Thanks for this wonderful topic @LoyceV! It will be useful for beginners. I have many friends who are victims of this.
I translated this topic into Turkish.
Dikkat: CTRL-C CTRL-V ile Coinlerinizi Nasıl Kaybedersiniz?
Topic: How to lose your Bitcoins with CTRL-C CTRL-V - page 6. (Read 4309 times)
I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button).
In addition to NeuroticFish's good suggestion above regarding Electrum, this would also be prevented by using a hardware wallet (and not just for bitcoin, but for all coins). Even if the malware changed your "send to" address just as you clicked "send", you would still have the opportunity to check the address on the hardware wallet's screen, and cancel the transaction if the address was different.Thanks for the tip, actually I am using Ledger Nano S (with a low amount of BTC), but since I like old school things I am using Bitcoin core wallet just because I trust it more than 3rd party apps, like Ledger's app, Electrum, etc.
Maybe I am just a bit paranoid with this things, sorry
I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button).
In addition to NeuroticFish's good suggestion above regarding Electrum, this would also be prevented by using a hardware wallet (and not just for bitcoin, but for all coins). Even if the malware changed your "send to" address just as you clicked "send", you would still have the opportunity to check the address on the hardware wallet's screen, and cancel the transaction if the address was different. 
Changing the OS doesn't necessarily eliminate this risk.
Such malware already has been seen in the wild for MacOS. And they can also easily exist for unix based operating systems.
I still believe checking the first and last 4-5 characters is enough.
Without doing the actual math, i am also pretty sure that this is enough to prevent such clipping board malware.
1) It is not possible for the malware to create that much addresses / store that much addresses on the victims computer without being blatantly obvious (if possible at all; i didn't do the actual math but this shouldn't be possible in a relatively short amount of time)
2) I have not seen any non plain-dumb clipping board malware yet (which doesn't mean that it doesn't exist tho).
Now since this kind of malware is out there (that can change the address copied to clipboard) I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button). This would make checking the address worthless and your coins would vanish, so let's hope not.
Although your use case is highly improbable, there's counter measure for that too.
For example if you use Electrum, instead of pressing Send, you can press Preview and check there. Then Sign and Broadcast. If you go on this path there's no place they can change anything, no matter what.
Thanks for the tips, the part with using "copy" "paste" for a part of the address and typing the rest is pretty useful, I think this can be used for passwords too for extra security.
Now since this kind of malware is out there (that can change the address copied to clipboard) I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button). This would make checking the address worthless and your coins would vanish, so let's hope not.
Now since this kind of malware is out there (that can change the address copied to clipboard) I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button). This would make checking the address worthless and your coins would vanish, so let's hope not.
I've read an article on this just last year and a lot of discussions have been created about this malware, and still going on right now because there are new investors coming in and newbies do not know the existence of this malware.
The only way to combat this is awareness and education if you are going to invite people to invest, it's part of recruiting that you educate them and inform then about the existence of these kinds of malware, and precautions to take when sending and trading.
The only way to combat this is awareness and education if you are going to invite people to invest, it's part of recruiting that you educate them and inform then about the existence of these kinds of malware, and precautions to take when sending and trading.
That's correct. And in the way I was "convinced" to do a real check on the recipient address, the wallets should do the same. It's not hard to make a window pop up and ask for double check start, middle and end. And the more advanced users can deactivate it.
I've read an article on this just last year and a lot of discussions have been created about this malware, and still going on right now because there are new investors coming in and newbies do not know the existence of this malware.
The only way to combat this is awareness and education if you are going to invite people to invest, it's part of recruiting that you educate them and inform then about the existence of these kinds of malware, and precautions to take when sending and trading.
The only way to combat this is awareness and education if you are going to invite people to invest, it's part of recruiting that you educate them and inform then about the existence of these kinds of malware, and precautions to take when sending and trading.
2. Check the entire address after copy/pasting, and not just the first few (or last few) characters. Check some in the middle too. That's a lot of work, so chances are you won't do that either.
It's not a lot of work. This is what I do for long time now.
I've got used to it long ago, when the payments for this campaign were sent to Bitsler account. They had at the withdrawal this rule somewhat enforced. It helped me get used to do it.
Now I check the first 3-4 characters, last 3-4 characters and some 3-4 characters from a random position in the middle (I "scan" to find something easy to remember).
Unfortunately I don't have a choice for getting rid of Windows, although maybe a VM with a Linux for crypto handling could not be such a bad idea.
Just I fear that since I don't know much of Linux I may make even bigger mistake...
Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed.
Hey LoyceV,
Personally I think it is very unlikely that few characters are the same. Maybe 2-3, but if you check also the last 2-3, or about 5, that's almost impossible to happen. The attacker would have to ninja-mine vanity addresses for that.
The victims of this attack mostly don't even check the address. I think that even the address type may be different in most cases (legacy/segwit/nested segwit)
I won't change this lol
Never had any problem with windows... and I use computer at lot at work, where I can change my OS =D
I think people bash windows too much, if you have safe online habits and take basic precautions, you are fine...
Certainly I need to learn more about Linux
encourage the use of BIP21 URI scheme instead of raw bitcoin addresses bitcoin:xxxxxxxxxxxxxxxxxxxxxxxxx
I've seen those, but I had a hard time making a payment. I don't like how difficult they make it to just find the address to pay to. 
Sry that i have seen the thread so late and only now !
I have written and Thread over an year ago about this here for copy and paste https://bitcointalksearch.org/topic/m.41533052
Sadly to see that it happens already to somebody .
The copy+c and copy+v about btc adresses is i guess normal for the most but you should think about and always watching what you are install .
Thank you for this thread but a good way to fight clipboard hijackers is to encourage the use of BIP21 URI scheme instead of raw bitcoin addresses bitcoin:xxxxxxxxxxxxxxxxxxxxxxxxxI have written and Thread over an year ago about this here for copy and paste https://bitcointalksearch.org/topic/m.41533052
Sadly to see that it happens already to somebody .
The copy+c and copy+v about btc adresses is i guess normal for the most but you should think about and always watching what you are install .
Sry that i have seen the thread so late and only now !
I have written and Thread over an year ago about this here for copy and paste https://bitcointalksearch.org/topic/m.41533052
Sadly to see that it happens already to somebody .
The copy+c and copy+v about btc adresses is i guess normal for the most but you should think about and always watching what you are install .
I have written and Thread over an year ago about this here for copy and paste https://bitcointalksearch.org/topic/m.41533052
Sadly to see that it happens already to somebody .
The copy+c and copy+v about btc adresses is i guess normal for the most but you should think about and always watching what you are install .
~
..aaaaand not only that! Personally, even though I'm already certain that the bitcoin address came from the legitimate person, I always ask the person to verify the pasted address! Like so:
Tradee: my address is bc1jf5jxxxxxxxxxxxx
Me: bc1jf5jxxxxxxxxxxxx
Me: ?
Tradee: bc1jf5jxxxxxxxxxxxx
I don't understand you're doing trades by phone? The vendors spell their adresses letter by letter?..aaaaand not only that! Personally, even though I'm already certain that the bitcoin address came from the legitimate person, I always ask the person to verify the pasted address! Like so:
Tradee: my address is bc1jf5jxxxxxxxxxxxx
Me: bc1jf5jxxxxxxxxxxxx
Me: ?
Tradee: bc1jf5jxxxxxxxxxxxx
Chat logs, he asks the person to confirm the address so he can make it a bit safer.
If the other party just copy-paste the adress he will probably not notice the change.
Now, if you ask him again, he will have more chances to see that what he copied isn't what he pasted.
Plus, due to the dialogue he can protect himself better in case of a dispute. Not bulletproof of course as the other user could simply not pay attention both times but it's better than nothing.
And no, I don't know a single person that dictates addresses by phone
Just comes to show how careless people are in general. It only takes like what? less than 5 seconds to double check the address you're sending the funds to?
There's more to it than that: when I receive a PM with a payment address, I first have to make absolutely sure it came from the real account. With email, most people don't use encryption. That makes it even more difficult to be absolutely sure the sender is who he says he is...aaaaand not only that! Personally, even though I'm already certain that the bitcoin address came from the legitimate person, I always ask the person to verify the pasted address! Like so:
Tradee: my address is bc1jf5jxxxxxxxxxxxx
Me: bc1jf5jxxxxxxxxxxxx
Me: ?
Tradee: bc1jf5jxxxxxxxxxxxx
And I even do that even with transactions as low as $20. You can never be so sure.
If I'm right. Why not using emails instead? If your sender use URIs you just need to click on the link, you don't even need to do a copy/paste manipulation, like bitcoin:bc1jf5jxxxxxxxxxxxxxxxxxx
Just comes to show how careless people are in general. It only takes like what? less than 5 seconds to double check the address you're sending the funds to?
There's more to it than that: when I receive a PM with a payment address, I first have to make absolutely sure it came from the real account. With email, most people don't use encryption. That makes it even more difficult to be absolutely sure the sender is who he says he is...aaaaand not only that! Personally, even though I'm already certain that the bitcoin address came from the legitimate person, I always ask the person to verify the pasted address! Like so:
Tradee: my address is bc1jf5jxxxxxxxxxxxx
Me: bc1jf5jxxxxxxxxxxxx
Me: ?
Tradee: bc1jf5jxxxxxxxxxxxx
And I even do that even with transactions as low as $20. You can never be so sure.
Just comes to show how careless people are in general. It only takes like what? less than 5 seconds to double check the address you're sending the funds to?
There's more to it than that: when I receive a PM with a payment address, I first have to make absolutely sure it came from the real account. With email, most people don't use encryption. That makes it even more difficult to be absolutely sure the sender is who he says he is.It is a pity that something cannot be done to shorten the address like with URL shorteners
There used to be a site for this, but it was discontinued (and I forgot the name). But the most unique thing about Bitcoin is being able to make payments without having to rely on third parties, and I wouldn't want to trust them for giving me the correct address.Google's first result on a search shows a site which Google says may be hacked:
So you configure that on your own and link it to your address and when you type it, it converts the wallet description to your Bitcoin address.
I see many problems with this, but not a single way to do it absolutely safe.And even if you would make a safe implementation, you'll lose error correction. Currently, there's a 1 in 4 billion chance of making a typo in a Bitcoin address, that still leads to a valid address. If you shorten the error correction, mistakes become much more likely.
Quote
Obviously people will still have to double check the end result. 
That defeats the purpose
I think the length of these addresses and also the case sensitive requirement for Bitcoin addresses are forcing people to use "Copy & Paste" to use their wallets. It is a pity that something cannot be done to shorten the address like with URL shorteners to just post a shorter description for your wallet when you have to use it.
So you configure that on your own and link it to your address and when you type it, it converts the wallet description to your Bitcoin address.
So no need for developers to add this to the Bitcoin code Obviously people will still have to double check the end result.
So you configure that on your own and link it to your address and when you type it, it converts the wallet description to your Bitcoin address.
So no need for developers to add this to the Bitcoin code
Just comes to show how careless people are in general. It only takes like what? less than 5 seconds to double check the address you're sending the funds to? But yet people don't do it. It's so mind boggling how lazy and careless people are knowing that you can never do chargebacks with bitcoin.
Isn't it enough to check just the fist 4-5 and last 4-5 characters? This is what I do every time, if the first and last match I don't think I'm in danger. If they manage to generate address similar to the address you are paying to with the first few characters, checking the last ones should make it super save, am I wrong?
It should suffice. This is what I do too. It's enough unless for some ultimately very unlucky reason the address you're sending the funds to and the hacker's receiving address has the same first and last 5 characters. 
2. Check the entire address after copy/pasting, and not just the first few (or last few) characters. Check some in the middle too. That's a lot of work, so chances are you won't do that either.
This is for me the best thing to do to prevent getting scammed by these hardcore stupid scammers/hackers.Yes it is a lot of work to do. You will see if what you have pasted is the same with the one where you get your address but if you are sending a huge funds, you will double or triple check it so that you will be comfortable in sending it.
Lucky for me that I didn't encounter such things like this at this moment and I hope I will not encounter it
. Jump to: