Pages:
Author

Topic: How to lose your Bitcoins with CTRL-C CTRL-V (Read 4427 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
August 24, 2024, 03:42:59 AM
Bump
hero member
Activity: 812
Merit: 619
When I clicked on send button I surprised to see that address was fully changed.
That's not a clipboard problem, it's something else. Sign offline, or use a hardware wallet if your system is that compromised.
And don't use Metamask Wink

Why not reinstall operating system which will completely deactivate the malware and then not install any unknown program. It will help to use Metamask securely.

BTW I am using mobile phone for transaction and completely give up PC for transaction. I have no open source hardware as My fund is not that much great and also online order issue.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
When I clicked on send button I surprised to see that address was fully changed.
That's not a clipboard problem, it's something else. Sign offline, or use a hardware wallet if your system is that compromised.
And don't use Metamask Wink
sr. member
Activity: 1932
Merit: 300
Vave.com - Crypto Casino
Another form of similar attack are malwares and app that reads clipboard and can get your private key once you copy them. It is better to not deal in private key and type your mnemonics using a combination of keyboard and on-screen keyboard. Store the mnemonics writing the words in a notebook.
hero member
Activity: 812
Merit: 619
Now the scammers are more smart and all tips and tricks given in the OP post not working. I am saying based on my own practice faced 4 months before but I checked this thread today so I am sharing just my experience.

I copied address and paste it in the Metamask receiving address. I checked address and It was displaying same with address I copied. When I clicked on send button I surprised to see that address was fully changed.

I checked it again and this time I copied 5 letter less and added 5 letter manually, when I clicked on sens button, once again the address on approval pop up was changed. anyway I do every possible method to bypass the malware but couldn't work. we should be very careful and I think the best method is to reinstall the operating system so that malware couldn't spread all programs in our system.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
when I checked it on blockchain explorer, it had total 28k$ incoming balance.
And this is probably just one of the many different addresses used by the malware.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
Wow i didn't know that a simple thing as Ctrl-C/Ctrl-V could potentialy make you loss so many. Thanks for the info though! even though i never experienced getting scammed or hacked that way and I'm using Windows 10 right now makes me keep vigilant.  Shocked
Windows 10 is not without its drawbacks, even I have been exposed to clipboard viruses. The way it works seems to be inserted in an app that I'm trying to download. This virus is trying to check the wallet address of the thief in every activity Ctrl + V. Fortunately I am aware of this, even I have not tried the transaction. I was just trying to see the balance balance through Etherscan and it turned out that it was very different that what I did was the ETH address that the app brought. I've tried to dazzle and remove it. But every time I say that computer will appear and the last way is to install my computer.

This simple Ctrl-C/Ctrl-V takes up someone's life's earning. If you don't believe me I can even show you screenshots. Some days ago I too was infected with this malware. And the shocking thing was, when I checked it on blockchain explorer, it had total 28k$ incoming balance. Imagine how many people fell a victim to it. So if anything like this happens, do not hesitate to format disk and reinstall OS freshly. Linux is recommend in this case.
legendary
Activity: 1106
Merit: 1372
How about Duckduckgo?
That's a search engine, not a browser.
Never mind, it's a browser too nowdays! I learned something new Smiley But it's a Windows beta, so not really useful for the rest of us.
This days search engine and browser are used interchangeably. So as you said, in the present world, the two are one. But from my finding, Duckduckgo is more of search engine and not really a browser. Look at it.

Duckduckgo
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
How about Duckduckgo?
That's a search engine, not a browser.
Never mind, it's a browser too nowdays! I learned something new Smiley But it's a Windows beta, so not really useful for the rest of us.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Tor or Firefox.
How about Duckduckgo?

On Tor, the search engine is also Duckduckgo. It is a good browser.

Chrome is provably awful in every way, from being filled with spyware, to insecurely storing passwords
I was flabbergasted years back, when I discovered Chrome "conveniently" uploaded all my stored passwords to Google.
Google has taught me the lesson to never click on 'save password' ever again. I prefer to use forgot password than to save password as the last resort.

On Google devices (running Android OS), even if you are not using Chrome, clicking on save password while you are using another app makes it synchronized on the Google cloud with your Gmail.
legendary
Activity: 2268
Merit: 18771
I was flabbergasted years back, when I discovered Chrome "conveniently" uploaded all my stored passwords to Google.
There was a good chance they were in plain text as well:

https://borncity.com/win/2022/06/12/chrome-speichert-passwrter-im-speicher-im-klartext/
https://www.theverge.com/2019/5/21/18634842/google-passwords-plain-text-g-suite-fourteen-years
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
My mistake at that time was trying to install some video editor from an unofficial link and using crack.
I'm sure you've discovered it by now, but you should never run pirated software on any system that should remain secure. Even better if you can find an open source alternative for it.

Chrome is provably awful in every way, from being filled with spyware, to insecurely storing passwords
I was flabbergasted years back, when I discovered Chrome "conveniently" uploaded all my stored passwords to Google.
legendary
Activity: 2268
Merit: 18771
Even until now I am still looking for the best browser to access the internet.
Tor or Firefox.

There is really no debate to be had here. Chrome is provably awful in every way, from being filled with spyware, to insecurely storing passwords, to phoning home to Google constantly, to being resource hungry, to tracking everything you do, etc., etc. It is the absolute worst browser you can choose, but especially so for anything sensitive such as crypto. And every browser based on Chrome (Edge, Opera, Brave, Vivaldi, etc.) still has plenty of embedded Google spyware which is near impossible to remove.
hero member
Activity: 1400
Merit: 770
Thinking you're safe would be the biggest mistake. It's a lot safer, but even if it's a lot smaller, there's always a risk. So assume you're not safe, and act accordingly.

This has happened to me, but I'm lucky I didn't lose a few Bitcoins. I tried to eliminate add ons in Chrome settings, even it was gone when my Laptop turned off and turned on again it will always come back. Even in the end I needed to reinstall my windows when I found out this. Luckily I did a double check before sending crypto. Right now I'm still using Chrome, and some anti-virus. My mistake at that time was trying to install some video editor from an unofficial link and using crack. So there are many factors and we have to be meticulous and careful in every step related to the Internet. Even until now I am still looking for the best browser to access the internet.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
No operating system is completely safe and no operating system that can not be hacked. Probably what LoyceV means is that the chance of having such malware on Linux is low. Linux is also completely open source.
Correct. Windows has been "the place to be" for malware for decades. Last year, 95% of all malware targeted Windows, even though it's market share is only 30% nowadays.

Are you saying that if I don't use windows the chances of this copy/paste hack is zero? For example lets say I own a Mac laptop, am I safe from this attack?
Thinking you're safe would be the biggest mistake. It's a lot safer, but even if it's a lot smaller, there's always a risk. So assume you're not safe, and act accordingly.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Thanks for the interesting post and suggestions. I saw the recommendations and you said in #1 "Don't use windows" - Are you saying that if I don't use windows the chances of this copy/paste hack is zero? For example lets say I own a Mac laptop, am I safe from this attack?
No operating system is completely safe and no operating system that can not be hacked. Probably what LoyceV means is that the chance of having such malware on Linux is low. Linux is also completely open source.

According to what I have read before, but which I do not know if it is true or not, is that Linux can be more vulnerable to malware. But most people using it are very conscious and know how to avoid malware perfectly.

According to my findings, the chance of having malware is lower on Mac OS than Windows, but they are still both close source operating systems.

If you have the experience of not letting your OS get infected with malware, you can be safe on all OS, but an open source OS would be another thing to consider, unlike close source which you do not know if the OS has some spyware or other vulnerabilities. No one will want Bill Gates or Apple to be spying on their activities on computer.
jr. member
Activity: 31
Merit: 8
Thanks for the interesting post and suggestions. I saw the recommendations and you said in #1 "Don't use windows" - Are you saying that if I don't use windows the chances of this copy/paste hack is zero? For example lets say I own a Mac laptop, am I safe from this attack? Thanks.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
This is yet another reason to invest some bucks in a reliable Hardware wallet which allows us to double check not only on the screen of the computer but also on the screen of the hardware itself, which has been isolated from the internet and its nasty malwares.

At this point, a Trezor or a Ledger should be a must have for any serious Hodler, imo.  Wink
Indeed, in the case of using hardware wallets, the problem with the probability of losing bitcoin using ctrl-C / ctrl-V disappears by itself.

But this paragraph doesn't cancel at all:
Stay vigilant
Check, double check and tripple check before sending funds!
You still have to visually check every character in the address bar, which can be a little annoying. But that's the price of not making mistakes.

In addition to these manufacturers, there are many other companies on the hardware wallet market, but for some reason, Trezor and Ledger are most often called when recommending a purchase. It seems that this is due to the fact that these companies have been around for a long time and are known, having proven themselves well. Although not devoid of dubious and controversial points. Therefore, I would recommend not discounting devices from other companies.
jr. member
Activity: 126
Merit: 4
The scammers haven't caught me yet, but I'm glad that I learned about this kind of scam and how to deal with it. Your words sound very logical. Everyone should be careful, as careful as possible when it comes to money. Thanks!
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
-snip-
Select the address with mouse, then click-and-drag it to where you want to paste it.
I'm sure you meant this way, and yes I did too. But as a fact it doesn't support in some apps including notepad and some web pages.

-snip-
Obviously, it's not advisable to keep important stuff in random text files, and I would never do that, but, erm... I have a friend who does it all the time.
As long as you can confirm your own actions (provided you also understand wallet security) and have proven up to this point that nothing happened, then go ahead. It's meant only to show your habits, not to recommend others.
Pages:
Jump to: