Pages:
Author

Topic: How to lose your Bitcoins with CTRL-C CTRL-V - page 2. (Read 4427 times)

legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
We are currently talking about this issue in the Spanish local board (thread). A user was recently infected by a keylogger he installed which came within a KMSPico package, and he lost some funds because the address was changed in the copy-paste process. The addresses may seem similar if you focus on the first or last characters only, as you said, so beware!
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Select the address with mouse, then click-and-drag it to where you want to paste it.
Once your OS is compromised, you can't trust anything anymore. Although I haven't seen this happen yet, I can imagine at some point a compromised OS can make your wallet send funds to an address different than the address shown on your screen. A hardware wallet prevents this, assuming you thoroughly check the address on your hardware wallet before sending funds.
hero member
Activity: 510
Merit: 4005
I would like to add a tip here to avoid copy-paste errors and clipboard highjack scams. Instead of using CTRL+C and CTRL+V to copy paste the Bitcoin address, do this -

Select the address with mouse, then click-and-drag it to where you want to paste it.

This will act like a regular copy-paste, but no clipboard is involved.

Be careful with this tip. If you drag things from a text file, then (depending on the application) it'll remove[1] it from the source document after pasting. It's pretty easy to then accidentally save the file (some time later) and lose whatever it was that you copied.

Obviously, it's not advisable to keep important stuff in random text files, and I would never do that, but, erm... I have a friend who does it all the time.

[1] You can prevent this from happening by making sure to hold down the CTRL key before dragging.
legendary
Activity: 1932
Merit: 1005
I would like to add a tip here to avoid copy-paste errors and clipboard highjack scams. Instead of using CTRL+C and CTRL+V to copy paste the Bitcoin address, do this -

Select the address with mouse, then click-and-drag it to where you want to paste it.

This will act like a regular copy-paste, but no clipboard is involved.

not sure if this will help in the long term , it could be possible that they already found a way to change that also , i'll stick to the first page and keep deleting some numbers and change them by hand
copper member
Activity: 37
Merit: 18
I would like to add a tip here to avoid copy-paste errors and clipboard highjack scams. Instead of using CTRL+C and CTRL+V to copy paste the Bitcoin address, do this -

Select the address with mouse, then click-and-drag it to where you want to paste it.

This will act like a regular copy-paste, but no clipboard is involved.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
How come the address shows or have the same first few characters and last few characters
That's easy: vanitygen and a list/database.
sr. member
Activity: 588
Merit: 251
This is totally an eye opener to me, I must confess I have not come across or experience anything of this nature, but right now with this post I am completely informed. Thanks OP.
 Huh But I would want to know another thing about this copy/paste.
How come the address shows or have the same first few characters and last few characters, is it that they run some codes that automatically figured out the kind of address that has been copied into the clipboard or it randomly creates it's own address that has the same first and last characters?
Please, I will sincerely need answers. Thanks.
hero member
Activity: 1400
Merit: 770
Wow i didn't know that a simple thing as Ctrl-C/Ctrl-V could potentialy make you loss so many. Thanks for the info though! even though i never experienced getting scammed or hacked that way and I'm using Windows 10 right now makes me keep vigilant.  Shocked


Windows 10 is not without its drawbacks, even I have been exposed to clipboard viruses. The way it works seems to be inserted in an app that I'm trying to download. This virus is trying to check the wallet address of the thief in every activity Ctrl + V. Fortunately I am aware of this, even I have not tried the transaction. I was just trying to see the balance balance through Etherscan and it turned out that it was very different that what I did was the ETH address that the app brought. I've tried to dazzle and remove it. But every time I say that computer will appear and the last way is to install my computer.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Someone is farming karma without providing links to the source. Many posts here are the copypasta from reddit but I didn't know it works both ways.
I once had plagiarism from one of my posts removed from Medium. It's the first time I see it on Reddit.

Quote
I tried, but Reddit wants my full name and address. I'm not doxing myself, so I just downvoted and posted a link to my original topic in the comments.
full member
Activity: 280
Merit: 100
I just saw another victim of clipboard hijacker malware.

How it works
1. You select a Bitcoin address, and press CTRL-C.
2. The malware changes the address to an address owned by the hacker/scammer.
3. You press CTRL-V and lose any funds you send.
Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed.



Wow i didn't know that a simple thing as Ctrl-C/Ctrl-V could potentialy make you loss so many. Thanks for the info though! even though i never experienced getting scammed or hacked that way and I'm using Windows 10 right now makes me keep vigilant.  Shocked
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
Someone is farming karma without providing links to the source. Many posts here are the copypasta from reddit but I didn't know it works both ways.

Please report this: https://www.reddit.com/r/CryptoCurrency/comments/pcegqx/how_to_lose_your_bitcoins_with_ctrlc_ctrlv/
legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform
This is yet another reason to invest some bucks in a reliable Hardware wallet which allows us to double check not only on the screen of the computer but also on the screen of the hardware itself, which has been isolated from the internet and its nasty malwares.

At this point, a Trezor or a Ledger should be a must have for any serious Hodler, imo.  Wink
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I did say inspect first AND last. So a total of 10 characters. ... But yes, your example has the first half the same as another.

Clipboard malware that can do that on the fly (or probably communicates with a server to get an address) is too complex or will get caught or something.

