Author

Topic: Missing coins!!! (Read 612 times)

hero member
Activity: 2436
Merit: 607
March 23, 2022, 07:09:27 AM
#28
The confirmation screen does not show 1 full address line but only the beginning and end of the wallet address. If you are careful, it is helpful to match and verify with the recipient or deposit address.

I made a simple attempt to avoid the clipboard address malware issue:
- make sure you never install any app other than the official website, it is most likely infected with malware and other viruses.
- use "click" automatic copy of address to paste notepad or Google Chrome browser search bar (if using metamask) before pasting in the submit field.
- if possible, copy the address again in the confirmation text and CTRL+V in notepad to verify again with the previous address.

I always apply the steps above when making deposits and withdrawals by checking addresses carefully, so I never face any errors.
 
Simple concept to avoid clipboard malware but very useful when sending large balance transactions, many cases have happened where someone didn't notice the change of address when pasting the address in the send field but different from the copied address, without following the steps to verify the address described above, then they made the mistake of sending the balance to the address of the clipboard malware.
sr. member
Activity: 832
Merit: 286
DGbet.fun - Crypto Sportsbook
March 08, 2022, 05:01:28 AM
#27
well as has been illustrated, you cant always check the full address on the confirmation screen for some software wallets. yes the example came from an eth wallet but the point remains. if you're going to use that particular wallet, you have to accept that risk.
The confirmation screen does not show 1 full address line but only the beginning and end of the wallet address. If you are careful, it is helpful to match and verify with the recipient or deposit address.

I made a simple attempt to avoid the clipboard address malware issue:
- make sure you never install any app other than the official website, it is most likely infected with malware and other viruses.
- use "click" automatic copy of address to paste notepad or Google Chrome browser search bar (if using metamask) before pasting in the submit field.
- if possible, copy the address again in the confirmation text and CTRL+V in notepad to verify again with the previous address.

I always apply the steps above when making deposits and withdrawals by checking addresses carefully, so I never face any errors.
 
sr. member
Activity: 1190
Merit: 469
March 04, 2022, 01:28:19 AM
#26

Again, this takes <10 seconds to do. I don't understand why people make such a song and dance about it. In the time it takes you to write a single post saying that you think checking the whole address in unnecessary, you could have checked the whole address for your next 10 transactions.

well as has been illustrated, you cant always check the full address on the confirmation screen for some software wallets. yes the example came from an eth wallet but the point remains. if you're going to use that particular wallet, you have to accept that risk.
legendary
Activity: 2268
Merit: 18771
March 03, 2022, 04:56:17 AM
#25
but it is tangentially related to the tangent discussion of how many letters in an address are needed to guaranteee no clipboard malware. apparently the answer is 4 letters in front and 4 at the end.
That's not correct. Checking 8 characters makes it unlikely you will fall victim to clipboard malware for now, although the required number of characters to be relatively safe will continue to increase as malware becomes more sophisticated, vanity generators more efficient, and hardware more powerful. If you want to guarantee you have not fallen victim to clipboard malware, then the only right answer is the check the full address.

Again, this takes <10 seconds to do. I don't understand why people make such a song and dance about it. In the time it takes you to write a single post saying that you think checking the whole address in unnecessary, you could have checked the whole address for your next 10 transactions.
sr. member
Activity: 1190
Merit: 469
March 02, 2022, 11:56:38 PM
#24
Anyways, I think it's time to create another thread to continue the discussion about MetaMask.

Yes, please. This has absolutely nothing to do with Bitcoin.

Metamask has nothing to do with bitcoin yes. but it is tangentially related to the tangent discussion of how many letters in an address are needed to guaranteee no clipboard malware. apparently the answer is 4 letters in front and 4 at the end. for ethereum anyway. which is why i had said that when i send btc, that's what i check and nothing more.
legendary
Activity: 4522
Merit: 3426
March 02, 2022, 03:21:51 AM
#23
Anyways, I think it's time to create another thread to continue the discussion about MetaMask.

Yes, please. This has absolutely nothing to do with Bitcoin.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
March 01, 2022, 10:59:04 PM
#22
-snip- all i could see is the XXX....XXX type feedback on the final confirmation for the receiving address.Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.
I just checked MetaMask to see how it works.
Once you paste an address, it changes to 0xXXXX...XXXX. As shown in the following image, it only shows the first 4 characters and the last 4 characters.
Mine shows the full address after I pasted it; and just like larry, just the first and last 4 characters in the confirmation window.
Metamask version 10.10.1 | Monitor's resolution: 1920x1080 px
Images (test network):

Send Window
legendary
Activity: 2380
Merit: 5213
March 01, 2022, 12:34:50 PM
#21
Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.
I just checked MetaMask to see how it works.
Once you paste an address, it changes to 0xXXXX...XXXX. As shown in the following image, it only shows the first 4 characters and the last 4 characters.



The receiving address is shown in the same way, even on "Confirm" window.


they dont care about security they just want everything to fit in that narrow window at the top right of the web browser i guess.
As you see in the above image, that's the same even in their Android application.
They can show more characters and the address still fits in the recipient address field. But they don't do that.
sr. member
Activity: 1190
Merit: 469
February 28, 2022, 09:41:33 PM
#20

not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address.
Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.

tell me about it. many times i sent eth using metamask and all i could see is the XXX....XXX type feedback on the final confirmation for the receiving address. they dont care about security they just want everything to fit in that narrow window at the top right of the web browser i guess. anyway i never got hacked but i didn't like how it wouldn't show the entire address. i typically would try and check at least the first 3 and last 4 or 5 chars if not more if i could.
legendary
Activity: 2268
Merit: 18771
February 27, 2022, 03:52:11 AM
#19
they're going to need way more than "millions of addresses" to be able to match an arbitrary 4 characters in front and 4 at the end. think orders of magnitude larger. and it's really not feasible to generate something like that "on the fly" so there you go...
Maybe not yet, but it will be eventually. Good hardware can already run vanity address generators at a rate of 5 billion keys per second or more. This is only going to get faster and faster as time goes on. Why take the risk to save yourself a few seconds?

not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address.
Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.
sr. member
Activity: 1190
Merit: 469
February 26, 2022, 11:07:34 PM
#18
obviously i was referring to legacy addresses. ymmv with segwit.
It's bad advice for any address, legacy, segwit, or otherwise. We have seen plenty of clipboard malware which will replace addresses with ones with matching characters at the start and at the end. It is trivial to create a database of millions of addresses for the clipboard malware to draw on and pick one which is as similar as possible to the address it is replacing to try to avoid detection of people who are careless and only check 3 or 4 characters.

they're going to need way more than "millions of addresses" to be able to match an arbitrary 4 characters in front and 4 at the end. think orders of magnitude larger. and it's really not feasible to generate something like that "on the fly" so there you go...
if someone is only checking the leading 4 characters, well thats obviously a totally different story.

Quote
The only safe method is to check the entire address, regarding of the address type. It takes less than 10 seconds to do. I have never understand why people would be so careless and risk losing their coins for the sake of literally a few seconds.

not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address. i would imagine there are bitcoin wallets out there that do a similar thing. not that i agree with it of course. i dont.
legendary
Activity: 2268
Merit: 18771
February 26, 2022, 04:08:49 AM
#17
obviously i was referring to legacy addresses. ymmv with segwit.
It's bad advice for any address, legacy, segwit, or otherwise. We have seen plenty of clipboard malware which will replace addresses with ones with matching characters at the start and at the end. It is trivial to create a database of millions of addresses for the clipboard malware to draw on and pick one which is as similar as possible to the address it is replacing to try to avoid detection of people who are careless and only check 3 or 4 characters.

The only safe method is to check the entire address, regarding of the address type. It takes less than 10 seconds to do. I have never understand why people would be so careless and risk losing their coins for the sake of literally a few seconds.
sr. member
Activity: 1190
Merit: 469
February 25, 2022, 09:24:27 PM
#16
thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. Grin i dont think malware can do that.
That's bad advice Sad
Every native Segwit address has the same 4 characters ("bc1q") already, and the last 4 can quite easily be brute-forced. To be sure, just take 20 seconds and compare the full address.
See How to lose your Bitcoins with CTRL-C CTRL-V.

obviously i was referring to legacy addresses. ymmv with segwit.
legendary
Activity: 4522
Merit: 3426
February 24, 2022, 12:27:16 AM
#15
The bitcoin was correctly transferred to that address, as you can see here:
https://mempool.space/address/bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5
If it doesn't show up in your Electrum wallet, then maybe you copied a wrong address, or your Electrum software might be compromised. Did you check the signatures when installing Electrum?

As @nullama reported, the bitcoins were sent to bc1q5dwn...j7z5. Now, the question is whether or not that is the address in Electrum. It is not clear from your posts. Does Electrum have bc1q5dwn...j7z5 or does it have bc1q5dqp...0fu7?

If bc1q5dwn...j7z5 is the correct address, then the problem might simply be that Electrum is having connection problems that are preventing it from updating.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
February 22, 2022, 04:34:12 AM
#14
And how i can find him?

You got your computer infected. You basically got stolen. The chances to track/find the thief are not too good, even if you know the address.
You probably need help from the police, since the thief will not be just nice and return the money if caught.
Imho the chances to retrieve your money are slim to none. Sorry.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
February 22, 2022, 04:21:57 AM
#13
thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. Grin i dont think malware can do that.
That's bad advice Sad
Every native Segwit address has the same 4 characters ("bc1q") already, and the last 4 can quite easily be brute-forced. To be sure, just take 20 seconds and compare the full address.
See How to lose your Bitcoins with CTRL-C CTRL-V.
sr. member
Activity: 1190
Merit: 469
February 22, 2022, 12:34:25 AM
#12


Because there are malwares that can edit the address from your clipboard and replace it with the hacker's address.
Some are even mimicking the address by generating the same first and/or last few characters.

thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. Grin i dont think malware can do that.
legendary
Activity: 2212
Merit: 7064
February 21, 2022, 06:27:19 AM
#11
OMG its diferent adress then its coppy
...but its sorter why?
Scammers are using clipboard malware to create similar vanity address with one you are using, so you always need to confirm if all characters in address are the same.
Best thing to avoid this problem is to use separate offline computer made only for crypto transactions, or to use open source hardware wallets.
It could help temporary if you clean up or even better reformat your computer operating system.

how i can get my money back?
Chances of getting your coins back are minimal, but you can report his address to authority and try to track him and his connected identity on centralized exchanges.
I am not sure paying someone to find him/them is worth it for your 0.016 BTC, but you learned your lesson for future.
Not sure what operating system you are using but using Linux is much safer option, and for wiNd0ws you can use Malwarebytes to scan and clean your system.
There are also software solutions with clipboard protection but you need to do more research about that yourself.
legendary
Activity: 2268
Merit: 18771
February 21, 2022, 04:44:51 AM
#10
You are never going to be able to find this person or get your coins back. Criminals in general don't cash out stolen funds via accounts linked to their own identity, and even if they did, you'll need to pay a blockchain analysis company to track where the funds went and then you'll need to pay to obtain a court order or similar to force a centralized exchange to hand over their information, the combined cost of which will be far more than the 600 EUR you have lost.

You can file a report with your local law enforcement, but again, this will almost certainly come to nothing. Unfortunately, you are just going to have to chalk this up as an expensive lesson in why you should always double check the full address and not just the first few characters, since the malicious address has obviously deliberated copied the first couple of characters in your real address. And, as nc50lc says, you need to format your PC to ensure it is clean, and then figure out what risky thing(s) you were doing online that resulted in you downloading malware in the first place.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
February 21, 2022, 01:45:09 AM
#9
And how i can find him?
That's your only option.
But I haven't mentioned that it's an easy task, not to mention, if he's willing to send it back.
Bitcoin transactions aren't anonymous but hard to connect to an entity or a real-person.

If you're serious about finding the malware author or the owner of the address,
you can try to use services like "Chainanalysis" (it's a paid service) to conduct an investigation to 'possibly' point you to the person behind it.
newbie
Activity: 4
Merit: 0
February 21, 2022, 12:36:35 AM
#8
And how i can find him?
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
February 21, 2022, 12:14:41 AM
#7
OMG its diferent adress then its coppy
COPPY                bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5
FROM RIGT side  bc1q5dqphunld7pj8nvgux9xdsqagsrxgf0h3t0fu7 but its sorter why?
-snip-
Then it's confirmed that you've been infected with a "Clipboard-hijacking" malware/virus.
(both have the same number of characters: 42 | have the same first few characters)

Better clean or format your PC before using it for cryptocurrency next time.

Quote from: Infernal_Def
how i can get my money back?
Unfortunately, there's no way to reverse confirmed Bitcoin transactions; there's no central authority in Bitcoin that can intervene with the funds.
Your only option if to find the culprit and "ask" him to send back the funds.
newbie
Activity: 4
Merit: 0
February 21, 2022, 12:08:47 AM
#6
OMG its diferent adress then its coppy
COPPY                bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5
FROM RIGT side  bc1q5dqphunld7pj8nvgux9xdsqagsrxgf0h3t0fu7 but its sorter why?
yes i have cheked all wass good downloaded from https://electrum.org
what shod i do now? 614 EU its alot for my country
how i can get my money back?
hero member
Activity: 1008
Merit: 960
February 20, 2022, 11:08:26 PM
#5
The bitcoin was correctly transferred to that address, as you can see here:

https://mempool.space/address/bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5

If it doesn't show up in your Electrum wallet, then maybe you copied a wrong address, or your Electrum software might be compromised. Did you check the signatures when installing Electrum?
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
February 20, 2022, 10:36:45 PM
#4
and i cant see that adres in list of my Electrum but steal can copy it from Receve tab task
In the receive tab, when you click on the invoice (click on the date),
does the address that's displayed at the right-hand side the same as the address "bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5"?
(check for every characters, not just the first or last few)

Because there are malwares that can edit the address from your clipboard and replace it with the hacker's address.
Some are even mimicking the address by generating the same first and/or last few characters.
newbie
Activity: 4
Merit: 0
February 20, 2022, 07:09:01 PM
#3
Adres what i maded in Electrum 4.1.5  bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5
Destination wallet address                   bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5
Transaction hash   f0dc5d13737f0f40691624c97679ed7b4950da106c7b51cce81eb663034cf85d
Payment method   Visa •••• 7231
Authorisation code   141688
Item ordered   Bitcoin (BTC)
Amount   0.016 BTC

scree shot of my curent balance https://skr.sh/sCcjj45Od28



and i cant see that adres in list of my Electrum but steal can copy it from Receve tab task
hero member
Activity: 1008
Merit: 960
February 20, 2022, 06:56:45 PM
#2
Bitcoin addresses never expire.

If the transaction was done correctly then the coins should be in your wallet.

You can check the status of the transaction at any blockchain explorer, like this one: https://mempool.space

Double check that you wrote the correct address in it.
newbie
Activity: 4
Merit: 0
February 20, 2022, 06:46:13 PM
#1
I dont know where to ask this question but I made an 24H adress on Electrum and sent transactions to it.
Transaction was completed but I did not get my coins.
Jump to:
© 2020, Bitcointalksearch.org