Bitcoin Forum

Brothers and sisters is it possible for PC keyboard to get compromised and reveal your private keys to hackers? How are they doing it? I read a comment on Reddit about a guy that lost his keys to hackers through a keyboard hack, is it in form of Trojan or Malware?.

Its possible for hackers to monitor your computer activity through some malware and even possibly get access to your private keys. And even if they fail to gain access to your private keys they might still be able to change your wallet address (this is for users that do copy and paste wallet address). Some trojan/malware could be able to change the wallet address to the hackers address and if you proceed with the transaction without noticing the change of address that could lead to you losing your funds.

This is a thread created by @loycev explaining how to lose you funds by copying and pasting  How to lose your Bitcoins with CTRL-C CTRL-V (https://bitcointalk.org/index.php?topic=5190776.msg52682018#msg52682018)
Here's also another case of clipboard malware Warning! Be careful when you copy and paste bitcoin address from Electrum wallet (https://bitcointalk.org/index.php?topic=5159768.msg51643352#msg51643352)

This article is old, and there may be a reason since then for it be less feasible, but back in 2016 it could be done on a wireless keyboard.
https://www.hackread.com/wireless-keyboard-hacking-keysniffer/

In 2019 they were still talking about it in some articles:
https://arstechnica.com/information-technology/2019/03/how-a-wireless-keyboard-lets-hackers-take-full-control-of-connected-computers/

Still talking about it in 2020:
https://wyzguyscybersecurity.com/can-your-wireless-keyboard-be-hacked/

And in 2022:
https://www.more.net/news/can-a-wireless-keyboard-be-hacked-5712

I’d say that it’s seemingly feasible on wireless devices, although it’s way more likely to happen through software, as pointed above (with way more attack vectors over your data, mnemonics, addresses, or whatever).

Keyboard hack? If it's a malware/virus it might be a key logger or clipboard malware or similar. I don't know i just heard about. it.
Although it is not really impossible, actually hacking wireless device is possible too including keyboards.

The article linked below might be a good read.

Hackers can practically do anything but one thing must be meet before they can be able to carry out their actions and that is there must be negligence, error or complete irresponsibility from the victims part.

Yes it's Likely that hackers can get hold of those very sensitive emotions and they have several ways of doing so. Personally I have seen many keyboard application dropping ads on social media some of this keyboard originated from scammers and have processes that may demand you giving it full permission. This could be how they can monitor and get assess to sensitive information

The most common scenario is through a keylogger, which is some form of surveillance tool that is used to monitor every keystroke you make on your device. The recorded keystrokes which may include the victim's log in credentials are then sent to the hacker.

A keylogger can either be in form of a software or hardware. But for the hardware to be used, the hacker has to physically access your device and install it.

I think the keyboard itself doesn't have such a thing to reveal private keys to hackers unless you bought a keyboard that has an extra device that can record any keystroke you did using the keyboard.

I think it would be safer if you are going to type any private key or going to backup the private key always use a device that doesn't have an internet connection to avoid them(I mean never connect it online).

If we are talking about real keyboard (device) hacking, I guess anything is possible if the hacker had physical access to your device. If we consider that there are USB cables that can steal coins from hardware wallets, we can assume that something similar can exist for keyboard hacking as well. For example, someone can create a USB device that connects between the keyboard and the computer that will register everything that is typed on the keyboard and record it in internal memory or wirelessly send the data to the hacker. If this device is plugged into your computer while you are typing, it can record all the characters that you type. And if the hacker has access to this data, he or she will be able to recover your passwords or private keys.

I'm not sure if it's possible that the hacker will be able to have that fully remote control of your keyboard. But how they're going to gain access to the private key if it's not stored on your PC? It's better to be like that and keep your keys offline. And basically, with the description of what you've said, it's likely the clipboard malware that gives a different address whenever you're going to copy-paste your address when you're about to make a transaction and transfer it to your own addresses so, instead of yours, the hacker's address is the one appearing. If you're not keen enough and you don't check the address before you send it, you'll send it to them wrongly.

Aside from what Cantsay mentioned,  keyloggers would be one of the things that could have caused that. Did that guy have his PC remotely controlled by someone? It is possible that a third party planted a remote keylogger to that guy's PC.

Never let a random technician just get remote access to your PC. They usually use software like Anydesk.

What you said is actually true but I think he wasn't referring to when the hacker has close contact with the HODLer; your points are self explicable and could be possible only if they're together.
What he meant was if it were possible that privkeys were lost to some phishing site, just for either saving an auto display passphrase or however... In their external keyboards?!
Though, I learnt that there are a lot of softwares that could be injected....but still, this will need the hacker close by. Hacking is not that an easy process though, but let's be careful out there; when it comes to the software part of navigation.

Sandra 💇

If someone asks for your Anydesk access, that was too easy for them to hack your computer but not sure if this still works if you turn off your computer as it changes everything when you open it. I'm also worried about this because I often use this application (and many people do this remote access).
Well, whatever it is hackers have their ways on how to hack our PC without noticing it, they are smart and smarter than normal PC users. We are too unlucky if we become their target.

A keyboard is an input device. Be it hardware or software, they still serve the same purpose and sends the same binary data set to the computer or electronic device. A hacker might not necessarily have to take control of your keyboard to know your private key or seed phrase. Having a compromised system is all it takes as, there is the possibility of a malware which works by phishing for your codes on some apps without you even knowing.
The next you know, you've got all your funds sent out and you can't trace or recall when you ever became that careless in handling your gadget or had any friend or neighbour to handle your gadget and still, your funds are gone. Its simply the work of a malware, mirroring your codes to the hacker.

There are many ways in which your private key may be compromised and intercepted by hackers, but if we are talking about keyboards specifically, then the most common ways to achieve that is either through different keyloggers or clipboard malware. Keylogger may register all the keys that you press on your input device and send to a hacker specific sequences of keystrokes that look like a random private key. It can also be used to steal other personal information, such as passwords to your bank account, email, or an account on an exchange. Clipboard malware may steal the information that you put into the clipboard by pressing Ctrl+C. It either filters and sends your private key directly to a hacker, or it can replace inserted information with anything the hacker wants. For example, it can detect that you copied a bitcoin address to send coins to, and this malware just replaces this address with the hacker's one.

Most likely, the OP was asking about keyboard hacking. And this is possible if it is wireless. Thanks to DdmrDdmr for providing links and new information. As the saying goes, "live and learn." Being paranoid, I learned a lot about the possibility of hacking wireless devices, and as you can see from the articles, everything can happen even without the fault of users. An attacker can be in the zone of our Bluetooth device in order to carry out one of several attacks. Therefore, despite some convenience of using wireless devices, it is still recommended to work with a wired keyboard and mouse, which I changed at the speed of light. :)

Just stay away from malware. One of the best way you can stay away from malware is by not using your device to access what could give your device malware. Examples are clicking on ads and unauthorized emails which can lead to a means malware can be installed on your device. People are just accessing online as they like without avoiding ads. Also other ways are the files you transfer from another device to your device which can contain malware.

There are different types of malware, a Trojan or Rootkit are malware that can be able to steal information from your device.

Malware can be used by hackers to monitor the activities on your device, the apps you click on and all what you are doing on your device can be revealed through malware. If you store your seed phrase or private key on your device, or you are using an online wallet, this type of malware can be used to compromise your computer and reveal the seed phrase or private key. It can also be used to know your login details through the password saver or manager on your browser.

Malware like a well designed Trojan horse is capable of revealing your 2FA. You device can be monitored. Keyloggers can be used to know what you typed from your keyboard (but not able to know the ones you input through virtual keyboard which is the reason some wallet has it)

I will advice you to know how to prevent yourself from these malware which is simple and most important.

I really can't accertain it's possibility, but I don't  think this will easily be possible with a regular keyboard unless it's a wireless keyboard.
One way I know crypto can be stolen is changing of wallet address, which can be done using short keys like Ctrl+v without cross checking the address been sent.
Generally I always advise the use of paid antivirus from trusted and reputable softwares.

Yes it's possible when key logging malwares are installed in your system by clicking on some phishing links which is why it's advisable never to click on links you see on the sites because it could be dangerous to you.As this virus is now in your system and whenever you type some password or seeds phrases it give hackers or scammers direct access what you are typing and leaking your information to them .

This chart explain how it actually works :

https://i.postimg.cc/wMqcVH38/images-22.png

So this is why adviced never click on these links as your system will not be able to detect these spywares and your personal information is being tracked by them without even you knowing about it so when you type sensitive information they have access to it.

Turning off your PC would just temporarily close the connection between you and the other computer if I can recall correctly. This is why many scam busters in Youtube tend to advice their victims to uninstall AnyDesk completely, since there were "scammers" claiming to be a legitimate technician that would ask for a remote access to your PC.

I partly use AnyDesk to my freelance work, but then I would uninstall it once it is not needed anymore. Might be a too paranoid of a move, but it would be better for me to stay safe.

Commercial antivirus software can only do so much to avoid these threats because most of them are designed to be as discreet as possible. Until they are caught in the act by AV software, they can carry out their malicious activities without being detected. All it takes is one bad software or email attachment to infect your computer with malware that could cause serious damage. In order to avoid these kinds of situations and make your Bitcoins or other cryptocurrency even more secure than it is now, first you should use a hardware wallet. A hardware wallet is similar to a software wallet, but unlike it, hardware wallets cannot be easily hacked (as of yet) and they are also immune to keylogging software. In a nutshell, hardware wallets are one of the most secure ways of storing your Bitcoins and other cryptocurrencies for many reasons. The main reasons for that are that a hardware wallet can not be hacked remotely and, like I have said before, it is immune to all keylogging software and other malicious scripts. Of course, you may bring your hardware wallet with you wherever you want and you will always have instant access to your Bitcoins and other altcoins stored in it.

Don't you love how USB is so versatile? It can be used to charge your phone, or connect your keyboard, mouse and data storage. Or all at once without you knowing it: a normal looking USB cable can pretend to be a keyboard and give your computer instructions. Since it looks like a keyboard to the computer, it instantly gets very powerful access. And you don't even notice it when you plug in a cable to charge your phone.
Cables like the O.MG Cable (https://www.pcworld.com/article/395091/this-usb-c-lightning-cable-should-terrify-you.html) can do stuff from nightmares to your system.

Clipboard hacks and keyloggers are very popular but still I don't joke with my PC, avoid inserting any USB Drive in your PC, this days it's better to use Sender software to send file to people, do not plug their own USB whatever into your PC, you don't know what they may have in mind for you.

It is very possible to get your private keys. If you are using public pc which is very common here in my country and those who plan to do that can install a program that records everything you press on the keyboard. The other one is clipboard hijacking or clipboard malware which will change whatever you just copied on the internet. For example, I copied bc1address but when you paste it became bc1address2.

Dang, I could not imagine people buying this to mess with people, although I was expecting somehow that these kinds of cable exists anyway since it is USB.

I was thinking of getting a wireless keyboard back in the days, but meh I ain't risking my security as well with dongles these days considering that hardware keylogger were always there to screw me up. :D

I am not familiar with the specifics but I really believe that it is possible. One technique that is widely known is the keyloggers, which detects and monitor every key that you pressed. Through that the hacker can get your information such as email, passwords, etc. Moreover, wireless keyboards are more susceptible to being hacked as those that manufactures these keyboard doesn't include any encrypting method on key strokes.
Trojan is a type of Malware.
Malware is a general term for "software" that are "malicious" including Trojan.

It is very possible and one way they get access to your  PC is through spam mails. Avoid clicking any site sent by unknown users. Thos hackers send Malicious software through different means even through adverts and once anyone clicks the link the gain access to what ever device is connected to their website. Ensure to verify links sent that it starts with Https:// and also look at the bottom of ur device to see the color of the address appears in green at the bottom right of your PC before clicking on it. Alternative search for the website on any reliable search engine preferably Google.

Or you just buying it unknowingly and cheaply as a replacement to your old or spoiled mobile USB cable from one of those online shopping sites like Aliexpress only for you to plug it into your PC while trying to charge or tethering the phone to PC  ;D

I'm not so worried about a targeted attack with an expensive O.MG Cable. I'm much more worried that the tiny chip inside a cable becomes cheap enough for Chinese mass production, and millions of people will use it unknowningly. USB hubs can have the same risk.

Cables are a lot easier to protect.

For the truely paranoid: don't type sequential, use your mouse to click half way your password to continue typing a few times. I do this sometimes with private keys: I copy one part, and type another part.

---

---

It's the thing I hate most about modern cables: they all have a chip inside (meant to identify power ratings). I miss the days when a cable was just a piece of copper connecting 2 points.

I don't understand why you say that the hacker needs to create himself the device. You don't need to live with an electronic engineer to be subjected to this kind of attack actually. It's not new. A random "evil maid" just needs to look for a keylogger on Google, to be able to freely purchase one in few minutes. She doesn't even need to go on the darknet to find a cheap one for $20. E.g. https://www.keydemon.com/en/39-hardware-keylogger

Or even in Wish. I remember a lot of hardware content creators buying some stuffs from there and ended up having a different from what they were expecting. Good thing I do not cheap out on PC components anyway though I am also avoiding overspending on peripherals. :D

True. I also hate dealing with latency issues with the wireless devices.  Could be convenient for some but not for me.

Honestly, I had no idea that these devices already existed, and I answered the question "off the top of my head." But now that we know they exist, and are readily available on the market, the threat becomes even more possible and realistic. Thank you for this info.

Once your computer got or injected with the Malware, these malware can take your information such as the files, change into other format that's we called as ransomware most of the time hackers are asking for the bitcoin as a payment to your retrieved files back, also we have the keylogger once you installed a suspicious file into your computer and allowing access to your computer they can now have the full potential of the users activity, the best way is to reformat your computer and store your funds into hardware wallet.

If you download unknown links coming out of nowhere then provably they can. Hackers right now are so smart and they can do unimaginable things so best to avoid seeking for something on google search since this is where you can get those malwares. If you feel your pc is infected much better if you follow the suggestions above and that is to reformat your pc to avoid any possible upcoming attacks.

Hackers can access your computer through malware. May even get your personal information or access. And if you copy the phases then they can get your key too. And if it continues like this you will force everything into someone else's hands if you don't notice. Which you will regret later. Many have lost a lot of wealth to hackers in this way.

I like watching Kitboga, Pierogi and the rest of the dudes dealing scammers hot blows on YouTube. One of the things I've come to note about all scammers is that they can't harm their victims if the victims don't grant them access to their devices. It's the same thing with hackers. No hacker can hack anything if a victim hasn't compromised anything. When this compromise happens and the victims falls prey, they hardly tell exactly what happened. They want to paint a picture of their innocence and how they were unaware of how they were hacked or scammed. There's something called Remote Access. No one can hack a device if the victim didn't grant them a remote access to their device. It's always a link to click or a set of codes to enter and the scammer is with you. That I learnt from YouTube, following those dudes I mentioned above. So, if one stays without clicking on suspicious and irrelevant links there's no way they can get malware.

All of these malwares are worst.

They're all targeting our files, and for these ransomwares, they're using the files as hostage and making the victim believe that they've got the password for the encryption of it.

I've read some victims have said that there's really no password on the ransomware that they contain and that's part of the hack and scam that these hackers do. Whilst I've read also from some of them that have given the password for encryption about paying the ransom.

Needless of that, don't be a victim of them and avoid those pirate and crack websites, don't download there. If a license is needed to get paid and you need it for your productivity, just buy it.

Oh hey! I also watch them and Jim Browning as well. Kit is even streaming as of writing this.

The script are almost the same to each and every scammers not gonna lie. It is just that those typical refund scam usually and they require remote access to your PC claiming that they will connect you to a "bs" secured server of whatever company they were from, be it Geek Squad, Microsoft, Norton, etc. It is quite scary that they were really up to loot whatever you have in your PC as they could already had planted some malware or "backdoor" in your computer giving them almost the full access to it without your knowledge.

It's good to know someone else here watches and values their efforts. Those dudes are of a great service to many of us who dwell on the cyberspace, with their attempt at sanitizing it. I've watched a clip where Kit and Jim Browning (I think it was him or Pierogi. Can't be too sure anymore) combined to disrupt scammers' peace. There's also Trilogy Media, those guys are equally good too.

Oh yeah, I forgot to mention them. Not gonna lie, that guy Jaani has some inspirational story after he changed his ways. I have not watched Kit and Pierogi together yet though since I believe they do not have the same "methodology" in disrupting scammer's time. Both of them are great still. :D

ScammeRevolts is also worth watching, since we can see how he messes with the scammer's computer files and what usually these scammers are storing in their PC files.

If you must stay long without being hacked or compromised your wallet phrase or private keys you have to deal with conscious whatever you are clicking on the internet or some forms of links they send you and file before opening it, keyboard doesn't only enables hacker to steal your funds but a keyboard board virus could make you lost your private keys and phrase. (https://arcticwolf.com/resources/blog/8-types-of-malware/)

In addition to all the above answers, I accidentally came across an article that talks about the possibility of removing the password from the keyboard in 0-60 seconds on a thermal trail. Scientists from the University of Glasgow told about this and developed a really effective ThermoSecure model for recognizing keys pressed by a thermal trace.
Source link: https://prog.world/removing-the-password-from-the-pc-keyboard-after-0-60-seconds-by-thermal-trace/
As an option to ensure the safety of your device, in public places when using the keyboard, it is better to cover it not only while entering personal data but also for 60 seconds after that.

The only ways this would seem to even be possible is if you got some malware with a keylogger included- this wouldn't be in the keyboard itself or if using a wireless keyboard and you somehow got infected firmware- this would seem to affect some kind of module within the keyboard.