Transaction to wrong wallet 18btc (possible clipboard hack)

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: LoyceV on November 13, 2017, 03:14:44 PM

Quote from: AT101ET on November 12, 2017, 12:23:54 PM

In the future always check the first and last few characters in the address field to make sure. Luckily you managed to save yourself this time

I wouldn't rely on this: a smart virus would pick up a vanity address from a server, so that the first and last few characters are the same. Also check a few in the middle, or even better: don't trust Windows with money.

Windows is fine providing you can trust yourself on it. If not, demote your user account so you're not always an admin on it which will cut a few of the problems (though not all)

And I check the characters of addresses before sending them, it gets better when you send to the same addresses each time as you can remembr patterns between them. General rule of thumb for testing copies of new addresses - check the first FIVE and last FIVE character, it's very difficult for something to be able to produce a vanity address like that in a fast enough amount of time.
Also ensure you double check what you are signing before it is broadcast to check the address doesn't change between that point.

slate_main

member

Activity: 105

Merit: 11

BYTZ

Time to clear that machine from where the first transaction was sent, always a rule to check the sect to address a few times visually! Mostly where the coins are sent, it is a one way street. There are more and more of these attacks, from phishing, fake mining software, web page malware, even remote viewing and control. Only visit sites you use a lot and be wary of third party 'free' services and even random cryptocurrency wallets, there are hidden attacks everywhere..

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: AT101ET on November 12, 2017, 12:23:54 PM

In the future always check the first and last few characters in the address field to make sure. Luckily you managed to save yourself this time

I wouldn't rely on this: a smart virus would pick up a vanity address from a server, so that the first and last few characters are the same. Also check a few in the middle, or even better: don't trust Windows with money.

Quote from: patinencomun on November 12, 2017, 01:03:40 PM

I am sooooo lucky that today transactions goes very slow, thank you to everybody.

I was thinking exactly this, saved by high fees! I'm surprised your post starting this thread is so calm. Well done!

Spendulus

legendary

Activity: 2926

Merit: 1386

Quote from: patinencomun on November 12, 2017, 01:03:40 PM

Possibilities:

- Copied and pasted address from Internet myself viewing bitcoingold coins...
- Clipboard hack, or any other hack. (Tried to reproduce the bug but It works normally no address change showing)
- Jaxx bug hack, it showed me some errors that I had ignored and re-installed

Sorry but I "cleaned and changed" everything.
I am sooooo lucky that today transactions goes very slow, thank you to everybody.

lol man you won on that one, for sure.

One thing I will mention in closing. Always get the wallet software from original source, such as Github. Always verify with the file signature.

If it is suspected to be a virus, check all your flash drives and removable media for infection.

ABitBack

hero member

Activity: 524

Merit: 502

This is brilliant, I'm so happy for you! That hacker must have been so excited Cheesy

patinencomun

jr. member

Activity: 76

Merit: 1

Possibilities:

- Copied and pasted address from Internet myself viewing bitcoingold coins...
- Clipboard hack, or any other hack. (Tried to reproduce the bug but It works normally no address change showing)
- Jaxx bug hack, it showed me some errors that I had ignored and re-installed

Sorry but I "cleaned and changed" everything.
I am sooooo lucky that today transactions goes very slow, thank you to everybody.

AT101ET

legendary

Activity: 3178

Merit: 1348

Quote from: Spendulus on November 12, 2017, 08:26:59 AM

Quote from: patinencomun on November 12, 2017, 06:32:26 AM

1 confirmation... https://www.blocktrail.com/BTC/tx/a8fc35965d1fcda81948da0f1f744b91e57123aed5204e355f37491f6c7e67d9
Ok, bitcoins are safe (for now)

Now the question is where the address 1ESzuTV3cLcGg83ftWunucxppSrkH65Dem come from?

May seem crazy, it would be interesting to try another transaction, to see if it also is hijacked. Of course, a small one. (I would play with this in a virtual machine. But a real machine with a possible infection, that's a very different matter. The machine and contents needs to be isolated.)

Can you verify the presence or absence of a virus on your computer at this point? Remember that not uncommonly, a virus will be deleted and it will "re emerge" after a power off power on cycle or some other system event.

Another possibility is wallet software that has been rewritten.

Regardless, one must take the point of view that that computer, and it's contents, are unsafe for financial transactions.

Technically you wouldn't;t even need to confirm/send the transaction but just try copying and pasting the clipboard address into the recipient address field. If it changes again then clean up your PC ASAP.
In the future always check the first and last few characters in the address field to make sure. Luckily you managed to save yourself this time

Spendulus

legendary

Activity: 2926

Merit: 1386

Quote from: patinencomun on November 12, 2017, 06:32:26 AM

1 confirmation... https://www.blocktrail.com/BTC/tx/a8fc35965d1fcda81948da0f1f744b91e57123aed5204e355f37491f6c7e67d9
Ok, bitcoins are safe (for now)

Now the question is where the address 1ESzuTV3cLcGg83ftWunucxppSrkH65Dem come from?

May seem crazy, it would be interesting to try another transaction, to see if it also is hijacked. Of course, a small one. (I would play with this in a virtual machine. But a real machine with a possible infection, that's a very different matter. The machine and contents needs to be isolated.)

Can you verify the presence or absence of a virus on your computer at this point? Remember that not uncommonly, a virus will be deleted and it will "re emerge" after a power off power on cycle or some other system event.

Another possibility is wallet software that has been rewritten.

Regardless, one must take the point of view that that computer, and it's contents, are unsafe for financial transactions.

hugeblack

legendary

Activity: 2688

Merit: 3983

Many clipboard virus stories happen these days came from new sites that give free BCH , BTG and other unknown altcoins .

Some of them need to download and other work with one url only

check now and copy address and paste it if address change you must clean your pc and update antivirus .

about your trans Sorry for your loss but network now so busy so Just try to reduce fee of transaction and make it unconfirmed

patinencomun

jr. member

Activity: 76

Merit: 1

1 confirmation... https://www.blocktrail.com/BTC/tx/a8fc35965d1fcda81948da0f1f744b91e57123aed5204e355f37491f6c7e67d9
Ok, bitcoins are safe (for now)

Now the question is where the address 1ESzuTV3cLcGg83ftWunucxppSrkH65Dem come from?

buwaytress

legendary

Activity: 2968

Merit: 3684

Join the world-leading crypto sportsbook NOW!

Quote from: patinencomun on November 12, 2017, 04:29:50 AM

Should I do again with higher fee or just wait?

Looks like you did it successfully. The fee's very safe even if the network gets even more bloated to a certain point. You've still got a 200 satoshi fee cushion above 1k per byte. It's now just a matter of waiting, keep pushing the tx... and stop broadcasting the first one. Just to be sure, I sent it for acceleration, don't know if the miner will discriminate between RBFs or see it as double spends. Guess we'll find out.

patinencomun

jr. member

Activity: 76

Merit: 1

Should I do again with higher fee or just wait?

patinencomun

jr. member

Activity: 76

Merit: 1

Ok,

1) I backup wallet (unencrypted one) and stop electum.
2) Disconnect from internet, edit wallet json, delete "bad" transaction everywhere
3) Open wallet and send a new transaction:

https://www.blocktrail.com/BTC/tx/a8fc35965d1fcda81948da0f1f744b91e57123aed5204e355f37491f6c7e67d9

Seems all normal, but still unconfirmed....

Thekool1s

legendary

Activity: 1512

Merit: 1218

Change is in your hands

Quote from: patinencomun on November 12, 2017, 03:26:42 AM

Hi,
I don't know how this occurs, I try to send 18 btc to my jaxx wallet 15zZH9CGk1ygVitNq4RTvSDkZM3sqJjGKw from my electrum wallet 1GFj8brzMK2UqA5xd4tyQ4mXUSapaF5pnk and the result is this:

https://www.blocktrail.com/BTC/tx/9965e400ded39a03e5389a3de82145da0e1aeac111893c9ada65403dfa232e9f

This not seem my jaxx wallet: https://blockchain.info/address/1ESzuTV3cLcGg83ftWunucxppSrkH65Dem

Someone hack me and replace the address?

What's goin on?

Any help would be appreciated.

You have a clipboard virus, do a quick RBF, from another machine that's your only chance to recover your funds. Here is a guide to do that https://freedomnode.com/blog/75/how-to-fix-slow-bitcoin-transactions-with-replace-by-fee

Quote from: patinencomun on November 12, 2017, 03:41:19 AM

The only thing I can do with electrum is right button Increase fee

Yes do that and send back to your address, but do that from a new machine.

patinencomun

jr. member

Activity: 76

Merit: 1

The only thing I can do with electrum is right button Increase fee

patinencomun

jr. member

Activity: 76

Merit: 1

Quote from: ranochigo on November 12, 2017, 03:35:11 AM

You might have a clipboard virus that automatically replaces the address on your clipboard to another that is owned by the attacker. Did you check the address before initiating the transaction? The inputs doesn't seem to be coming from your Electrum address though.

At any rate, it has opt-in RBF enabled. So as soon as possible, you have to make an RBF transaction to reverse it.

How can I make a RBF to revers it?

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

You might have a clipboard virus that automatically replaces the address on your clipboard to another that is owned by the attacker. Did you check the address before initiating the transaction? The inputs doesn't seem to be coming from your Electrum address though.

At any rate, it has opt-in RBF enabled. So as soon as possible, you have to make an RBF transaction to reverse it.

patinencomun

jr. member

Activity: 76

Merit: 1

Hi,
I don't know how this occurs, I try to send 18 btc to my jaxx wallet 15zZH9CGk1ygVitNq4RTvSDkZM3sqJjGKw from my electrum wallet 1GFj8brzMK2UqA5xd4tyQ4mXUSapaF5pnk and the result is this:

https://www.blocktrail.com/BTC/tx/9965e400ded39a03e5389a3de82145da0e1aeac111893c9ada65403dfa232e9f

This not seem my jaxx wallet: https://blockchain.info/address/1ESzuTV3cLcGg83ftWunucxppSrkH65Dem

Someone hack me and replace the address?

What's goin on?

Any help would be appreciated.

Topic: Transaction to wrong wallet 18btc (possible clipboard hack) (Read 765 times)