Bitcoin Forum

I have been in the crypto space since 2017. Ever since then I have only experience 1 hacked on my eth wallet back then I make use of myethwallet to create all my wallet and this wallet consist of a private key which I always safe guard with every means possible, my greatest mistake back then was saving my private key on my email which I think that's where my hijacked was from.. until when I bought a new PC which I was using peaceful until it developed a hardware problem which requires me to change my Hard-disk and new operating system was installed. I used my hand to install my browsers activate my my metamask, logged on to it and try to send out BNB from my metamask to my Binance Receiving address.
I just copied my address as usual from my Binance and pasted it on my metamask and authorize the transaction.
After 30 minutes of the transaction i decided to check if the coin has actually arrived, but nothing was showing on my account.
I went back to the transaction hash and check the address which received the BNB and I realized it was an address which I have never seen in my life.

The hackers address (0xbed9dA8f130aCC29F2580df183F3995eff78fb4D)

I later went to Google and searched for the address and I realized this kind of scam/spam has been in existence for years and I just happened to know about it after I lost my crypto.
 Saw a post about the virus which was post on reddit https://www.reddit.com/r/EtherMining/comments/mlvqd0/clipboard_virus/

Don't know how the hackers were able to get to my pc. All I know is that any address I copy which is similar to eth address automatically change to that of the hacker. I don't know if any one here have experience anything similar to that.
I stopped using my pc to run bsc/eth transaction until I was able to solve the issue and everything was fine again .

If anyone is also having same issue you can follow the Instructions from the article below and get ride of it.
https://www.2-spyware.com/remove-clipboard-virus.html

Even as I am sure the virus is off my pc, I still cross check my wallet about 3 good times before I execute any transaction again.
Can't allow the mistake to repeat it's self.

A few of my newbie friends have experienced the same clipboard phishing on one of two occasions and all thos were because they clicked some links that were sent to them in an unsuspecting manner, so I advised them never to click on any link sent to them via spam mails and through telegram, because those are the popular means hackers use to get access to either your PC of phones. Hackers are on rampage so one need to be extra careful to protect your devices from being cloned by hackers.

I never encountered this malware since I almost never send any of my holdings at all, but this thread kind of reminds me of that thread made by LoyceV back in 2019 on how you can possibly lose your coins with just doing the usual copy-pasting method.
Usually I check the last 5 characters of any addresses I input whenever I do transaction regardless of what amount.

@OP Good to hear that you already got rid of it to avoid further losses. That would be so traumatic in my end knowing that I sent it to the "hacker's address".

---

This was the thread that I was referring by the way : How to lose your Bitcoins with CTRL-C CTRL-V (https://bitcointalk.org/index.php?topic=5190776.0)

Thanks for the awareness and the tips on how to remove this malware infection.
I have been years using my PC and my laptop but I have never encountered this clipboard malware infection, maybe I'm just being careful downloading unknown sources, especially those that are not safe to download.

However, to avoid this a simple action might be to check the address before sending if you copied the right address the 3 digits from the start and 3 digits at the end of the wallet address that you wanted to change, double or triple check would be better.

In what OS did you install? Is that Windows? Then if it's windows did you download the OS directly from Microsoft? if it is not from Microsoft then you are using a modded Windows OS there is a big possibility that someone has access to your PC because you are using a modded OS which is edited by someone.

Or if you are using the original OS from Microsoft then I'd suggest you always use a tested Anti Virus to protect you from any kind of virus like the Clipboard I don't use the free one from Microsoft I use Kaspersky total security because it also has a browser extension that could help protect your browsing activity. I've been using it for many years until now it gives me the best protection than the other AV.

Window 10 Pro is what was installed.
No I did not purchase it directly from Microsoft, all my pc softwares and OS are always installer by my pc repairer and this was my first time of experiencing such issue. What I don't know is if he directly got the OS from Microsoft or not. Will have to ask him that tomorrow.

One of my devices got infected with this clipboard malware few years ago, too. Fortunately, I noticed that the pasted address didn't match the original one so I knew something was wrong.
I advice you to format your pc and reinstall the OS and make sure to download all the softwares you need from their official websites. Personally, I wouldn't trust any Anti-Malware or anti-virus. A full reinstall of your OS is what you need to do.

I always try to make a minor transaction (from my wallet or from exchange) and if it goes correctly, I will do a next bigger one to complete my trade with the amount I want.

It is helpful if the coin you choose for transaction does not cause too high transaction fee or withdrawal fee.

Don't use cracked softwares because shops will integrate unknown things that can be hazardous ones in bad case.

In addition, consider to use Tail OS if you use a public computer.

• How to Install Tails OS on USB flash drive for Wallet Purpose (https://bitcointalk.org/index.php?topic=5228801.0)
• Officially visit websites & download apps, not fake ones. (https://bitcointalk.org/index.php?topic=5259689.0)

Prevention is better than cure and Anti Virus softwares can not protect you from completely new hazardous virus.

My hunch is that this is how you got your clipboard hijacker virus, that is, if you're sure you've never clicked on links that you received in your emails, social media, or any online messaging apps.

I advise you to visit official service centers rather than ordinary PC repair shops. I don't know where you're from but in my place, repair shops normally use crack or unofficial versions of softwares downloaded from unofficial sources. And, worse, they also update these crack versions. This is usually what you get from wanting to have things for free or dirt cheap.

If you didn't reinstall your OS and instead just managed to remove the malware using whatever software, just reinstall your OS. That's the only way to be totally sure that your device is clean.

I guess it's not directly from Microsoft most of the Computer/Laptop repair centers here in my country use Windows OS from other sources and use Activator like KMSauto to bypass or to activate the Windows license. Which I think is the reason why the newly installed OS is being infected with the clipboard virus.

Don't follow this man below if you don't protect your PC you are vulnerable to any malware attacks and viruses.


Without them, you are vulnerable to any attacks hacks, viruses, and malware.

If it's not a genuine copy, most likely it came from a pirated website for which the developers of those pirated Windows copy have a backdoor that  was able to insert you the clipboard virus/malware.

IIRC, I've seen it somewhere and that's why it is advisable to get a genuine copy. Aside from that, there could be some apps that were downloaded that contained the malware. It's either of the two and there's really a source for it because if there's none, you won't get that clipboard virus.

many can be the source of clipboard malware. it can be from windows that are indeed inserted with malware or some websites that insert malware which will automatically be downloaded. I often get warnings about dangerous websites. some of my friends experienced cases like this and a powerful way is to reinstall windows. make sure to use original windows and don't use pirated windows, because they are very vulnerable.

I've had cases like the one you wrote. Luckily, I always check twice when I send coins. So I find it strange why different from what I want. This virus seems to be coming from an app I've downloaded. It seems that they inserted a virus, and strangely, the application I installed did not even appear in the list of applications. At that time, I had a video editing task, so I downloaded Videopad.
It looks like this virus is sticking to Chrome like AddOns. I tried to delete it but it always came back. Finally, I reinstalled Windows to get rid of the virus. What is certain is that we have to check again when copying and pasting the wallet address, so one of the cars avoids clipboard viruses.

Don't trust anyone, learn to install the OS yourself because it's not something that requires great expertise - and you can download W10 from the official Microsoft site, and (if nothing has changed) use it for free with some minor restrictions. Furthermore, do not base your security on any desktop hot wallet, and you should also be careful about which websites you visit and what you download to your computer.

In addition to all that, it would be good if you have one of the better (paid) AV, because maybe just such software will protect you from computer infection in a moment of carelessness. Last but not least, do not save your wallet backup in digital form if it is not protected (encrypted), it is a big risk and you should avoid it.

This kind of problem can only happen when you click a fake link on the internet. My brother trust wallet got hacked because he click on airdrop link him saw online. A bot was installed on his wallet that constantly move away bnb send to his wallet. I suggest we all be careful on the kind of link we click on the internet

The best way for one to be safe is to mind what you click at every given time online. I really don't know how this hackers make their way to people's PC.
From your explaination it's clear the window you were using before you fixed your issue was actually corrupt and tempered with. Have not experience such before but most of my close friends have in one way or the other.
Their are other similar cases where a use means of airdrop to penetrate users address just by telling you to click on links and claim their tokens, I always advice those who are in the Blockchain system to mind the kind of emails they open, who and who can touch their working device. Like one of the User here have said we should always cross check out wallet no matter how sure we think our wallet is correct check before approving transaction.

It can't be when you click or follow an unknown link, as the OP explained. Such errors can occur as a result of virus issues, or as a result of malware that some hackers use on various browsers to gain access to people's transaction addresses. That is why the OP provides a solution to this problem, but always double check your address before proceeding with your transaction.

The OP is interested in cryptocurrencies, and at the same time does not know how to install operating systems. For me, this is nonsense. How can you trust your computer in our time to anyone at all? Master or friend, father or mother. If you're worried about security, just don't trust anyone.
Drop everything and learn how to install Windows, and maybe Linux. The wizard will easily install a licensed Windows for you, according to him, but in the same way, he will install a keylogger for you and will monitor and log your every word. Learn to monitor the task manager, what is running on your computer, regularly watch startup, there can be many such trifles. Sometimes antivirus can skip malware as hackers advance in their knowledge. You also have to keep up with the times. Constantly learn about new dangers.

Using PC to store anything crypto is a very big risk, you start browsing the web in a minute you got spyware or malware tailing you already, it's just too risky, I prefer using a smartphone to open a trust wallet instead.

Chances are you might have visited a compromised or hacked web address that got your PC infected with this malware attack or you have used an infected removable disk or installed a malicious software on your device. I think you need to go through your PC and check your most recent activities or alternatively you can backup your seed phrase and format your PC then ensure you only use softwares from recognised web pages and install softwares form authorised links. Lastly avoid clicking advert links and spam emails. Cross checking your address for every transaction is a secure approach but what if you forget to cross check. Avoiding phishing links will do a lot of good

This is not a new scam method, only that you just realized.
LoyceV made a post about it in this thread (https://bitcointalk.org/index.php?topic=5190776.msg52682018#msg52682018). The thread contains some countermeasures or should I say solutions to this kind of attack, should you still feel unsafe about your PC. Give it a read.


Oops, I just checked back on the comments posted earlier and it seems OP already pointed that out >:(
Nevertheless, give it a read.

This has been discussed too many times already and why we must be careful at copying and pasting something. There is a thread where it explains what could possibly happen when you copy and paste (ctrl + c and ctrl + v). That's why we should always check everything that we pasted if it's what we have copied before sending if it is about transactions. This is not just for Bitcoin but all for crypto transactions you do. Here's the thread I was talking about How to lose your Bitcoins with CTRL-C CTRL-V (https://bitcointalk.org/index.php?topic=5190776.0).

Thanks for sharing the bad experience you encounter through saving your private key your email account which is very bad experience to losses his asset, because hacker can easily access the account through virus to scan laptop as long is connected online and it can be easily collect to email, respect to private email, which can not be reset, therefore saving your private key offline or hardware is the best and is more secured and reliable.

I also hope that if OP would still choose Windows at the end of the day by him/herself, s/he would really get the legitimate ones as the pirated ones surely have some malware in them. My friend long time ago had to ask me for an advice before that something feels wrong with his machine even though it was a "clean install" and I just found out that there was a weird "EXE" file running in the background in Task Manager that should not be there.
He installed it by himself and he used the usual pirated ones and it is not even illegally activated yet.
At the end of the day, I just gave him the word that he should buy a legitimate copy of his Windows instead or go Linux if he prefers it.

Take note also what the OP is trying to point out about the dangers of copy-pasting stuffs.

I've always questioned why metamask wants access to your clipboard (Google Chrome extention) and therefore have stayed away from it. Should I buy a seperate device just for metamask or stay away?

Update on this.
The Procedure which I followed to remove the virus on my PC I guess it was temporary as I realized the clipboard virus is still their, try making transaction this morning and notice same old thing.
Have decided to go get new OS tomorrow to be on the safer side.

Clipboard malware or not, if you verify the transactions you are making you would notice that the addresses don't match. Too many people are way overconfident and don't check anything and want to finalize and broadcast their transactions as soon as possible. Check the letters and numbers of the address character by character to make sure they are identical. When you are done checking, check again. Use a hardware wallet to be certain that the two addresses match. Hopefully, you won't make the same mistakes again. 

I'm sorry that it's went so shitty. Going through this is terrible. I didn't know about this kind of scam, thank you for the awareness!

It's been long since I created this thread. Just want to bump it up so that Newbies who is not aware will take note of the clipboard virus... I just happen to come across few victims of same incident yesterday it was really painful to here their story how they both lost almost a sum of $300 both in token and BNB.

???

You should not be storing your cryptocurrency on any internet-connected device, especially not on a phone (which can be stolen easily) that is extremely susceptible to phishing attacks via email and SMS messages wherein you have no idea that you were hit by a virus.

Of course, this can happen to PCs as well, but at least there is decent antivirus software available for such devices.


Is the $300 the combined total stolen, or roughly how much each of them lost?

Total stolen from 2 different person's, they where victims of using a pirated OS from a non trusted software deal, the first person purchase the OS (window 10 professional) and share with the 2nd person to install not knowing the danger they where involving them self in.
It could have really been a greater loss if the 300$ was individually because they could have completely be broken down calculating on their present financial status.