Author

Topic: Transaction to wrong wallet 18btc (possible clipboard hack) (Read 769 times)

copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
In the future always check the first and last few characters in the address field to make sure. Luckily you managed to save yourself this time Smiley
I wouldn't rely on this: a smart virus would pick up a vanity address from a server, so that the first and last few characters are the same. Also check a few in the middle, or even better: don't trust Windows with money.

Windows is fine providing you can trust yourself on it. If not, demote your user account so you're not always an admin on it which will cut a few of the problems (though not all)

And I check the characters of addresses before sending them, it gets better when you send to the same addresses each time as you can remembr patterns between them. General rule of thumb for testing copies of new addresses - check the first FIVE and last FIVE character, it's very difficult for something to be able to produce a vanity address like that in a fast enough amount of time.
Also ensure you double check what you are signing before it is broadcast to check the address doesn't change between that point.
member
Activity: 105
Merit: 11
BYTZ
Time to clear that machine from where the first transaction was sent, always a rule to check the sect to address a few times visually! Mostly where the coins are sent, it is a one way street. There are more and more of these attacks, from phishing, fake mining software, web page malware, even remote viewing and control. Only visit sites you use a lot and be wary of third party 'free' services and even random cryptocurrency wallets, there are hidden attacks everywhere..
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
In the future always check the first and last few characters in the address field to make sure. Luckily you managed to save yourself this time Smiley
I wouldn't rely on this: a smart virus would pick up a vanity address from a server, so that the first and last few characters are the same. Also check a few in the middle, or even better: don't trust Windows with money.

I am sooooo lucky that today transactions goes very slow, thank you to everybody.
I was thinking exactly this, saved by high fees! I'm surprised your post starting this thread is so calm. Well done!
legendary
Activity: 2926
Merit: 1386
Possibilities:

- Copied and pasted address from Internet myself viewing bitcoingold coins...
- Clipboard hack, or any other hack. (Tried to reproduce the bug but It works normally no address change showing)
- Jaxx bug hack, it showed me some errors that I had ignored and re-installed

Sorry but I "cleaned and changed" everything.
I am sooooo lucky that today transactions goes very slow, thank you to everybody.
lol man you won on that one, for sure.

One thing I will mention in closing. Always get the wallet software from original source, such as Github. Always verify with the file signature.

If it is suspected to be a virus, check all your flash drives and removable media for infection.
hero member
Activity: 524
Merit: 502
This is brilliant, I'm so happy for you! That hacker must have been so excited Cheesy
jr. member
Activity: 76
Merit: 1
Possibilities:

- Copied and pasted address from Internet myself viewing bitcoingold coins...
- Clipboard hack, or any other hack. (Tried to reproduce the bug but It works normally no address change showing)
- Jaxx bug hack, it showed me some errors that I had ignored and re-installed

Sorry but I "cleaned and changed" everything.
I am sooooo lucky that today transactions goes very slow, thank you to everybody.
legendary
Activity: 3206
Merit: 1348
1 confirmation... https://www.blocktrail.com/BTC/tx/a8fc35965d1fcda81948da0f1f744b91e57123aed5204e355f37491f6c7e67d9
Ok, bitcoins are safe (for now)

Now the question is where the address 1ESzuTV3cLcGg83ftWunucxppSrkH65Dem come from?

May seem crazy, it would be interesting to try another transaction, to see if it also is hijacked. Of course, a small one. (I would play with this in a virtual machine. But a real machine with a possible infection, that's a very different matter. The machine and contents needs to be isolated.)

Can you verify the presence or absence of a virus on your computer at this point? Remember that not uncommonly, a virus will be deleted and it will "re emerge" after a power off power on cycle or some other system event.

Another possibility is wallet software that has been rewritten.

Regardless, one must take the point of view that that computer, and it's contents, are unsafe for financial transactions.


Technically you wouldn't;t even need to confirm/send the transaction but just try copying and pasting the clipboard address into the recipient address field. If it changes again then clean up your PC ASAP.
In the future always check the first and last few characters in the address field to make sure. Luckily you managed to save yourself this time Smiley
legendary
Activity: 2926
Merit: 1386
1 confirmation... https://www.blocktrail.com/BTC/tx/a8fc35965d1fcda81948da0f1f744b91e57123aed5204e355f37491f6c7e67d9
Ok, bitcoins are safe (for now)

Now the question is where the address 1ESzuTV3cLcGg83ftWunucxppSrkH65Dem come from?

May seem crazy, it would be interesting to try another transaction, to see if it also is hijacked. Of course, a small one. (I would play with this in a virtual machine. But a real machine with a possible infection, that's a very different matter. The machine and contents needs to be isolated.)

Can you verify the presence or absence of a virus on your computer at this point? Remember that not uncommonly, a virus will be deleted and it will "re emerge" after a power off power on cycle or some other system event.

Another possibility is wallet software that has been rewritten.

Regardless, one must take the point of view that that computer, and it's contents, are unsafe for financial transactions.
legendary
Activity: 2702
Merit: 4002
Many clipboard virus stories happen these days came from new sites that give free BCH , BTG and other unknown altcoins .

Some of them need to download and other work with one url only

check now and copy address and paste it if address change you must clean your pc and update antivirus .


about your trans Sorry for your loss but network now so busy so Just try to reduce fee of transaction and make it unconfirmed   
jr. member
Activity: 76
Merit: 1
1 confirmation... https://www.blocktrail.com/BTC/tx/a8fc35965d1fcda81948da0f1f744b91e57123aed5204e355f37491f6c7e67d9
Ok, bitcoins are safe (for now)

Now the question is where the address 1ESzuTV3cLcGg83ftWunucxppSrkH65Dem come from?
legendary
Activity: 3010
Merit: 3724
Join the world-leading crypto sportsbook NOW!
Should I do again with higher fee or just wait?

Looks like you did it successfully. The fee's very safe even if the network gets even more bloated to a certain point. You've still got a 200 satoshi fee cushion above 1k per byte. It's now just a matter of waiting, keep pushing the tx... and stop broadcasting the first one. Just to be sure, I sent it for acceleration, don't know if the miner will discriminate between RBFs or see it as double spends. Guess we'll find out.
jr. member
Activity: 76
Merit: 1
Should I do again with higher fee or just wait?
jr. member
Activity: 76
Merit: 1
Ok,

1) I backup wallet (unencrypted one) and stop electum.
2) Disconnect from internet, edit wallet json, delete "bad" transaction everywhere
3) Open wallet and send a new transaction:

 https://www.blocktrail.com/BTC/tx/a8fc35965d1fcda81948da0f1f744b91e57123aed5204e355f37491f6c7e67d9

Seems all normal, but still unconfirmed....
legendary
Activity: 1512
Merit: 1218
Change is in your hands
Hi,
I don't know how this occurs, I try to send 18 btc to my jaxx wallet 15zZH9CGk1ygVitNq4RTvSDkZM3sqJjGKw from my electrum wallet 1GFj8brzMK2UqA5xd4tyQ4mXUSapaF5pnk and the result is this:

https://www.blocktrail.com/BTC/tx/9965e400ded39a03e5389a3de82145da0e1aeac111893c9ada65403dfa232e9f

This not seem my jaxx wallet: https://blockchain.info/address/1ESzuTV3cLcGg83ftWunucxppSrkH65Dem

Someone hack me and replace the address?

What's goin on?

Any help would be appreciated.


You have a clipboard virus, do a quick RBF, from another machine that's your only chance to recover your funds. Here is a guide to do that https://freedomnode.com/blog/75/how-to-fix-slow-bitcoin-transactions-with-replace-by-fee


The only thing I can do with electrum is right button Increase fee

Yes do that and send back to your address, but do that from a new machine.
jr. member
Activity: 76
Merit: 1
The only thing I can do with electrum is right button Increase fee
jr. member
Activity: 76
Merit: 1
You might have a clipboard virus that automatically replaces the address on your clipboard to another that is owned by the attacker. Did you check the address before initiating the transaction? The inputs doesn't seem to be coming from your Electrum address though.

At any rate, it has opt-in RBF enabled. So as soon as possible, you have to make an RBF transaction to reverse it.

How can I make a RBF to revers it?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
You might have a clipboard virus that automatically replaces the address on your clipboard to another that is owned by the attacker. Did you check the address before initiating the transaction? The inputs doesn't seem to be coming from your Electrum address though.

At any rate, it has opt-in RBF enabled. So as soon as possible, you have to make an RBF transaction to reverse it.
jr. member
Activity: 76
Merit: 1
Hi,
I don't know how this occurs, I try to send 18 btc to my jaxx wallet 15zZH9CGk1ygVitNq4RTvSDkZM3sqJjGKw from my electrum wallet 1GFj8brzMK2UqA5xd4tyQ4mXUSapaF5pnk and the result is this:

https://www.blocktrail.com/BTC/tx/9965e400ded39a03e5389a3de82145da0e1aeac111893c9ada65403dfa232e9f

This not seem my jaxx wallet: https://blockchain.info/address/1ESzuTV3cLcGg83ftWunucxppSrkH65Dem

Someone hack me and replace the address?

What's goin on?

Any help would be appreciated.
Jump to: