Something not right. | Bitcointalksearch.org

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: Betwrong on October 16, 2019, 12:08:49 PM

Quote from: TIDOVEE on October 07, 2019, 05:50:08 AM

Note: sometimes when you are typing your wallet address, it use to bring options of related digits, if one is not careful and small difference in your digits will produce another wallet number. And you may not verify well before punching the send. That is automatically a loss or better still a prayer answered for another person.

Firstly, no one is typing a wallet address because it would be time consuming and vulnerable to mistakes.
-snip-

You should (both) know that there's a checksum with bitcoin addresses.
If there's a typo, the chance that the address will be invalid is too high that you wont be able to proceed to sign/send.

Plus it's designed to be manually written and typed with ease (Base58).

Quote from: https://en.wikipedia.org/wiki/Base58

It is therefore designed for human users who manually enter the data, copying from some visual source -snip-

Betwrong

legendary

Activity: 3234

Merit: 2112

I stand with Ukraine.

Quote from: TIDOVEE on October 07, 2019, 05:50:08 AM

Note: sometimes when you are typing your wallet address, it use to bring options of related digits, if one is not careful and small difference in your digits will produce another wallet number. And you may not verify well before punching the send. That is automatically a loss or better still a prayer answered for another person.

Firstly, no one is typing a wallet address because it would be time consuming and vulnerable to mistakes. Secondly, if that were the case, the money would be lost forever, but it would stay on the address it was sent to unmoved. As we can see, the money was moved from 14wEycrQ2eb1DAbh51z4oQ3AYCA12Qeitm (the wrong addy) to another place, which means the address was controlled by the hackers.

I suggest to everyone, when sending BTC, check twice the fist 4 and the last 4 characters. It's easy to do, and it is very unlikely that your money will go to the wrong place after the check.

mintme.com

copper member

Activity: 781

Merit: 18

Create your coin for FREE ★mintme.com★

I really don't think it's a malware hijacking your clipboard, do you trust this friend? I think it's more like him edited the message after being sent, was the message sent on a service that allows message editing?

HCP

legendary

Activity: 2086

Merit: 4314

Quote from: Bitstarzisascam on October 07, 2019, 10:51:17 AM

NOPE

It gaves me this 34xpbico3XJkx1eEn5D1toHgVQnPjzqS3P (when my RDP was on)

I tried it again now with my RDP turned off and it gaves me the same address, I found the issue guys, I think my Business remote control desktop is hacked, because when I'm connected to it, I copied paste that address you gave me and it gives me the hackers address above, now when I turned it off I copied pasted it again and its the same one "34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo" So I think it's the RDP that caused this Somehow I never seen such thing before.

Sounds like one of your machines is infected with the clipboard jacker... and when using RDP, the "shared clipboard" feature means that the clipboard jacker is able to detect and change the bitcoin address. Undecided

This particular malware seems more advanced than most, in that it appears to have a database of "similar" addresses that it uses to try and avoid detection.

In any case, you should go and run some full scans on all your machines (as a bare minimum)... either that, or backup your important data and then re-format and re-install all your OSes

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

I have never heard of such issues with RDP before.
In the future you need to make sure to double check which address you are about to send to. Check the first 3-4 characters, the last 3-4 characters and some from the middle of the address. That is the least you should do if you don't want to check the entire address.

prix

hero member

Activity: 750

Merit: 511

Quote from: nc50lc on October 07, 2019, 10:44:57 AM

Quote from: evgenia_volkova on October 07, 2019, 10:27:47 AM

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.

Probably because of those "low-level viruses" that can infect at binary level.
High-level format, aka: "format disk" or "delete partition" doesn't actually delete most of the files' traces, that's why it's possible to recover them using deleted file recovering tools.

Low-level format (zero-fill) should work in those cases, but that involves professional software tools.

There are malware which edits the firmware of the disk and then even full formatting will not remove the malware.
Therefore, advice for paranoid people is to replace the disk (perhaps flashing it will solve the problem, but who knows).
For even larger paranoiacs - replace (reflash) the motherboard. But in any case there is no guarantee that everything is taken into account.
One can only hope that such utilities will not be used for the mass user. Or use hardware/cold wallets.

One example:
https://www.wired.com/2015/02/nsa-firmware-hacking/

Quote

When a machine is infected with EquationDrug or GrayFish, the firmware flasher module gets deposited onto the system and reaches out to a command server to obtain payload code that it then flashes to the firmware, replacing the existing firmware with a malicious one.
~
The only solution for victims is to trash their hard drive and start over with a new one.

Bitstarzisascam

jr. member

Activity: 62

Merit: 4

Quote from: Pmalek on October 07, 2019, 05:19:25 AM

The easiest way to check if you have been infected with a clipboard virus is to just copy any address, paste it somewhere and check if it is the same address that you copied.
Here, 34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo, I think this one belongs to Binance. Copy it and paste it in an empty document. Is the pasted address the same as the one I posted?

If it changes - you are infected with a clipboard virus.
If it stays the same - you are not infected with a clipboard virus and either your friend gave you the wrong address, you copied the wrong address or there was a bug with blockchain as suggested by some users.

NOPE

It gaves me this 34xpbico3XJkx1eEn5D1toHgVQnPjzqS3P (when my RDP was on)

I tried it again now with my RDP turned off and it gaves me the same address, I found the issue guys, I think my Business remote control desktop is hacked, because when I'm connected to it, I copied paste that address you gave me and it gives me the hackers address above, now when I turned it off I copied pasted it again and its the same one "34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo" So I think it's the RDP that caused this Somehow I never seen such thing before.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: evgenia_volkova on October 07, 2019, 10:27:47 AM

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.

Probably because of those "low-level viruses" that can infect at binary level.
High-level format, aka: "format disk" or "delete partition" doesn't actually delete most of the files' traces, that's why it's possible to recover them using deleted file recovering tools.

Low-level format (zero-fill) should work in those cases, but that involves professional software tools.

evgenia_volkova

member

Activity: 78

Merit: 20

Quote from: Jet Cash on October 07, 2019, 07:30:46 AM

Don't reinstall your OS - switch to Linux. Mint is fairly close to Windows if you are not familiar with Linux.
Windows 10 includes Cortana, which cannot be removed. This is a keyboard logger ( amongst other things ), and stores all of your info and communications in the Microsoft cloud.

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.

Lucius

legendary

Activity: 3220

Merit: 5634

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Bitcoin_Arena on October 07, 2019, 04:11:01 AM

Just a simple tip so as to avoid sending funds to the address next time. Always check the address character by character as though you just type the address yourself. I know it's time consuming but it saves you from losing your money.

I never had contact with clipboard malware, and I use online, desktop, mobile and hardware wallets. But besides device safety (av/antimalware/firewall), I always check any address a few times before using it. Most wallets have a preview option, and even blockchain allows a user to check all info before sending it.

Since OP is saying that he can not reproduce this issue, is it possible that malware is changing send address only in the moment when the user clicks send button?

posi

hero member

Activity: 2240

Merit: 579

Leading Crypto Sports Betting & Casino Platform

Quote from: Bitcoin_Arena on October 07, 2019, 04:11:01 AM

Quote from: Bitstarzisascam on October 06, 2019, 09:44:55 PM

How can I scan/get rid of that? I'm really frustrated..

That's what exactly has happend out of no where I don't download anything nor enter shady websites, I only visit websites that I know of.

P.S Now I copy paste the address and nothing changes I have done it twice now nothing is changing when I pasted the same address I copied

You definitely have a malware in your system. Just wipe out the OS and start a fresh. Just a simple tip so as to avoid sending funds to the address next time. Always check the address character by character as though you just type the address yourself. I know it's time consuming but it saves you from losing your money. I usually do that when I am about to send or receive money on to my account

I don't think he have malware on his system cause if he does the hacker would have swipe out all his wallet as we speak and as above user have said the problem will be either clipboard hijackers which have occurred to some window OS user before or Blockchain wallet bugs and what the OP have to do is reinstall his OS and also use a hardware wallet (trezor).

Ulven

legendary

Activity: 1610

Merit: 1127

Quote from: Bitcoin_Arena on October 07, 2019, 04:11:01 AM

Quote from: Bitstarzisascam on October 06, 2019, 09:44:55 PM

You definitely have a malware in your system. Just wipe out the OS and start a fresh. Just a simple tip so as to avoid sending funds to the address next time. Always check the address character by character as though you just type the address yourself. I know it's time consuming but it saves you from losing your money. I usually do that when I am about to send or receive money on to my account

I don’t think he have a malware in him system, and If him device already contains malware, his entire balance will be emptied.I think the reason is sending by mistake.

Jet Cash

legendary

Activity: 2688

Merit: 2444

https://JetCash.com

Don't reinstall your OS - switch to Linux. Mint is fairly close to Windows if you are not familiar with Linux.
Windows 10 includes Cortana, which cannot be removed. This is a keyboard logger ( amongst other things ), and stores all of your info and communications in the Microsoft cloud.

TIDOVEE

sr. member

Activity: 1246

Merit: 255

Note: sometimes when you are typing your wallet address, it use to bring options of related digits, if one is not careful and small difference in your digits will produce another wallet number. And you may not verify well before punching the send. That is automatically a loss or better still a prayer answered for another person.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

The easiest way to check if you have been infected with a clipboard virus is to just copy any address, paste it somewhere and check if it is the same address that you copied.
Here, 34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo, I think this one belongs to Binance. Copy it and paste it in an empty document. Is the pasted address the same as the one I posted?

If it changes - you are infected with a clipboard virus.
If it stays the same - you are not infected with a clipboard virus and either your friend gave you the wrong address, you copied the wrong address or there was a bug with blockchain as suggested by some users.

The Cryptovator

legendary

Activity: 2226

Merit: 2169

Need PR/CMC & CG? TG @The_Cryptovator

This case happened multiple time on blockchain. I have seen some complaints from multiple people those are use blockchain wallet. They also did same, just copy paste address and sent bitcoin. There is nothing except hacked your system or keyboard/clipboard. Attacker able to control your clipboard but you will not aware about this. I think this was happened with you. I don't think this bug from blockchain wallet. If so then how they will business,no one will user their services. I will suggest format your device and install everything new including operating system. So in future that kind of problems will never happen if you do not install unknown software. That's the reason why everyone should double check sending address always.

Bitcoin_Arena

copper member

Activity: 2016

Merit: 1783

฿itcoin for all, All for ฿itcoin.

Quote from: Bitstarzisascam on October 06, 2019, 09:44:55 PM

How can I scan/get rid of that? I'm really frustrated..

That's what exactly has happend out of no where I don't download anything nor enter shady websites, I only visit websites that I know of.

P.S Now I copy paste the address and nothing changes I have done it twice now nothing is changing when I pasted the same address I copied

You definitely have a malware in your system. Just wipe out the OS and start a fresh. Just a simple tip so as to avoid sending funds to the address next time. Always check the address character by character as though you just type the address yourself. I know it's time consuming but it saves you from losing your money. I usually do that when I am about to send or receive money on to my account

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: ?? on ??

I clean it up every 2 weeks no virus/or any type of malware to be found, so I believe it might be the blockchain thing, if so I'm done with them seriously, always issues with them

Your antivirus or malware might not detect it too. I'm not defending blockchain, but it's unlikely your copy-pasted address changed unless somebody hijacks their servers. But if that does happen, then the hacker would empty your wallet without waiting for your input.

Quote from: DaMut on October 07, 2019, 03:25:25 AM

and I needed to reinstall my OS to fix this issue, removing and installing the browser again won't fix it.

Then there may be a clipboard hijacker on your OS.

DaMut

sr. member

Activity: 1246

Merit: 263

I had experienced this too 2 years ago, the script was working in just 2 places if I remembered it correctly which were Bittrex and Huobi.
It did not work in another place and as soon as I filled the form on those 2 exchanges, the address changed automatically. Have you tried it again on Blockchain.com?
and I needed to reinstall my OS to fix this issue, removing and installing the browser again won't fix it.

Bitstarzisascam

jr. member

Activity: 62

Merit: 4

Quote from: pooya87 on October 07, 2019, 12:24:46 AM

a copied address doesn't just randomly change and you said it is not happening again so the possibility of a clipboard hijacker is nearly zero. it is better if you start retracing your steps. go back to the start and check what address did your fiend send you. for example if it was sent to you in an email then check that email and see if it was actually the other address!
also try to remember if you copied the entire string not just partially or with additional stuff, blockchain.com wallet is known to have weird bugs which could be the cause. try to see if you can reproduce it.

I think that's the case, Blockchain might have a bug because theres no way I don't download nor visit any shady sh*t on my private computer because I use it for $ & business purposes, I'm switching to a different wallet immediately and yes you right, I'm sure I copied the right address because it was also weird that the address has same 4 letters as the main one which doesn't go thru my mind at all

Quote from: joniboini on October 07, 2019, 12:57:57 AM

Quote from: pooya87 on October 07, 2019, 12:24:46 AM

a copied address doesn't just randomly change and you said it is not happening again so the possibility of a clipboard hijacker is nearly zero.

Or the hijacker decided not to change the address if it was used before to deceive the users. Never see one like this, though.

Quote from: Bitstarzisascam on October 06, 2019, 09:44:55 PM

How can I scan/get rid of that? I'm really frustrated.

It's time-consuming to search for it, so a clean install is probably your best choice. Use Linux and never open/click malicious links.

I clean it up every 2 weeks no virus/or any type of malware to be found, so I believe it might be the blockchain thing, if so I'm done with them seriously, always issues with them

Topic: Something not right. (Read 607 times)