Bitcoin Forum
December 17, 2017, 09:58:40 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [2017-06-07] Malware Snatches 13BTC ($36,000) From Bitcoin User  (Read 4397 times)
ivanpoldark
Sr. Member
****
Offline Offline

Activity: 392


The object of the superior man is truth. Confucius


View Profile
June 08, 2017, 01:57:45 PM
 #1

It can never be said too often, but the prevalence of malware on the Internet, especially malware targeting Bitcoin and other financial software, makes it extra important today: you can never be too careful when sending Bitcoin transactions. A Reddit user today lost 13BTC, or around $36,000, when he pasted an address from his clipboard that was not the appropriate address.

    I copy pasted BTC address into electrum and confirmed the bitcoin transaction. the clipboard replaced my bitcoin intendet bitcoin address with a different one. few minutes later i discuss with friend if he already sees it in his wallet. he didnt. It sent to wrong address

This is a trivially done malware attack. Access to the clipboard is a basic functionality for user level applications, so mostly anything can see what is there. All the malware in question has to do is remain undetected and, when it notices a Bitcoin address on the clipboard, replace it with one. More advanced developers can have it actively try to swap the address with a similar-looking one. This malware can be contracted by any operating system, although for obvious reasons most renditions are probably authored for Windows. Its actual effects are avoidable by double-checking before sending. It’s helpful to highlight the first, middle, and last 3-5 characters of a transaction when doing this.

The 30 extra seconds (maximum) it would have taken for Reddit user ask_for_pgp would have saved him and his friend over $30,000.

The above recommendation goes in addition to always password-securing your Bitcoin wallet. Then it will ask for permission before sending, giving you another chance to look. Simply running a virus scan won’t save you, because new versions can be written and distributed before the virus definitions are updated, and you’re already copying the attacker’s addresses by that point.

Link to full article: https://www.cryptocoinsnews.com/malware-snatches-13btc-36000-bitcoin-user/

❘|❘ NEUFUND Re-Imagine ICOs | Connect off- and on-chain with equity tokens | Enjoy risk-free commitment
JOIN THE ICBM | JOIN THE DISCUSSION
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513547920
Hero Member
*
Offline Offline

Posts: 1513547920

View Profile Personal Message (Offline)

Ignore
1513547920
Reply with quote  #2

1513547920
Report to moderator
richardsNY
Legendary
*
Online Online

Activity: 896


View Profile
June 08, 2017, 04:55:24 PM
 #2

I feel sorry for him, but why didn't he just attempt to double spend it, but then with a far higher fee? Instead of losing his 13 BTC, he would end up losing just 0.05-0.10 BTC in fees. I once had a similar experiencel myself -- I sent 0.5 BTC to my cold wallet last year, but realized not long after that, that I have sent it to the wrong cold wallet address (an old cold wallet address that I had no access to anymore). I included a fee of 0.05 BTC just to make this transaction as appealing as possible to miners, and I am glad that it worked out well for me. Smiley

kjlimo
Legendary
*
Offline Offline

Activity: 1708


View Profile WWW
June 08, 2017, 05:00:01 PM
 #3

Wow on the double spend recommendation - didn't even realize that could be done... makes me feel like that could be an easy double spend vulnerability that someone could use to mess with in store merchants... ><

anywho... I would think sending a test amount before moving all 13 BTC would be prudent... not sure why this was being done anyway, but I would think testing makes sense... and perhaps some double checking.

CampBX for buying BTCs, Coinbase for selling BTCs or Vircurex for trading alternate cryptocurrencies like DOGEs

PM me with any questions on these sites!  Happy to help!

Bitcoin Poker at Seals                  Strike Sapphire Casino  Free games every hour & day!
  Get Free Bitcoins here.

Spondoolies-Tech or KnC Miner for the fastest mining hardware available!

Bitpay to help your business accept bitcoin payments!
1Referee
Legendary
*
Online Online

Activity: 1358

www.bitkorn.com domain for sale.


View Profile
June 08, 2017, 09:57:00 PM
 #4

Wow on the double spend recommendation - didn't even realize that could be done...
You are here since 2011, and you have no clue about double spend 'attacks'? Roll Eyes

makes me feel like that could be an easy double spend vulnerability that someone could use to mess with in store merchants...
Most merchants make use of third party payment gateways, which offers the merchants not only protection against the volatility, but also against double spend attacks. In order to perform a successful double spend attack, the initial transaction has to remain unconfirmed. As we speak, only a very few of these payment gateways accept unconfirmed transactions instantly (obviously only if they have a proper fee included), and only for small amounts.

Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 504



View Profile
June 08, 2017, 10:26:02 PM
 #5

This is perhaps the largest reason why I started using hardware wallets.  On my Trezors I view the send address on the Trezor screen and IF I click to send the transaction its only going to the address on the screen, with no exceptions.  Many of my transactions are for more than a fraction of coin so I want to be sure when I send.  100 bucks for any hardware wallet is peanuts when sending $36,000.00 as this thread's transaction did.  I hate them for what they do, but in candor there are some amazing coders writing BTC malware.  Its actually impressive and ingenious how some of it works.  Personally, I couldn't imagine going back to my pre-hardware wallet days.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
Lucius
Hero Member
*****
Offline Offline

Activity: 896



View Profile WWW
June 09, 2017, 02:49:24 PM
 #6

It can never be said too often, but the prevalence of malware on the Internet, especially malware targeting Bitcoin and other financial software, makes it extra important today: you can never be too careful when sending Bitcoin transactions. A Reddit user today lost 13BTC, or around $36,000, when he pasted an address from his clipboard that was not the appropriate address.

    I copy pasted BTC address into electrum and confirmed the bitcoin transaction. the clipboard replaced my bitcoin intendet bitcoin address with a different one. few minutes later i discuss with friend if he already sees it in his wallet. he didnt. It sent to wrong address

This is a trivially done malware attack. Access to the clipboard is a basic functionality for user level applications, so mostly anything can see what is there. All the malware in question has to do is remain undetected and, when it notices a Bitcoin address on the clipboard, replace it with one. More advanced developers can have it actively try to swap the address with a similar-looking one. This malware can be contracted by any operating system, although for obvious reasons most renditions are probably authored for Windows. Its actual effects are avoidable by double-checking before sending. It’s helpful to highlight the first, middle, and last 3-5 characters of a transaction when doing this.

The 30 extra seconds (maximum) it would have taken for Reddit user ask_for_pgp would have saved him and his friend over $30,000.

The above recommendation goes in addition to always password-securing your Bitcoin wallet. Then it will ask for permission before sending, giving you another chance to look. Simply running a virus scan won’t save you, because new versions can be written and distributed before the virus definitions are updated, and you’re already copying the attacker’s addresses by that point.

Link to full article: https://www.cryptocoinsnews.com/malware-snatches-13btc-36000-bitcoin-user/

It is so sad to read such news,lose such a nice amount of money because you not protected your PC with some basic protection like antivirus&firewall.I think this is happening on a much larger scale but many users just not report this to public.I agree that antivirus&firewall can not always protect you,but some common sense should always be present when we sending BTC.

I see this attack on some faucets,when open faucet there is already address in box and many inexperienced users claim coins for for the attackers-this is not such big problem like mentioned above,but some people will always find a way to steal from others.

       ▀
   ▄▄▄   ▄▀
   ███ ▄▄▄▄  ██
       ████
    ▄  ▀▀▀▀
▄▄
      ██    ▀▀
██▄█▄▄▄████████
▄▄▄▄▄▄▄▄▀▀███▀▀▀
██████████████████
████▄▀▄▀▄▀███▀▀▀▀▀
████▄▀▄▀▄▀███ ▀
████▄▀▄▀▄▀████████
▀█████████████████
]
,CoinPayments,
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
Kprawn
Legendary
*
Offline Offline

Activity: 1330


★Bitvest.io★ Play Plinko or Invest!


View Profile
June 09, 2017, 03:41:56 PM
 #7

Not saying this is BS, but sending 13 BTC to a friend? I would like to be this guys friend. I cannot for the life of me think that I would not double

check a address if I am sending $36 000 to someone. Yes, I have heard of this before {Malware injecting their own Bitcoin address} but I think it

is unlikely that you will not check and double check, when you are sending such a large amount to someone.  Huh

European Central Bank
Hero Member
*****
Online Online

Activity: 812



View Profile
June 09, 2017, 05:32:20 PM
 #8

I feel sorry for him, but why didn't he just attempt to double spend it, but then with a far higher fee?

he did try. there's a long reddit thread about it linked in the article. it didn't work. his attempts were repeatedly rejected.

does anyone know if the same thing is possible with a ledger nano s? the address appears in the chrome app so i assume you're still cutting and pasting on your pc.

       ▀
   ▄▄▄   ▄▀
   ███ ▄▄▄▄  ██
       ████
    ▄  ▀▀▀▀
▄▄
      ██    ▀▀
██▄█▄▄▄████████
▄▄▄▄▄▄▄▄▀▀███▀▀▀
██████████████████
████▄▀▄▀▄▀███▀▀▀▀▀
████▄▀▄▀▄▀███ ▀
████▄▀▄▀▄▀████████
▀█████████████████
]
,CoinPayments,
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!