Missing coins!!! | Bitcointalksearch.org

erep

hero member

Activity: 2282

Merit: 589

Quote from: capedbaldy on March 08, 2022, 06:01:28 AM

The confirmation screen does not show 1 full address line but only the beginning and end of the wallet address. If you are careful, it is helpful to match and verify with the recipient or deposit address.

I made a simple attempt to avoid the clipboard address malware issue:
- make sure you never install any app other than the official website, it is most likely infected with malware and other viruses.
- use "click" automatic copy of address to paste notepad or Google Chrome browser search bar (if using metamask) before pasting in the submit field.
- if possible, copy the address again in the confirmation text and CTRL+V in notepad to verify again with the previous address.

I always apply the steps above when making deposits and withdrawals by checking addresses carefully, so I never face any errors.

Simple concept to avoid clipboard malware but very useful when sending large balance transactions, many cases have happened where someone didn't notice the change of address when pasting the address in the send field but different from the copied address, without following the steps to verify the address described above, then they made the mistake of sending the balance to the address of the clipboard malware.

capedbaldy

sr. member

Activity: 832

Merit: 286

Next Generation Web3 Casino

Quote from: larry_vw_1955 on March 04, 2022, 02:28:19 AM

well as has been illustrated, you cant always check the full address on the confirmation screen for some software wallets. yes the example came from an eth wallet but the point remains. if you're going to use that particular wallet, you have to accept that risk.

The confirmation screen does not show 1 full address line but only the beginning and end of the wallet address. If you are careful, it is helpful to match and verify with the recipient or deposit address.

I made a simple attempt to avoid the clipboard address malware issue:
- make sure you never install any app other than the official website, it is most likely infected with malware and other viruses.
- use "click" automatic copy of address to paste notepad or Google Chrome browser search bar (if using metamask) before pasting in the submit field.
- if possible, copy the address again in the confirmation text and CTRL+V in notepad to verify again with the previous address.

I always apply the steps above when making deposits and withdrawals by checking addresses carefully, so I never face any errors.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: o_e_l_e_o on March 03, 2022, 05:56:17 AM

Again, this takes <10 seconds to do. I don't understand why people make such a song and dance about it. In the time it takes you to write a single post saying that you think checking the whole address in unnecessary, you could have checked the whole address for your next 10 transactions.

well as has been illustrated, you cant always check the full address on the confirmation screen for some software wallets. yes the example came from an eth wallet but the point remains. if you're going to use that particular wallet, you have to accept that risk.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18588

Quote from: larry_vw_1955 on March 03, 2022, 12:56:38 AM

but it is tangentially related to the tangent discussion of how many letters in an address are needed to guaranteee no clipboard malware. apparently the answer is 4 letters in front and 4 at the end.

That's not correct. Checking 8 characters makes it unlikely you will fall victim to clipboard malware for now, although the required number of characters to be relatively safe will continue to increase as malware becomes more sophisticated, vanity generators more efficient, and hardware more powerful. If you want to guarantee you have not fallen victim to clipboard malware, then the only right answer is the check the full address.

Again, this takes <10 seconds to do. I don't understand why people make such a song and dance about it. In the time it takes you to write a single post saying that you think checking the whole address in unnecessary, you could have checked the whole address for your next 10 transactions.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: odolvlobo on March 02, 2022, 04:21:51 AM

Quote from: nc50lc on March 01, 2022, 11:59:04 PM

Anyways, I think it's time to create another thread to continue the discussion about MetaMask.

Yes, please. This has absolutely nothing to do with Bitcoin.

Metamask has nothing to do with bitcoin yes. but it is tangentially related to the tangent discussion of how many letters in an address are needed to guaranteee no clipboard malware. apparently the answer is 4 letters in front and 4 at the end. for ethereum anyway. which is why i had said that when i send btc, that's what i check and nothing more.

odolvlobo

legendary

Activity: 4354

Merit: 3260

Quote from: nc50lc on March 01, 2022, 11:59:04 PM

Anyways, I think it's time to create another thread to continue the discussion about MetaMask.

Yes, please. This has absolutely nothing to do with Bitcoin.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: larry_vw_1955 on February 28, 2022, 10:41:33 PM

-snip- all i could see is the XXX....XXX type feedback on the final confirmation for the receiving address.Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.

Quote from: hosseinimr93 on March 01, 2022, 01:34:50 PM

I just checked MetaMask to see how it works.
Once you paste an address, it changes to 0xXXXX...XXXX. As shown in the following image, it only shows the first 4 characters and the last 4 characters.

Mine shows the full address after I pasted it; and just like larry, just the first and last 4 characters in the confirmation window.
Metamask version 10.10.1 | Monitor's resolution: 1920x1080 px
Images (test network):

Send Window

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: o_e_l_e_o on February 27, 2022, 04:52:11 AM

Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.

I just checked MetaMask to see how it works.
Once you paste an address, it changes to 0xXXXX...XXXX. As shown in the following image, it only shows the first 4 characters and the last 4 characters.

The receiving address is shown in the same way, even on "Confirm" window.

Quote from: larry_vw_1955 on February 28, 2022, 10:41:33 PM

they dont care about security they just want everything to fit in that narrow window at the top right of the web browser i guess.

As you see in the above image, that's the same even in their Android application.
They can show more characters and the address still fits in the recipient address field. But they don't do that.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: o_e_l_e_o on February 27, 2022, 04:52:11 AM

Quote from: larry_vw_1955 on February 27, 2022, 12:07:34 AM

not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address.

Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.

tell me about it. many times i sent eth using metamask and all i could see is the XXX....XXX type feedback on the final confirmation for the receiving address. they dont care about security they just want everything to fit in that narrow window at the top right of the web browser i guess. anyway i never got hacked but i didn't like how it wouldn't show the entire address. i typically would try and check at least the first 3 and last 4 or 5 chars if not more if i could.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18588

Quote from: larry_vw_1955 on February 27, 2022, 12:07:34 AM

they're going to need way more than "millions of addresses" to be able to match an arbitrary 4 characters in front and 4 at the end. think orders of magnitude larger. and it's really not feasible to generate something like that "on the fly" so there you go...

Maybe not yet, but it will be eventually. Good hardware can already run vanity address generators at a rate of 5 billion keys per second or more. This is only going to get faster and faster as time goes on. Why take the risk to save yourself a few seconds?

Quote from: larry_vw_1955 on February 27, 2022, 12:07:34 AM

not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address.

Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: o_e_l_e_o on February 26, 2022, 05:08:49 AM

Quote from: larry_vw_1955 on February 25, 2022, 10:24:27 PM

obviously i was referring to legacy addresses. ymmv with segwit.

It's bad advice for any address, legacy, segwit, or otherwise. We have seen plenty of clipboard malware which will replace addresses with ones with matching characters at the start and at the end. It is trivial to create a database of millions of addresses for the clipboard malware to draw on and pick one which is as similar as possible to the address it is replacing to try to avoid detection of people who are careless and only check 3 or 4 characters.

they're going to need way more than "millions of addresses" to be able to match an arbitrary 4 characters in front and 4 at the end. think orders of magnitude larger. and it's really not feasible to generate something like that "on the fly" so there you go...
if someone is only checking the leading 4 characters, well thats obviously a totally different story.

Quote

The only safe method is to check the entire address, regarding of the address type. It takes less than 10 seconds to do. I have never understand why people would be so careless and risk losing their coins for the sake of literally a few seconds.

not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address. i would imagine there are bitcoin wallets out there that do a similar thing. not that i agree with it of course. i dont.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18588

Quote from: larry_vw_1955 on February 25, 2022, 10:24:27 PM

obviously i was referring to legacy addresses. ymmv with segwit.

It's bad advice for any address, legacy, segwit, or otherwise. We have seen plenty of clipboard malware which will replace addresses with ones with matching characters at the start and at the end. It is trivial to create a database of millions of addresses for the clipboard malware to draw on and pick one which is as similar as possible to the address it is replacing to try to avoid detection of people who are careless and only check 3 or 4 characters.

The only safe method is to check the entire address, regarding of the address type. It takes less than 10 seconds to do. I have never understand why people would be so careless and risk losing their coins for the sake of literally a few seconds.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: LoyceV on February 22, 2022, 05:21:57 AM

Quote from: larry_vw_1955 on February 22, 2022, 01:34:25 AM

thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. Grin

i dont think malware can do that.

That's bad advice Sad

Every native Segwit address has the same 4 characters ("bc1q") already, and the last 4 can quite easily be brute-forced. To be sure, just take 20 seconds and compare the full address.
See How to lose your Bitcoins with CTRL-C CTRL-V.

obviously i was referring to legacy addresses. ymmv with segwit.

odolvlobo

legendary

Activity: 4354

Merit: 3260

Quote from: nullama on February 21, 2022, 12:08:26 AM

The bitcoin was correctly transferred to that address, as you can see here:
https://mempool.space/address/bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5
If it doesn't show up in your Electrum wallet, then maybe you copied a wrong address, or your Electrum software might be compromised. Did you check the signatures when installing Electrum?

As @nullama reported, the bitcoins were sent to bc1q5dwn...j7z5. Now, the question is whether or not that is the address in Electrum. It is not clear from your posts. Does Electrum have bc1q5dwn...j7z5 or does it have bc1q5dqp...0fu7?

If bc1q5dwn...j7z5 is the correct address, then the problem might simply be that Electrum is having connection problems that are preventing it from updating.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Infernal_Def on February 21, 2022, 01:36:35 AM

And how i can find him?

You got your computer infected. You basically got stolen. The chances to track/find the thief are not too good, even if you know the address.
You probably need help from the police, since the thief will not be just nice and return the money if caught.
Imho the chances to retrieve your money are slim to none. Sorry.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: larry_vw_1955 on February 22, 2022, 01:34:25 AM

thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. Grin

i dont think malware can do that.

That's bad advice Sad

Every native Segwit address has the same 4 characters ("bc1q") already, and the last 4 can quite easily be brute-forced. To be sure, just take 20 seconds and compare the full address.
See How to lose your Bitcoins with CTRL-C CTRL-V.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: nc50lc on February 20, 2022, 11:36:45 PM

Because there are malwares that can edit the address from your clipboard and replace it with the hacker's address.
Some are even mimicking the address by generating the same first and/or last few characters.

thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. Grin

i dont think malware can do that.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Infernal_Def on February 21, 2022, 01:08:47 AM

OMG its diferent adress then its coppy
...but its sorter why?

Scammers are using clipboard malware to create similar vanity address with one you are using, so you always need to confirm if all characters in address are the same.
Best thing to avoid this problem is to use separate offline computer made only for crypto transactions, or to use open source hardware wallets.
It could help temporary if you clean up or even better reformat your computer operating system.

Quote from: Infernal_Def on February 21, 2022, 01:08:47 AM

how i can get my money back?

Chances of getting your coins back are minimal, but you can report his address to authority and try to track him and his connected identity on centralized exchanges.
I am not sure paying someone to find him/them is worth it for your 0.016 BTC, but you learned your lesson for future.
Not sure what operating system you are using but using Linux is much safer option, and for wiNd0ws you can use Malwarebytes to scan and clean your system.
There are also software solutions with clipboard protection but you need to do more research about that yourself.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18588

You are never going to be able to find this person or get your coins back. Criminals in general don't cash out stolen funds via accounts linked to their own identity, and even if they did, you'll need to pay a blockchain analysis company to track where the funds went and then you'll need to pay to obtain a court order or similar to force a centralized exchange to hand over their information, the combined cost of which will be far more than the 600 EUR you have lost.

You can file a report with your local law enforcement, but again, this will almost certainly come to nothing. Unfortunately, you are just going to have to chalk this up as an expensive lesson in why you should always double check the full address and not just the first few characters, since the malicious address has obviously deliberated copied the first couple of characters in your real address. And, as nc50lc says, you need to format your PC to ensure it is clean, and then figure out what risky thing(s) you were doing online that resulted in you downloading malware in the first place.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: Infernal_Def on February 21, 2022, 01:36:35 AM

And how i can find him?

That's your only option.
But I haven't mentioned that it's an easy task, not to mention, if he's willing to send it back.
Bitcoin transactions aren't anonymous but hard to connect to an entity or a real-person.

If you're serious about finding the malware author or the owner of the address,
you can try to use services like "Chainanalysis" (it's a paid service) to conduct an investigation to 'possibly' point you to the person behind it.

Pages:

«
1
2
»

Bitcoin Forum>Bitcoin>Bitcoin Technical Support

Jump to:

Topic: Missing coins!!! (Read 556 times)