If any malware can create an address with only 8 characters different from the original, within the time it takes for a human to do a copy and then a paste, we've got problems.


The house one is more of, if you are selling the house, it would be the buyer's responsibility to make sure you got paid. I think it came about something else concerning confirmations or blocks. I'd give the keys to the house after seeing the transaction, but I'm pretty sure the new owner wouldn't mind if I waited at least 20 minutes for one or two confirmations.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Buying or selling coffee (or equivalent value), inspect first 5 and last 5, save a little time.
When paying small amounts, I don't really check anything. I scan the QR-code and pay. But I'm fully aware of the risks.

For larger amounts, I check all characters. That's how I found this Ledger bug:
Code:
DMv1UW6d2vXUqNGw7YZyXjPEx959wM2FEN
               ↑
This is what it looks like on the Ledger:
Image loading...

Buying or selling a house, inspect first 6 or 7, save a little time, the house is not going anywhere.
Buying or selling a car, check the whole address before it goes vroom vroom, because it's going down the road away from you ...
I don't really get why a house would be different than a car: the house may not go anywhere, but your money will be gone if you lose it because of clipboard malware. And the house won't be yours if that happens.
For any serious amount:
2. Check the entire address

the chances of an attacker having a nearly identical address is close to none.
To show the risks of only checking the first characters: all those addresses hold funds:
Code:
14Cnk6Qyt9G4WZfsYfVyL1jcnXciNjbvjk
14Cnk6Qyt9G4Wc2qXYH1er2NiK1yPMZfhq
14Cnk6Qyt9G4WcxPgtU91XvVmXyR5V6ePi
14Cnk6Qyt9G4Zf1L3EhzESXMSAPhT1mg4x
14Cnk6Qyt9G4Zf1h7F3akGrxTJ7DGVTfaC
14Cnk6Qyt9G4Zfhv1BdyiQW7Wrdc5BshFv
14Cnk6Qyt9G4Zfhv1CJLAV5ks773XgzbA5
14Cnk6Qyt9G4Zfhv1CJSHNU7eyNHYK2Rv7
14Cnk6Qyt9G4Zfhv1CJSHNUBo9BN2Ju7Gb
14Cnk6Qyt9G4Zfhv1CJSHNUBo9CrhDp2sz
copper member
Activity: 211
Merit: 10
Sad, just be careful with your downloads and always have a good antimalware software in place!
staff
Activity: 3304
Merit: 4115
Its actually quite simple to make mistakes when copying, and pasting anyway. If you need to send to multiple different addresses, and you work in a rather large workspace its simply to miss a key, and assume you actually did copy the newly highlighted address, when in reality you haven't, and because you are familiar with the address itself it will likely go unnoticed.

With any bitcoin or other altcoin address, I think the threshold to minimally inspect it would be the first 5 and last 5 characters. If you can check more characters or even the whole address, then so much better.
I get your point, that this is probably enough. Since, the chances of an attacker having a nearly identical address is close to none. However, I personally always check each letter/digit. This is just a habit I've developed, since if you are taking the responsibility of being your own bank, you should probably consider the weight of that. Unfortunately,  because of our culture, and the fact we've started to rely on banks for many years now, we've become acquainted with short cuts, and getting other third parties to assure everything is correct. This develops complacency, which I believe is one of the biggest threats to anyone's security, no matter who you are. In fact, its probably more dangerous as you become more confident, and assured with Bitcoin, since that's basically how complacency works. In the beginning you are probably checking every letter/digit, and your heart is pumping the first time you send that transaction, and check it on the Blockchain to make sure it actually was sent correctly. Then, once you develop a confidence, you start checking less, and less as its a time sink.

However, wallets don't have a built in function to protect you from complacency. Well, they kind of do; some will prompt you whether you mean to send it to x address, but as we are human, and are already susceptible to complacency, most will just click okay without actually checking anything.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
With any bitcoin or other altcoin address, I think the threshold to minimally inspect it would be the first 5 and last 5 characters. If you can check more characters or even the whole address, then so much better.

I don't think it's going to "scale" all that much even in the future, maybe if you're dealing with bigger amounts, you could look at 6 characters. And of course, for bitcoin I mean don't include the prefix in the count like 1 or 3 or bc1q.

Buying or selling coffee (or equivalent value), inspect first 5 and last 5, save a little time.
Buying or selling a house, inspect first 6 or 7, save a little time, the house is not going anywhere.
Buying or selling a car, check the whole address before it goes vroom vroom, because it's going down the road away from you ... but you probably have all the details you need, just in case, the payment would just be an irritating hassle if it went to the wrong address.
legendary
Activity: 2618
Merit: 1181
When it comes to safety, perhaps the best option is not to consider trying something that might be risky. I have recommended him to reinstall his laptop, while all important data is well secured and the problem is resolved. Sometime, bad habit of browsing the web will bring about security issues and we have to protect ourselves with the right steps.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto

Uh, don't use websites to generate QR codes, and always scan them with another app to verify what you just generated.

I downloaded a bar code generator that can make all sorts of codes offline, and I think for Android anyway, there is QR-Droid or QR Droid Private.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Use QR addresses. No risk at all
Allow me to edit your quote. See for instance fake QR code generators will steal your Bitcoin.

Quote
no need to reset your operating system.
You shouldn't use a compromised system for so many reasons!
Pages:
Jump to: