Pages:
Author

Topic: How to lose your Bitcoins with CTRL-C CTRL-V - page 7. (Read 4415 times)

legendary
Activity: 2576
Merit: 1043
Need A Campaign Manager? | Contact Little_Mouse
2. Check the entire address after copy/pasting, and not just the first few (or last few) characters. Check some in the middle too. That's a lot of work, so chances are you won't do that either.
This is for me the best thing to do to prevent getting scammed by these hardcore stupid scammers/hackers.

Yes it is a lot of work to do. You will see if what you have pasted is the same with the one where you get your address but if you are sending a huge funds, you will double or triple check it so that you will be comfortable in sending it.

Lucky for me that I didn't encounter such things like this at this moment and I hope I will not encounter it Cheesy.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
My PC got infected once with this malware.
It changes Eth addresses from the one you copy to the hacker's address.
I was lucky and didn't lose anything because I discovered it when I was checking tokens values on etherdelta.
I was copying the token's contract address and pasting it in the navigation bar which redirects me to the exchange's home page everytime.

َAll I did to resolve the problem is copying a part of the address (all of it except the last char).
I confirm that this solution works for Ethereum addresses since they all have the same length which is not the case for Bitcoin addresses.
sr. member
Activity: 728
Merit: 368
Sancho
I sincerely don't understand what "monitoring" means here...
Good question, now I'm not so sure. I would have expected the malware to detect Bitcoin addresses based on the format, instead of based on a very long list of known addresses. It's quite easy to know if a certain string is a Bitcoin address.

Linux is the king of servers, and the market share is near zero on desktops.
From loyce.club last month:
Windows 63.2%
Linux 17.2%
Macintosh 1.6%
iOS 4.4%
Unknown 13.3%

Meanwhile, 4.1% of all pages was loaded from Windows XP (I'm not sure if Tor-browsers still identify themselves as Windows XP), 23.8% Windows 7 and 33.8% Windows 10.
And 3.9% of the users use Android, which is counted as Linux.
People interested in crypto are usually more advanced in IT and are difficult to consider as ordinary users. I also want to note that if you consider Android as Linux, it would be logical and iOS + MacOS should also be considered as Linux, because they also have common roots. I'm talking about Linux desktop, such as Ubuntu. Market success of Android is difficult to question. Smiley
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I sincerely don't understand what "monitoring" means here...
Good question, now I'm not so sure. I would have expected the malware to detect Bitcoin addresses based on the format, instead of based on a very long list of known addresses. It's quite easy to know if a certain string is a Bitcoin address.

Linux is the king of servers, and the market share is near zero on desktops.
From loyce.club last month:
Windows 63.2%
Linux 17.2%
Macintosh 1.6%
iOS 4.4%
Unknown 13.3%

Meanwhile, 4.1% of all pages was loaded from Windows XP (I'm not sure if Tor-browsers still identify themselves as Windows XP), 23.8% Windows 7 and 33.8% Windows 10.
And 3.9% of the users use Android, which is counted as Linux.
sr. member
Activity: 728
Merit: 368
Sancho
Ideal operating systems do not exist, and the romantic halo around Linux often disappears when you try to make him friends with your computer hardware. If you are not a bearded admin in a sweater, but an ordinary user, migrating to Linux may not be an easy task.

I've found that things have gotten a lot better on this end in recent years. Even then, most people only really have basic stuff anyway, and people with the more technical hardware tend to be more technical themselves.
The situation is really changing for the better and the Linux desktop is becoming more and more friendly to the average user, but it's too early to talk about any significant successes. Linux is the king of servers, and the market share is near zero on desktops. This is the reality of today. Smiley

It would be easier for Linux to succeed on desktops, but in fairness, I note that Windows 10 is not so bad, it has a built-in security center and rumors about the impossibility of disconnecting Cortana are greatly exaggerated.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
There's also malware that monitors 2.3 million Bitcoin addresses: thanks to the public blockchain it's easy to create a list of all addresses that are worth stealing, and include a couple million similar addresses in the malware.

I sincerely don't understand what "monitoring" means here...
Are they monitoring used addresses so if a user tries to send a transaction to a known adress they have one resembling it to replace it?
That would be more effective for a reused address but a total fails with newly generated addresses.

Also, one of the exchanges I use gives me the same deposit address each time, but every time I deposit something the adress is emptied in the next block in a batch transaction collecting funds, so ...that would probably make the adress free from monitoring?  Grin Grin  I really wonder how they are choosing them..


How to prevent this
Don't use Windows
Drop Windows and 80% of the issues are gone

But a monkey behind a Volvo and it will become the deadliest car in history.


hero member
Activity: 1834
Merit: 759
This is the only choice that matters. You are a pessimist by rejecting the only logical choice beforehand.
Don't bother with dual boot, people lack the discipline to NOT boot Windows (or OSX).

Aren't you being a little pessimistic yourself as well? I understand that getting people to stop using Windows is an uphill battle, but I'd think more people would be open to a dual boot set up than having two different devices for different purposes. (Edit: Maybe we should be promoting the use of Raspberry Pis instead lol)

Either way, while I completely agree that people shouldn't be using Windows for crypto (or anything else you could do with Linux really), I wouldn't go as far as saying it's insecure. It's certainly much less secure, but I don't expect a person who knows what they're doing to have any issues with it. Awareness is so much more important for security because no OS will protect you from everything. The info that LoyceV provided would probably help more users than simply saying "Don't use Windows!", for one.

Of course Smiley But 1.5 billion people use Windows for anything. If we could wipe out that insecure OS that would be great, but I'm trying to be realistic here: it's not going to happen.

The funny thing is, if everyone started using Linux instead and it got all the attention from bad actors that Windows does, users would probably just as vulnerable even with Linux's fundamentally stronger security. People do a lot of stupid shit for free stuff and/or whatever else they want, and no OS can really address that lol.

Ideal operating systems do not exist, and the romantic halo around Linux often disappears when you try to make him friends with your computer hardware. If you are not a bearded admin in a sweater, but an ordinary user, migrating to Linux may not be an easy task.

I've found that things have gotten a lot better on this end in recent years. Even then, most people only really have basic stuff anyway, and people with the more technical hardware tend to be more technical themselves.
sr. member
Activity: 728
Merit: 368
Sancho
How to prevent this
1. Don't use Windows, but we both know you're not going to change that.

This is the only choice that matters. You are a pessimist by rejecting the only logical choice beforehand.

Most people don't need Windows, all they need is a browser, and the likes of Chrome run in Linux perfectly fine. That attitude of yours, i have seen it in decades, and it only ends in grief.

Drop Windows and 80% of the issues are gone. If you need a "games" computer, have both separate. Money and serious things in one, the rest in the other.

Don't bother with dual boot, people lack the discipline to NOT boot Windows (or OSX).

None of your "tips" are really effective under a malware ridden windows computer, because you don't know beforehand the exact nature of the malware. Its not just malware that recognizes bitcoin addresses and change it, there are several more vectors for stealing, such as taking your privkeys/seed words, or hijacking your dns, but to name them all would make a book.

Money handling should not be done with insecure OSes, period.
I think you are too categorical. Ideal operating systems do not exist, and the romantic halo around Linux often disappears when you try to make him friends with your computer hardware. If you are not a bearded admin in a sweater, but an ordinary user, migrating to Linux may not be an easy task. I use a hardware wallet and check the address before sending, and until everything is fine.  Smiley
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Money handling should not be done with insecure OSes, period.
Of course Smiley But 1.5 billion people use Windows for anything. If we could wipe out that insecure OS that would be great, but I'm trying to be realistic here: it's not going to happen.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
How to prevent this
1. Don't use Windows, but we both know you're not going to change that.

This is the only choice that matters. You are a pessimist by rejecting the only logical choice beforehand.

Most people don't need Windows, all they need is a browser, and the likes of Chrome run in Linux perfectly fine. That attitude of yours, i have seen it in decades, and it only ends in grief.

Drop Windows and 80% of the issues are gone. If you need a "games" computer, have both separate. Money and serious things in one, the rest in the other.

Don't bother with dual boot, people lack the discipline to NOT boot Windows (or OSX).

None of your "tips" are really effective under a malware ridden windows computer, because you don't know beforehand the exact nature of the malware. Its not just malware that recognizes bitcoin addresses and change it, there are several more vectors for stealing, such as taking your privkeys/seed words, or hijacking your dns, but to name them all would make a book.

Money handling should not be done with insecure OSes, period.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
Was wondering the same, how many checked characters would make the process safe?
I read that vanity gen is able to do 50mils keys per second, let's keep this number, multiply by 10 seconds and at this point, I still believe checking the first and last 4-5 characters is enough.
And without having a clue I doubt the malware would store billions of addresses in text files and filling up the HDD with those.



Given the sheer amount of addresses in the whole key space of bitcoin and other cryptocurrencies, this is already a good practice knowing that two addresses having almost the same characters as another one would be pretty slim. Though of course for the ultra-paranoid in us, 4-5 characters isn't really enough and therefore having two addresses side-by-side is still a (somewhat) bulletproof practice as suggested by o_e_l_e_o.

-snip-

The horrors of Windows in general. Every single data we have on our PCs we don't own completely, but we actually share it with Microsoft the moment we started using their operating system. The mere fact that most of the computers in the whole world runs with Windows is already an alarming thought, but what is there to do when Microsoft knows how to make things work with laymen? Of course, you wouldn't expect non-techie people to use CLI-based OS such as Linux just to be secured, and while being secure, Mac isn't really an option too knowing how costly it is to have one. Hackintosh is possible, but with limitations and bugs too.
sr. member
Activity: 532
Merit: 302
There's also malware that monitors 2.3 million Bitcoin addresses: thanks to the public blockchain it's easy to create a list of all addresses that are worth stealing, and include a couple million similar addresses in the malware.

Another argument for not reusing Bitcoin addresses but that's unfortunately not feasible when you have for example exchanges that issue one deposit address and don't even allow to change it manually (an argument to not use centralized exchanges I guess).
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Was wondering the same, how many checked characters would make the process safe?
I read that vanity gen is able to do 50mils keys per second, let's keep this number, multiply by 10 seconds and at this point, I still believe checking the first and last 4-5 characters is enough.
I can imagine malware that connects to an external server, which stores a large database of pre-created addresses.

Isn't it enough to check just the fist 4-5 and last 4-5 characters?
It's probably enough, but I prefer a higher degree of certainty than just "probably".
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
Isn't it enough to check just the fist 4-5 and last 4-5 characters? This is what I do every time, if the first and last match I don't think I'm in danger.  If they manage to generate address similar to the address you are paying to with the first few characters, checking the last ones should make it super save, am I wrong?
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Was wondering the same, how many checked characters would make the process safe?
I read that vanity gen is able to do 50mils keys per second, let's keep this number, multiply by 10 seconds and at this point, I still believe checking the first and last 4-5 characters is enough.
And without having a clue I doubt the malware would store billions of addresses in text files and filling up the HDD with those.

legendary
Activity: 3416
Merit: 1225
I become aware of that two years ago it was big news back then, that was one of the reasons I add another anti-malware on my computer I also develop a habit where I will wait 30 seconds before sending the funds I will look on the first three character and the last three character to make sure I'm sending to the right address, if you're aware on something like this you will develop a precautionary measure so that it will not happen to you.
sr. member
Activity: 532
Merit: 302

I think it should be Ctrl-C, then Ctrl-F, then Ctrl-V.

Nothing wrong with that tutorial, Why CTRL+V, then CTRL+F, then CTRL-V, After you have copied wallet address, you need to paste clipboard. It means we need the first CTRL+V, After we are pasted wallet address, we need to check wallet address from clipboard results, then we need CTRL+F.  The last CTRL+V is for a paste wallet address on the search form.

So, for complete process is CTRL+C > CTRL+V > CTRL+F > CTRL+V, like LoyceV says.

No, the post says to select a part of the pasted address, I assume to avoid triggering the clipboard malware. It wouldn't make sense to do Ctrl-V immediately after selecting a piece of text. Anyway, it's been fixed so not an issue anymore.

Your method works too but only if malware doesn't do reverse substitution.

legendary
Activity: 1932
Merit: 1042
https://locktrip.com/?refId=40964
If I can suggest a simple work around to avoid this kind of theft, I can suggest a easy virtual machine installation
I use it for my home banking and Crypto transfers.
An USB, 128gb or more to get acceptable performance
All the address saved in the task bar to avoid fake site found by googling
Linux lubuntu, a lighted and fast version of Linux.
When I need to use home baking or Crypto wallet I use this USB. I called it bank box.
Not sure at 100, but for sure more Than home pc.
If I'm forced to use it from my home pc, I usually check the first and last 3 or for address chars.

I also used a virtual machine for some time and it was with lubuntu too.
But still, this method, although safer, also has drawbacks if a trojan settles on the main computer.
Therefore, over time, I moved to an old dedicated laptop.

I hope did you turn off access to the host clipboard in the guest isolation settings?

I also think that 3+3 characters is not enough. It is possible to do hijacker that will pick up a larger number of characters.

OK for the keyboard host settings.
But I think vm remain one of the most secure and safe behavior against theft.
But this is true, if you just use this virtual machine for that task.
Never navigate on internet fron bank box, neve read email from there.
Do just bank/Crypto transfert from saved Link.
hero member
Activity: 750
Merit: 511
If I can suggest a simple work around to avoid this kind of theft, I can suggest a easy virtual machine installation
I use it for my home banking and Crypto transfers.
An USB, 128gb or more to get acceptable performance
All the address saved in the task bar to avoid fake site found by googling
Linux lubuntu, a lighted and fast version of Linux.
When I need to use home baking or Crypto wallet I use this USB. I called it bank box.
Not sure at 100, but for sure more Than home pc.
If I'm forced to use it from my home pc, I usually check the first and last 3 or for address chars.

I also used a virtual machine for some time and it was with lubuntu too.
But still, this method, although safer, also has drawbacks if a trojan settles on the main computer.
Therefore, over time, I moved to an old dedicated laptop.

I hope did you turn off access to the host clipboard in the guest isolation settings?

I also think that 3+3 characters is not enough. It is possible to do hijacker that will pick up a larger number of characters.
legendary
Activity: 2324
Merit: 1604
hmph..

I think it should be Ctrl-C, then Ctrl-F, then Ctrl-V.

Nothing wrong with that tutorial, Why CTRL+V, then CTRL+F, then CTRL-V, After you have copied wallet address, you need to paste clipboard. It means we need the first CTRL+V, After we are pasted wallet address, we need to check wallet address from clipboard results, then we need CTRL+F.  The last CTRL+V is for a paste wallet address on the search form.

So, for complete process is CTRL+C > CTRL+V > CTRL+F > CTRL+V, like LoyceV says.
Pages:
Jump to: