Pages:
Author

Topic: Something not right. (Read 651 times)

legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
October 16, 2019, 09:52:25 PM
#28
Note: sometimes when you are typing your wallet address, it use to bring options of related digits, if one is not careful and small difference in your digits will produce another wallet number. And you may not verify well before punching the send. That is automatically a loss or better still a prayer answered for another person.
Firstly, no one is typing a wallet address because it would be time consuming and vulnerable to mistakes.
-snip-
You should (both) know that there's a checksum with bitcoin addresses.
If there's a typo, the chance that the address will be invalid is too high that you wont be able to proceed to sign/send.

Plus it's designed to be manually written and typed with ease (Base58).
It is therefore designed for human users who manually enter the data, copying from some visual source -snip-
legendary
Activity: 3374
Merit: 2198
I stand with Ukraine.
October 16, 2019, 11:08:49 AM
#27
Note: sometimes when you are typing your wallet address, it use to bring options of related digits, if one is not careful and small difference in your digits will produce another wallet number. And you may not verify well before punching the send. That is automatically a loss or better still a prayer answered for another person.

Firstly, no one is typing a wallet address because it would be time consuming and vulnerable to mistakes. Secondly, if that were the case, the money would be lost forever, but it would stay on the address it was sent to unmoved. As we can see, the money was moved from 14wEycrQ2eb1DAbh51z4oQ3AYCA12Qeitm (the wrong addy) to another place, which means the address was controlled by the hackers.

I suggest to everyone, when sending BTC, check twice the fist 4 and the last 4 characters. It's easy to do, and it is very unlikely that your money will go to the wrong place after the check.
copper member
Activity: 832
Merit: 18
Create your coin for FREE ★mintme.com★
October 14, 2019, 11:10:57 AM
#26
I really don't think it's a malware hijacking your clipboard, do you trust this friend? I think it's more like him edited the message after being sent, was the message sent on a service that allows message editing?
HCP
legendary
Activity: 2086
Merit: 4361
October 09, 2019, 05:07:06 PM
#25
NOPE

It gaves me this 34xpbico3XJkx1eEn5D1toHgVQnPjzqS3P (when my RDP was on)

I tried it again now with my RDP turned off and it gaves me the same address, I found the issue guys, I think my Business remote control desktop is hacked, because when I'm connected to it, I copied paste that address you gave me and it gives me the hackers address above, now when I turned it off I copied pasted it again and its the same one  "34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo" So I think it's the RDP that caused this Somehow I never seen such thing before.
Sounds like one of your machines is infected with the clipboard jacker... and when using RDP, the "shared clipboard" feature means that the clipboard jacker is able to detect and change the bitcoin address. Undecided

This particular malware seems more advanced than most, in that it appears to have a database of "similar" addresses that it uses to try and avoid detection.

In any case, you should go and run some full scans on all your machines (as a bare minimum)... either that, or backup your important data and then re-format and re-install all your OSes
legendary
Activity: 2730
Merit: 7065
October 08, 2019, 01:54:19 AM
#24
I have never heard of such issues with RDP before.
In the future you need to make sure to double check which address you are about to send to. Check the first 3-4 characters, the last 3-4 characters and some from the middle of the address. That is the least you should do if you don't want to check the entire address.
hero member
Activity: 750
Merit: 511
October 07, 2019, 10:31:27 PM
#23
When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.
Probably because of those "low-level viruses" that can infect at binary level.
High-level format, aka: "format disk" or "delete partition" doesn't actually delete most of the files' traces, that's why it's possible to recover them using deleted file recovering tools.

Low-level format (zero-fill) should work in those cases, but that involves professional software tools.

There are malware which edits the firmware of the disk and then even full formatting will not remove the malware.
Therefore, advice for paranoid people is to replace the disk (perhaps flashing it will solve the problem, but who knows).
For even larger paranoiacs - replace (reflash) the motherboard. But in any case there is no guarantee that everything is taken into account.
One can only hope that such utilities will not be used for the mass user. Or use hardware/cold wallets.

One example:
https://www.wired.com/2015/02/nsa-firmware-hacking/

Quote
When a machine is infected with EquationDrug or GrayFish, the firmware flasher module gets deposited onto the system and reaches out to a command server to obtain payload code that it then flashes to the firmware, replacing the existing firmware with a malicious one.
~
The only solution for victims is to trash their hard drive and start over with a new one.
jr. member
Activity: 62
Merit: 4
October 07, 2019, 09:51:17 AM
#22
The easiest way to check if you have been infected with a clipboard virus is to just copy any address, paste it somewhere and check if it is the same address that you copied.
Here, 34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo, I think this one belongs to Binance. Copy it and paste it in an empty document. Is the pasted address the same as the one I posted?

If it changes - you are infected with a clipboard virus.
If it stays the same - you are not infected with a clipboard virus and either your friend gave you the wrong address, you copied the wrong address or there was a bug with blockchain as suggested by some users.  


NOPE



It gaves me this 34xpbico3XJkx1eEn5D1toHgVQnPjzqS3P (when my RDP was on)

I tried it again now with my RDP turned off and it gaves me the same address, I found the issue guys, I think my Business remote control desktop is hacked, because when I'm connected to it, I copied paste that address you gave me and it gives me the hackers address above, now when I turned it off I copied pasted it again and its the same one  "34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo" So I think it's the RDP that caused this Somehow I never seen such thing before.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
October 07, 2019, 09:44:57 AM
#21
When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.
Probably because of those "low-level viruses" that can infect at binary level.
High-level format, aka: "format disk" or "delete partition" doesn't actually delete most of the files' traces, that's why it's possible to recover them using deleted file recovering tools.

Low-level format (zero-fill) should work in those cases, but that involves professional software tools.
member
Activity: 78
Merit: 20
October 07, 2019, 09:27:47 AM
#20
Don't reinstall your OS - switch to Linux. Mint is fairly close to Windows if you are not familiar with Linux.
Windows 10 includes Cortana, which cannot be removed. This is a keyboard logger ( amongst other things ), and stores all of your info and communications in the Microsoft cloud.

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
October 07, 2019, 08:47:39 AM
#19
Just a simple tip so as to avoid sending funds to the address next time. Always check the address character by character as though you just type the address yourself. I know it's time consuming but it saves you from losing your money.

I never had contact with clipboard malware, and I use online, desktop, mobile and hardware wallets. But besides device safety (av/antimalware/firewall), I always check any address a few times before using it. Most wallets have a preview option, and even blockchain allows a user to check all info before sending it.

Since OP is saying that he can not reproduce this issue, is it possible that malware is changing send address only in the moment when the user clicks send button?
hero member
Activity: 2268
Merit: 579
Vave.com - Crypto Casino
October 07, 2019, 08:11:01 AM
#18
How can I scan/get rid of that? I'm really frustrated..

That's what exactly has happend out of no where I don't download anything nor enter shady websites, I only visit websites that I know of.


P.S Now I copy paste the address and nothing changes I have done it twice now nothing is changing when I pasted the same address I copied
You definitely have a malware in your system. Just wipe out the OS and start a fresh. Just a simple tip so as to avoid sending funds to the address next time. Always check the address character by character as though you just type the address yourself. I know it's time consuming but it saves you from losing your money. I usually do that when I am about to send or receive money on to my account
I don't think he have malware on his system cause if he does the hacker would have swipe out all his wallet as we speak and as above user have said the problem will be either clipboard hijackers which have occurred to some window OS user before or Blockchain wallet bugs and what the OP have to do is reinstall his OS and also use a hardware wallet (trezor).
legendary
Activity: 1610
Merit: 1131
October 07, 2019, 07:00:34 AM
#17

You definitely have a malware in your system. Just wipe out the OS and start a fresh. Just a simple tip so as to avoid sending funds to the address next time. Always check the address character by character as though you just type the address yourself. I know it's time consuming but it saves you from losing your money. I usually do that when I am about to send or receive money on to my account

I don’t think he have a malware in him system, and If him device already contains malware, his entire balance will be emptied.I think the reason is sending by mistake.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
October 07, 2019, 06:30:46 AM
#16
Don't reinstall your OS - switch to Linux. Mint is fairly close to Windows if you are not familiar with Linux.
Windows 10 includes Cortana, which cannot be removed. This is a keyboard logger ( amongst other things ), and stores all of your info and communications in the Microsoft cloud.
sr. member
Activity: 1246
Merit: 255
October 07, 2019, 04:50:08 AM
#15
Note: sometimes when you are typing your wallet address, it use to bring options of related digits, if one is not careful and small difference in your digits will produce another wallet number. And you may not verify well before punching the send. That is automatically a loss or better still a prayer answered for another person.
legendary
Activity: 2730
Merit: 7065
October 07, 2019, 04:19:25 AM
#14
The easiest way to check if you have been infected with a clipboard virus is to just copy any address, paste it somewhere and check if it is the same address that you copied.
Here, 34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo, I think this one belongs to Binance. Copy it and paste it in an empty document. Is the pasted address the same as the one I posted?

If it changes - you are infected with a clipboard virus.
If it stays the same - you are not infected with a clipboard virus and either your friend gave you the wrong address, you copied the wrong address or there was a bug with blockchain as suggested by some users.   
legendary
Activity: 2394
Merit: 2223
Signature space for rent
October 07, 2019, 04:17:33 AM
#13
This case happened multiple time on blockchain. I have seen some complaints from multiple people those are use blockchain wallet. They also did same, just copy paste address and sent bitcoin. There is nothing except hacked your system or keyboard/clipboard. Attacker able to control your clipboard but you will not aware about this. I think this was happened with you. I don't think this bug from blockchain wallet. If so then how they will business,no one will user their services. I will suggest format your device and install everything new including operating system. So in future that kind of problems will never happen if you do not install unknown software. That's the reason why everyone should double check sending address always.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
October 07, 2019, 03:11:01 AM
#12
How can I scan/get rid of that? I'm really frustrated..

That's what exactly has happend out of no where I don't download anything nor enter shady websites, I only visit websites that I know of.


P.S Now I copy paste the address and nothing changes I have done it twice now nothing is changing when I pasted the same address I copied
You definitely have a malware in your system. Just wipe out the OS and start a fresh. Just a simple tip so as to avoid sending funds to the address next time. Always check the address character by character as though you just type the address yourself. I know it's time consuming but it saves you from losing your money. I usually do that when I am about to send or receive money on to my account
legendary
Activity: 2170
Merit: 1789
October 07, 2019, 02:35:39 AM
#11
I clean it up every 2 weeks no virus/or any type of malware to be found, so I believe it might be the blockchain thing, if so I'm done with them seriously, always issues with them

Your antivirus or malware might not detect it too. I'm not defending blockchain, but it's unlikely your copy-pasted address changed unless somebody hijacks their servers. But if that does happen, then the hacker would empty your wallet without waiting for your input.

and I needed to reinstall my OS to fix this issue, removing and installing the browser again won't fix it.

Then there may be a clipboard hijacker on your OS.
sr. member
Activity: 1274
Merit: 263
October 07, 2019, 02:25:25 AM
#10
I had experienced this too 2 years ago, the script was working in just 2 places if I remembered it correctly which were Bittrex and Huobi.
It did not work in another place and as soon as I filled the form on those 2 exchanges, the address changed automatically. Have you tried it again on Blockchain.com?
and I needed to reinstall my OS to fix this issue, removing and installing the browser again won't fix it.
jr. member
Activity: 62
Merit: 4
October 07, 2019, 12:29:34 AM
#9
a copied address doesn't just randomly change and you said it is not happening again so the possibility of a clipboard hijacker is nearly zero. it is better if you start retracing your steps. go back to the start and check what address did your fiend send you. for example if it was sent to you in an email then check that email and see if it was actually the other address!
also try to remember if you copied the entire string not just partially or with additional stuff, blockchain.com wallet is known to have weird bugs which could be the cause. try to see if you can reproduce it.


I think that's the case, Blockchain might have a bug because theres no way I don't download nor visit any shady sh*t on my private computer because I use it for $ & business purposes, I'm switching to a different wallet immediately and yes you right, I'm sure I copied the right address because it was also weird that the address has same 4 letters as the main one which doesn't go thru my mind at all



a copied address doesn't just randomly change and you said it is not happening again so the possibility of a clipboard hijacker is nearly zero.

Or the hijacker decided not to change the address if it was used before to deceive the users. Never see one like this, though.

How can I scan/get rid of that? I'm really frustrated.

It's time-consuming to search for it, so a clean install is probably your best choice. Use Linux and never open/click malicious links.

I clean it up every 2 weeks no virus/or any type of malware to be found, so I believe it might be the blockchain thing, if so I'm done with them seriously, always issues with them
Pages:
Jump to: