Stolen BTCs from paper wallet

[NotATether]

I just remembered that my case, cause OP also could face with the same fake clone web address while generating his paper wallet - fake clone in global WWW (with the similar spelling) or fake clone provided through DNS spoofing (OP saw bitaddress.org in his web browser, but actually visited completely different IP address).

Somebody should do a write up on how DNS spoofing works and how to protect ourselves from it.

This is going to hit s lot of inexperienced people who don't know how to avoid that kind of thing.

The typosquatting is easier to spot though.

[Per42]

I lost 0.6 BTC at the same time as you (dec 10 -22), and when I googled the addresses involved it took me to this forum. And there are six other addresses that was emptied in the same transaction. And following the transfer of the BTC on and on between several addresses and tracing backwards on other "branches" you find a LOT of addresses emptied at the same time the same day. So there is no doubt the theft was made possible by monitoring the creation of the keys. It was not done on your end.

[DaveF]

I just remembered that my case, cause OP also could face with the same fake clone web address while generating his paper wallet - fake clone in global WWW (with the similar spelling) or fake clone provided through DNS spoofing (OP saw bitaddress.org in his web browser, but actually visited completely different IP address).

Somebody should do a write up on how DNS spoofing works and how to protect ourselves from it.

This is going to hit s lot of inexperienced people who don't know how to avoid that kind of thing.

The typosquatting is easier to spot though.

The problem with a write up on DNS spoofing is there are a lot of people that have no idea what DNS is never mind spoofing.

https://www.proofpoint.com/us/threat-reference/dns-spoofing

Drifting OT a bit, but still within the I typed in www.some-internet-site.com and wound up at www.some-other-internet-site.com but it still showed www.some-internet-site.com is probably one of the biggest issue of free public Wi-Fi.

Going back to a comment I made here:

They block port 8333. Or a lot of times it's the other way, they only allow traffic on ports 80 (http) and 443 (https) and everything else is blocked. They may allow certain mail RECEIVING ports (110,143,993,995) and perhaps 587 for authenticated mail send but that's it. It's free, but they don't want to deal with the hassle of people doing anything other then browsing the web. So it's all blocked. I do that for a lot of my customers who want to offer public Wi-Fi. It really is more of free web browsing, for anything else get your own internet.

Although it's about downloading the blockchain I can put a lot of rules  nto the routes that you are connecting to (so can any ISP) and hard code just about anything into the DHCP DNS serves you are connecting to (so can any ISP) so you sit down at your local coffee shop and connect to their Wi-Fi if the people operating the back end are trying to steal, it's not going to be impossible to do.

Even more so if you don't pay attentin and make sure you are going to HTTPS:// whatever instead of HTTP:// since faking SSL certificates is not as easy. Although it's not impossible.

-Dave