| Send Window
legendary
Activity: 2380
Merit: 5213
Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.
I just checked MetaMask to see how it works. Once you paste an address, it changes to 0xXXXX...XXXX. As shown in the following image, it only shows the first 4 characters and the last 4 characters.  The receiving address is shown in the same way, even on "Confirm" window. they dont care about security they just want everything to fit in that narrow window at the top right of the web browser i guess.
As you see in the above image, that's the same even in their Android application. They can show more characters and the address still fits in the recipient address field. But they don't do that.
sr. member
Activity: 1190
Merit: 469
not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address. Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily. tell me about it. many times i sent eth using metamask and all i could see is the XXX....XXX type feedback on the final confirmation for the receiving address. they dont care about security they just want everything to fit in that narrow window at the top right of the web browser i guess. anyway i never got hacked but i didn't like how it wouldn't show the entire address. i typically would try and check at least the first 3 and last 4 or 5 chars if not more if i could.
legendary
Activity: 2268
Merit: 18711
they're going to need way more than "millions of addresses" to be able to match an arbitrary 4 characters in front and 4 at the end. think orders of magnitude larger. and it's really not feasible to generate something like that "on the fly" so there you go... Maybe not yet, but it will be eventually. Good hardware can already run vanity address generators at a rate of 5 billion keys per second or more. This is only going to get faster and faster as time goes on. Why take the risk to save yourself a few seconds? not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address. Then that's a massive flaw in their implementation. I've never used MetaMask, but I'm very surprised no one has complained about it before. 6 characters can be spoofed fairly easily.
sr. member
Activity: 1190
Merit: 469
obviously i was referring to legacy addresses. ymmv with segwit. It's bad advice for any address, legacy, segwit, or otherwise. We have seen plenty of clipboard malware which will replace addresses with ones with matching characters at the start and at the end. It is trivial to create a database of millions of addresses for the clipboard malware to draw on and pick one which is as similar as possible to the address it is replacing to try to avoid detection of people who are careless and only check 3 or 4 characters. they're going to need way more than "millions of addresses" to be able to match an arbitrary 4 characters in front and 4 at the end. think orders of magnitude larger. and it's really not feasible to generate something like that "on the fly" so there you go... if someone is only checking the leading 4 characters, well thats obviously a totally different story. The only safe method is to check the entire address, regarding of the address type. It takes less than 10 seconds to do. I have never understand why people would be so careless and risk losing their coins for the sake of literally a few seconds.
not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address. i would imagine there are bitcoin wallets out there that do a similar thing. not that i agree with it of course. i dont.
legendary
Activity: 2268
Merit: 18711
obviously i was referring to legacy addresses. ymmv with segwit. It's bad advice for any address, legacy, segwit, or otherwise. We have seen plenty of clipboard malware which will replace addresses with ones with matching characters at the start and at the end. It is trivial to create a database of millions of addresses for the clipboard malware to draw on and pick one which is as similar as possible to the address it is replacing to try to avoid detection of people who are careless and only check 3 or 4 characters. The only safe method is to check the entire address, regarding of the address type. It takes less than 10 seconds to do. I have never understand why people would be so careless and risk losing their coins for the sake of literally a few seconds.
sr. member
Activity: 1190
Merit: 469
thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go.  i dont think malware can do that. That's bad advice  Every native Segwit address has the same 4 characters ("bc1q") already, and the last 4 can quite easily be brute-forced. To be sure, just take 20 seconds and compare the full address. See How to lose your Bitcoins with CTRL-C CTRL-V. obviously i was referring to legacy addresses. ymmv with segwit.
legendary
Activity: 4466
Merit: 3391
As @nullama reported, the bitcoins were sent to bc1q5dwn...j7z5. Now, the question is whether or not that is the address in Electrum. It is not clear from your posts. Does Electrum have bc1q5dwn...j7z5 or does it have bc1q5dqp...0fu7? If bc1q5dwn...j7z5 is the correct address, then the problem might simply be that Electrum is having connection problems that are preventing it from updating.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
And how i can find him?
You got your computer infected. You basically got stolen. The chances to track/find the thief are not too good, even if you know the address. You probably need help from the police, since the thief will not be just nice and return the money if caught. Imho the chances to retrieve your money are slim to none. Sorry.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. i dont think malware can do that. That's bad advice Every native Segwit address has the same 4 characters ("bc1q") already, and the last 4 can quite easily be brute-forced. To be sure, just take 20 seconds and compare the full address. See How to lose your Bitcoins with CTRL-C CTRL-V.
sr. member
Activity: 1190
Merit: 469
Because there are malwares that can edit the address from your clipboard and replace it with the hacker's address.
Some are even mimicking the address by generating the same first and/or last few characters.
thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. i dont think malware can do that.
legendary
Activity: 2212
Merit: 7064
OMG its diferent adress then its coppy
...but its sorter why?
Scammers are using clipboard malware to create similar vanity address with one you are using, so you always need to confirm if all characters in address are the same. Best thing to avoid this problem is to use separate offline computer made only for crypto transactions, or to use open source hardware wallets. It could help temporary if you clean up or even better reformat your computer operating system. how i can get my money back?
Chances of getting your coins back are minimal, but you can report his address to authority and try to track him and his connected identity on centralized exchanges. I am not sure paying someone to find him/them is worth it for your 0.016 BTC, but you learned your lesson for future. Not sure what operating system you are using but using Linux is much safer option, and for wiNd0ws you can use Malwarebytes to scan and clean your system. There are also software solutions with clipboard protection but you need to do more research about that yourself.
legendary
Activity: 2268
Merit: 18711
You are never going to be able to find this person or get your coins back. Criminals in general don't cash out stolen funds via accounts linked to their own identity, and even if they did, you'll need to pay a blockchain analysis company to track where the funds went and then you'll need to pay to obtain a court order or similar to force a centralized exchange to hand over their information, the combined cost of which will be far more than the 600 EUR you have lost.
You can file a report with your local law enforcement, but again, this will almost certainly come to nothing. Unfortunately, you are just going to have to chalk this up as an expensive lesson in why you should always double check the full address and not just the first few characters, since the malicious address has obviously deliberated copied the first couple of characters in your real address. And, as nc50lc says, you need to format your PC to ensure it is clean, and then figure out what risky thing(s) you were doing online that resulted in you downloading malware in the first place.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
And how i can find him?
That's your only option. But I haven't mentioned that it's an easy task, not to mention, if he's willing to send it back. Bitcoin transactions aren't anonymous but hard to connect to an entity or a real-person. If you're serious about finding the malware author or the owner of the address, you can try to use services like " Chainanalysis" ( it's a paid service) to conduct an investigation to 'possibly' point you to the person behind it.
newbie
Activity: 4
Merit: 0
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
OMG its diferent adress then its coppy
COPPY bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5
FROM RIGT side bc1q5dqphunld7pj8nvgux9xdsqagsrxgf0h3t0fu7 but its sorter why?
-snip- Then it's confirmed that you've been infected with a " Clipboard-hijacking" malware/virus. (both have the same number of characters: 42 | have the same first few characters)Better clean or format your PC before using it for cryptocurrency next time. how i can get my money back?
Unfortunately, there's no way to reverse confirmed Bitcoin transactions; there's no central authority in Bitcoin that can intervene with the funds. Your only option if to find the culprit and " ask" him to send back the funds.
newbie
Activity: 4
Merit: 0
OMG its diferent adress then its coppy COPPY bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5 FROM RIGT side bc1q5dqphunld7pj8nvgux9xdsqagsrxgf0h3t0fu7 but its sorter why? yes i have cheked all wass good downloaded from https://electrum.orgwhat shod i do now? 614 EU its alot for my country how i can get my money back?
hero member
Activity: 1008
Merit: 960
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
and i cant see that adres in list of my Electrum but steal can copy it from Receve tab task
In the receive tab, when you click on the invoice ( click on the date), does the address that's displayed at the right-hand side the same as the address " bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5"? ( check for every characters, not just the first or last few) Because there are malwares that can edit the address from your clipboard and replace it with the hacker's address. Some are even mimicking the address by generating the same first and/or last few characters.
newbie
Activity: 4
Merit: 0
Adres what i maded in Electrum 4.1.5 bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5 Destination wallet address bc1q5dwnx98y9zhgyvmuc5le6754jgt39vkyt0j7z5 Transaction hash f0dc5d13737f0f40691624c97679ed7b4950da106c7b51cce81eb663034cf85d Payment method Visa •••• 7231 Authorisation code 141688 Item ordered Bitcoin (BTC) Amount 0.016 BTC scree shot of my curent balance https://skr.sh/sCcjj45Od28
and i cant see that adres in list of my Electrum but steal can copy it from Receve tab task
hero member
Activity: 1008
Merit: 960
Bitcoin addresses never expire. If the transaction was done correctly then the coins should be in your wallet. You can check the status of the transaction at any blockchain explorer, like this one: https://mempool.spaceDouble check that you wrote the correct address in it.
newbie
Activity: 4
Merit: 0
I dont know where to ask this question but I made an 24H adress on Electrum and sent transactions to it.
Transaction was completed but I did not get my coins.
|
