and the transaction have been confirmed, that is the reason why we even have to be extremely carful.
copper member
Activity: 2156
Merit: 983
Part of AOBT - English Translator to Indonesia
Yeah there is actually new kind of scam and CZ the ex-CEO of Binance warn about this Binance's CZ Warns Crypto Community About Emerging Scam https://www.binance.com/en/square/post/900401

I want to share this (luckily) unsuccessful, but very clever and close scam incident from yesterday . Saved $20m. Hope it may also save you one day.The scammers are so good now they generate addresses with the same starting and ending letters, which is what most people check… https://t.co/DFpdX8aNay

— CZ Binance (@cz_binance) August 2, 2023

they can generate the first and end letter that is insane so yeah we better to look out twice before make any transffer
legendary
Activity: 1708
Merit: 1280
Top Crypto Casino
Ive seen some cases right here in the community, and people with this issue of the malware that gives a different paste content once they copy the clipboard, could be the script already designed once detected a pattern of the Bitcoin address could be a segwit or legacy address. If you can have an investment in the asset why not invest too with security, we are using daily the internet, devices to browse, to watch, etc. and of course make transactions there's nothing wrong invest too with security so you feel safe. But again sometimes hacker makes a way to inject into your system so you need to be more cautious with the things you are trying to download or access. People most likely overlook things, or else you will cut the transactions into partitions but it costs another fee.
hero member
Activity: 1442
Merit: 775
I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.
Recommend hardware wallet is good but a first part of your sentence is vague in meaning.

What did you imply with "I would suggest using a phone or system you don't usually use to browse the web to hold your coins"?

You can get dust attacks, address poisoning scam attacks with non custodial wallets like Electrum wallet too.

Dust Attack, what it is, why it is dangerous and how to prevent falling to it
A History of Bitcoin Transaction Dust & Spam Storms

Be careful when copy & paste a Bitcoin address for a transaction and always check it a couple of times.

How to lose your Bitcoins with CTRL-C CTRL-V
hero member
Activity: 3024
Merit: 745
Top Crypto Casino
Certainly a malware, it's been there since years and many have been victimized by it already. Those that don't check many times when they're about to send their transactions, they're the targets of this malware. Also, I've seen some situation wherein the copied address from your own wallet has some identical first and last characters of the hacker, I'm not sure how it goes but always check your entire bitcoin address from start, to mid and last characters of it. It will take you a minute but that minute will save you from trouble.
full member
Activity: 952
Merit: 232
Unlike back in the days when students like to copy perhaps assignment or term papers from their friends, only to copy along the name and i.d number of same friend and submit it without rechecking.
The punishment then was maybe a result of mark deduction.
In this case however, anyone not careful enough to properly confirm their sending and receiving address when copying from a storage location or from previous transaction information or from sent details, will have to either loss their funds or at best have it sent back if it is to someone with the kindest of hearts.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
If the person who posted that make some research about ways that a scammer or hacker do to be able to scam or steal crypto from other people then that person should be able to know or came across a discussion about clipboard hijacking which is what we can read on OP. It's better if we always triple check everything when sending crypto to other person or yo your other wallet if it's the right wallet address and the right amount that you are going to send to avoid making mistakes and would also be able to tell if your device have malware like this one.
hero member
Activity: 1176
Merit: 543
fillippone - Winner contest Pizza 2022
I made same post in Altcointalk.
Can't really start writing another different speech so will do well to copy it here.

Quote
I never knew this was possible so usually just copy the address and send without confirming much. Well turns out that was a big mistake on my part. Never knew that clipboard can do such. I don't know if it's a malware, I ended up using an address that wasn't mine and funny holds some units of Bitcoin.

Still confused how something like this could happen,  but try to be cautious and don't feel too lazy to cross check your address before sending or posting. Recall Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone. You can tell the wallet address it went to but not the owner. Except they are careless,  which I doubt they are
.


I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.
It is good for anyone transferring funds to always confirm because anything can happen. I have seen a case where small fund was send to a wallet that looks like the usual wallet at address, at the end the fund was lost which was  lesson for him to be always careful.
If you are suggesting one to use a wallet to hold fund always, what about in case when you feel like trading or buying other tokens, how do you intend to do that? No matter how we intend to support the use of wallet, it also has disadvantages just like the use of exchange for transactions.
legendary
Activity: 2268
Merit: 1655
To the Moon
...I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

This is not the solution to your problem. You need to devote more time to the security of your equipment by using antivirus programs. But in any case, your care when sending a transaction will be indispensable if you carefully check the correctness of the address for sending coins.
legendary
Activity: 2604
Merit: 2353
Bitcoin addresses have a checksum(altcoin addresses usually have one too), thanks to the Base58Check encoding: the first 4 bytes(32bits) of the double SHA256 hash of the RIPEMD-160 form.

 So if your wallet accepted this wrong address, it couldn't be due to a random error from you or your computer, it's due to a malware, a clipboard hijacker.

Quote
(note that below steps are the Base58Check encoding, which has multiple library options available implementing it)
5 - Perform SHA-256 hash on the extended RIPEMD-160 result

   ad3c854da227c7e99c4abfad4ea41d71311160df2e415e713318c70d67c6b41c
6 - Perform SHA-256 hash on the result of the previous SHA-256 hash

   c7f18fe8fcbed6396741e58ad259b5cb16b7fd7f041904147ba1dcffabf747fd
7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum

   c7f18fe8
8 - Add the 4 checksum bytes from stage 7 at the end of extended RIPEMD-160 hash from stage 4. This is the 25-byte binary Bitcoin Address.

   00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31c7f18fe8
https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook

A phone you don't usually use to browse the internet sounds like a device that is connected to the internet sometimes, but not all the time. Mind you that such a device is not airgapped and it it is not safe for your coins, an offline set up has to be completely offline. In your case you were attacked by a clipboard malware, you can avoid that if you use your online device very well and also double check the address you want to send Bitcoin to.

Mine I have an extra phone only use for Bitcoin wallet no internet connection because the PA or the signal for wifi, bluetooth, and network is no longer working due to a broken network IC I can replace this but I'm thinking of making this as an airgap wallet it can only do is to sign a transaction through camera and QR code it works just like a hardware wallet and the good thing is you can review the transaction you made from outside or from any online device if it's your address or if it was a different address right away you can cancel the transaction.
Unlike phones with your wallet that is connected online when you make a transaction without checking the output, you might end up the same as other users fall victim to copy-paste malware.
hero member
Activity: 644
Merit: 520
Leading Crypto Sports Betting & Casino Platform
It is better to check and recheck the address that you are sending to someone before sending the address. It is better you check and recheck the address that you are sending coins to before sending the coin.

Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone.
After 1 confirmation, it is gone. If the transaction does not support replace-by-fee, the coin has likely gone even when it is not yet confirmed. Even if the transaction support replaced-by-fee, it is possible that it might have been too late.
This is the part of the crypto system that some people actually find not cool but for me it's actually worth it because atleast it will teach you as a coin owner to be very careful when sending your coins to a particular user. The one time mistake I have done was not actually checking the minimum deposit for a particular exchange that I wanted to send some coins from my non custodial wallet to and that mistake cost me 15$ because the minimum deposit was the exchange was exactly 20$.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

Clipboard malware is amongst us for quite some years. People should read a little, really, else their money can go away very fast.
The easiest way to handle it is to simply double check the address you paste vs the address you've copied. Full check, not only the first and last few characters, since there are some smarter versions too that try to make look alike vanity addresses.

And about using an old phone, it's not the best idea. Just read this old thread: Old phone as cold storage?
The thing is that you cannot be 100% sure the phone is indeed airgapped.

I think you are trying  to make reference to an Airgapped device, although you can create your Airgapped devices  using some PC with a secure OS

If you are on a PC or laptop, even historically "not that safe/secure" OS like Windows will do, as long as the device will remain always airgapped.
The thing is that you better use an OS you're familiar with, so you don't make extra mistakes and also never (!) ever go online with the airgapped device, even for a second.
legendary
Activity: 2184
Merit: 1302
I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.
A phone you don't usually use to browse the internet sounds like a device that is connected to the internet sometimes, but not all the time. Mind you that such a device is not airgapped and it it is not safe for your coins, an offline set up has to be completely offline. In your case you were attacked by a clipboard malware, you can avoid that if you use your online device very well and also double check the address you want to send Bitcoin to.
sr. member
Activity: 672
Merit: 416
stead.builders
I made same post in Altcointalk.
Can't really start writing another different speech so will do well to copy it here.

Quote
I never knew this was possible so usually just copy the address and send without confirming much. Well turns out that was a big mistake on my part. Never knew that clipboard can do such. I don't know if it's a malware, I ended up using an address that wasn't mine and funny holds some units of Bitcoin.

Still confused how something like this could happen,  but try to be cautious and don't feel too lazy to cross check your address before sending or posting. Recall Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone. You can tell the wallet address it went to but not the owner. Except they are careless,  which I doubt they are
.


I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

Maybe you may have to take a look on this threads:

Address Poisoning
https://bitcointalksearch.org/topic/m.61556293

https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams

Also you may have to also see the way many can loose their crypto asset from copy and paste already discussed long time ago by LoyceV from the forum here, if we don't download a malicious apps or use their links, we are not going to be affected, many got into this because they don't even got aware they are into it in the first place until they experience the scam.

sr. member
Activity: 476
Merit: 299
Learning never stops!

I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.
I think you are trying  to make reference to an Airgapped device, although you can create your Airgapped devices  using some PC with a secure OS , I wouldn't  advice phones because you definitely have used it for Internet and it's  hard to completely disable some features  on it so you will still get a partial Airgapped device( I just gave it  that name and I know it suck Tongue)even after format and reset.
Or you could just  get an Airgapped  device / Hardware  wallet just as you've  mentioned.


hero member
Activity: 994
Merit: 701
It is called clipboard malware. It is used by scammers to infiltrate your keyboard, it intercepts your keyboard by replacing what you copy on your keyboard and paste something different. They use it to make fraudulent cryptocurrency transactions and can also replace important informations you copy such as credit cards details, passwords etc. You can avoid them by not visiting any unsolicited links you come across and keeping your antivirus software updated to stop such softwares from been installed accidentally in your system.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
The suggestion should be you should rather store your coins on a device that you have never used to browse the internet before or an hardware wallet. And it doesn’t just end there make sure to cross check your transaction details before broadcasting your transaction, you never can be too sure even on an assumed clean device
Exactly. Even dust attack and address poisoning is possible on clean devices. But the one that has been reported led to coin loss is address poisoning as the attacker make use of address similar to the victim's address.
hero member
Activity: 868
Merit: 952
It is either it is a clipboard malware which I would advise you to read this thread on how not to lose your bitcoin through copy and paste or you mistakenly copy the wrong address either through a dust attack on that address.

I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.

The suggestion should be you should rather store your coins on a device that you have never used to browse the internet before or an hardware wallet. And it doesn’t just end there make sure to cross check your transaction details before broadcasting your transaction, you never can be too sure even on an assumed clean device
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
It is better to check and recheck the address that you are sending to someone before sending the address. It is better you check and recheck the address that you are sending coins to before sending the coin.

Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone.
After 1 confirmation, it is gone. If the transaction does not support replace-by-fee, the coin has likely gone even when it is not yet confirmed. Even if the transaction support replaced-by-fee, it is possible that it might have been too late.
sr. member
Activity: 420
Merit: 315
Top Crypto Casino
I made same post in Altcointalk.
Can't really start writing another different speech so will do well to copy it here.

Quote
I never knew this was possible so usually just copy the address and send without confirming much. Well turns out that was a big mistake on my part. Never knew that clipboard can do such. I don't know if it's a malware, I ended up using an address that wasn't mine and funny holds some units of Bitcoin.

Still confused how something like this could happen,  but try to be cautious and don't feel too lazy to cross check your address before sending or posting. Recall Bitcoin transactions are irreversible after 6 confirmations, once confirmed it's gone. You can tell the wallet address it went to but not the owner. Except they are careless,  which I doubt they are
.


I would suggest using a phone or system you don't usually use to browse the web to hold your coins or better still an Hardware wallet.
Jump to: