Pages:
Author

Topic: How to lose your Bitcoins with CTRL-C CTRL-V - page 4. (Read 4427 times)

sr. member
Activity: 1232
Merit: 379
I have never thought of this and I don't think I will do such until I come across your post op, this brings about latest hack information and how to avoid it.  People might have fallen victim of this scam setting, any scam road place there must be safe ways too. Thank you LoyceV for the information. Already seen you bumped and that's straight up.
full member
Activity: 1036
Merit: 144
Penguin Party 🐟
I always double check, triple check and evwn QUAD check. Lol But I never thought about a scammer changing through copy paste! Thanks for the heads up! I will triple, double, quintriple check from here forward!

+1 merit IF I had SENDABLE Merits! Lol
legendary
Activity: 2464
Merit: 2094
~~~
Thank you for answering my question. The wallet application that I use has a QR code scanning feature when we want to send bitcoin to an exchange address or to another wallet and so far the address generated by this scanner has not changed even though I have to check it several times before clicking to send.
I didnt use another scanner application to get the bitcoin address because maybe it would be far more dangerous than the original wallet feature.

I hope this will be a good and safe solution for me and others. Thank you LoyceV.
~~~
2. Check the entire address after copy/pasting, and not just the first few (or last few) characters. Check some in the middle too. That's a lot of work, so chances are you won't do that either.
~~~
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
----
So the vulmerability can come from:

a)Malware changing the QR code
b)Malware on the code reader (app and/or terminal)
c)all of the above

Copy pasting and the hand-checking the address seems "safer" if that's true....
It is also possible the malware will change what is displayed on your computer. So your computer would display 3_correct_address, however in reality, the malware is actually sending coin to 3_maleware_creator_address. Or malware could not touch anything you input, and simply grab your private keys once you decrypt your wallet, and send all your coin to 3_maleware_creator_address.
copper member
Activity: 1652
Merit: 1325
I'm sometimes known as "miniadmin"
----
So the vulmerability can come from:

a)Malware changing the QR code
b)Malware on the code reader (app and/or terminal)
c)all of the above

Copy pasting and the hand-checking the address seems "safer" if that's true....
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
So there is a chance of a malware changing the QR
Malicious QR code readers steal a lot of money.

Bitpay shows a different code instead of a Bitcoin address. I only use it for small amounts, but because it doesn't even show the actual address, I wouldn't know how to check if I pay the correct addy. From what I understand, this is meant to make it more secure and less prone to error for inexperienced users (but I can't check that).
copper member
Activity: 1652
Merit: 1325
I'm sometimes known as "miniadmin"
---
Quoting from a recent thread....

Do such viruses affect QR scanning?

Probably not.
But malware can still change QR codes to either change the address or the amount.

So there is a chance of a malware changing the QR you are scanning into the hacker's one (the quoted thread is about paperclip malware, in case someone wants some context)
legendary
Activity: 2464
Merit: 2094
Honestly, I am very often with Ctrl-C and Ctrl-V when sending bitcoin to exchange or vice versa from exchange to my wallet. I usually make a few small attempts before sending like the points you say (check carefully).
The question is, if we scan a barcode it directly from the exchange can also be changed by malware ?
newbie
Activity: 66
Merit: 0
Usually I will look closely once the wallet address needs to be sent and compare it at least 5-6 last characters before sending Smiley). Looking forward to changing someone's habits Smiley
legendary
Activity: 2576
Merit: 1655
bump.



https://twitter.com/ElectrumWallet/status/1250774410115665922

Probably there's a new variant in the wild, so just a friendly reminder to everyone.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
February 29, 2020, 08:56:59 AM
#82
avoid visiting malicious sites that has been blocked by google.
Don't rely on Google though, they also allow phishing sites to advertise on their search engine.
newbie
Activity: 6
Merit: 1
February 29, 2020, 08:43:54 AM
#81
To avoid this kind of happenings, avoid visiting malicious sites that has been blocked by google. There are some advertisements that once you clicked them, they will automatically download something in your device. Once installed, they might take over on that device. You better be careful on the things that you click on the internet.
newbie
Activity: 14
Merit: 16
February 25, 2020, 01:15:20 PM
#80
What could solve this types of hacks is by digitally signing the payment request. I recently found that there already is a BIP for this: https://bitcoinj.github.io/payment-protocol. The "magic feature" is at point number 7. This has to be implemented on both ends. So for example if you want to send money to an exchange, the exchange would create a request and sign it. Your wallet would verify the digital signature and allow you to confirm that this is what you want. And this could also work the other way around: if you want do withdraw funds from an exchange, your wallet would create a signed request and send it to the exchange. Then the exchange would verify the signature and only if it is valid it would release the funds. For this to work you would need to create a certificate and upload it to the exchange and also download their certificate and import it into the wallet. A more advanced solution would be to use certification authorities (CA) just like with https certificates but this would be a centralized solution, so I am not sure about that. I think this would be a very powerful feature but I am not aware of any wallet using this. Also this would be a very good proof of payment.
sr. member
Activity: 1050
Merit: 277
I thought I would leave my personal story and some advice that will save someone from what happened to me.

Never ever cut and paste. I did this with a wallet.dat file once since I wanted to move it before copying. I can't remember exactly what happened but I ended up pasting it over itself and when I tried it, it never worked. I tried to delete it and get it from the recycle bin but it still didn't work. I lost 0.09btc worth of alt coins doing that. So for the love of God copy paste for everything you ever do on pc. Cut and past is silly and anything can happen. Like what if the power goes off? Now you have corrupt files like I had.

The next thing that is also related to copy pasting an address is h very careful what you download. I once downloaded an app and it used a QR scanner. The QR scanner changed the address to the thiefs address. So no matter what you scan their address pops up. I used the app from the Google store. I never got my bitcoins I looked and it was sent to the thiefs address. Thankfully I only sent $3 but what if it was more? I often wonder how much money these scammers get. It disgusts me that they do not work for money they sit back and wait and have transactions come in from unexpected victims.

No matter what you do in life check it teic thrice. Hell check it 10 times. Remember all the hours of work to t took you to earn that bitcoin. Taking even 10 whole minutes to make a transaction is better then taking a lose. 10 minutes is nothing compared to the amount of hours you put in.

I also want to thank the op. I thread similar to this helped me be mor vigilant towards copy pasting addresses. Topics like this save people money.
legendary
Activity: 2268
Merit: 1655
To the Moon
Some time ago I once gave tips (in my local language) to reduce the use of the CTRL C & CTRL-V shortcut, especially in copying sensitive data and when connected to the internet.
This gif picture might represent it as my explanation. This method doesn't save anything to the clipboard at all.
(I've not tried it on Linux)
AFAIK, the clipboard hijacker will read the length of the chars/strings stored in the clipboard with several other parameters to find out the type of copied wallet address. You can split it into as many parts as you want and paste it randomly. That way, the virus won't read that it's the wallet's address. ...
I was not familiar with this method of dragging an address. But after trying it, I realized that it is more convenient than doing a comparison of your address. I consider the second method less convenient. But in any case, you still need to check the entire address before sending.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
You don't even need to check the entire address. No malware in existence will match the first 5 AND the last 5 characters of an address. If any malware has it's own key generation algo or use a predefined list, it most likely will be the first few characters only.

Understanding how VanityGen or VanitySearch (or any other Vanity address generator) works, you'll know why.

When you're dealing with a significant amount, you will tend to look at the entire address anyway.
legendary
Activity: 2268
Merit: 18771
Always check first and last letter/number + if there space in between. Easy, thank me
If you read the previous replies in this thread, you'll understand that that's not enough to guarantee the safety of your coins. Advanced clipboard malware will have many addresses it can use to override your copied address, and will pick one as similar as possible, potentially with the same first and last character or even few characters. Only checking the start and end still leaves you open to attack.

The only way to be totally safe is to check the entire address. It takes less than 10 seconds to do so. Why take the risk?
jr. member
Activity: 147
Merit: 1
Always check first and last letter/number + if there space in between. Easy, thank me
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
The drag and drop method might be more practical.

The splitting stuff in the clipboard, ... you're doing that if you're suspecting you have malware. If you suspect you have malware, do that to confirm that you do have some sort of malware (or use a fake address to see if it changes when you paste it), but then stop using that computer until you have cleaned the malware (or otherwise nuked and reformatted and reinstalled a clean OS.)
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
Some time ago I once gave tips (in my local language) to reduce the use of the CTRL C & CTRL-V shortcut, especially in copying sensitive data and when connected to the internet.


⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
Select> drag> drop.
This gif picture might represent it as my explanation. This method doesn't save anything to the clipboard at all.
(I've not tried it on Linux).

Edit: Image doesn't appear, click here instead.
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
Splitting to several parts.
AFAIK, the clipboard hijacker will read the length of the chars/strings stored in the clipboard with several other parameters to find out the type of copied wallet address. You can split it into as many parts as you want and paste it randomly. That way, the virus won't read that it's the wallet's address.

Although these methods takes a little time, at least now I don't really think about it and it has become my habit unconsciously. I just thought, it's better to waste a little time than to be fast but in the end I've to return from the beginning if I lost my assets.
Pages:
Jump to: