[2017-06-07] Malware Snatches 13BTC ($36,000) From Bitcoin User

[ivanpoldark]

It can never be said too often, but the prevalence of malware on the Internet, especially malware targeting Bitcoin and other financial software, makes it extra important today: you can never be too careful when sending Bitcoin transactions. A Reddit user today lost 13BTC, or around $36,000, when he pasted an address from his clipboard that was not the appropriate address.

    I copy pasted BTC address into electrum and confirmed the bitcoin transaction. the clipboard replaced my bitcoin intendet bitcoin address with a different one. few minutes later i discuss with friend if he already sees it in his wallet. he didnt. It sent to wrong address

This is a trivially done malware attack. Access to the clipboard is a basic functionality for user level applications, so mostly anything can see what is there. All the malware in question has to do is remain undetected and, when it notices a Bitcoin address on the clipboard, replace it with one. More advanced developers can have it actively try to swap the address with a similar-looking one. This malware can be contracted by any operating system, although for obvious reasons most renditions are probably authored for Windows. Its actual effects are avoidable by double-checking before sending. It’s helpful to highlight the first, middle, and last 3-5 characters of a transaction when doing this.

The 30 extra seconds (maximum) it would have taken for Reddit user ask_for_pgp would have saved him and his friend over $30,000.

The above recommendation goes in addition to always password-securing your Bitcoin wallet. Then it will ask for permission before sending, giving you another chance to look. Simply running a virus scan won’t save you, because new versions can be written and distributed before the virus definitions are updated, and you’re already copying the attacker’s addresses by that point.

Link to full article: https://www.cryptocoinsnews.com/malware-snatches-13btc-36000-bitcoin-user/

[1713984568]

1713984568

[1713984568]

1713984568

[richardsNY]

I feel sorry for him, but why didn't he just attempt to double spend it, but then with a far higher fee? Instead of losing his 13 BTC, he would end up losing just 0.05-0.10 BTC in fees. I once had a similar experiencel myself -- I sent 0.5 BTC to my cold wallet last year, but realized not long after that, that I have sent it to the wrong cold wallet address (an old cold wallet address that I had no access to anymore). I included a fee of 0.05 BTC just to make this transaction as appealing as possible to miners, and I am glad that it worked out well for me.

[kjlimo]

Wow on the double spend recommendation - didn't even realize that could be done... makes me feel like that could be an easy double spend vulnerability that someone could use to mess with in store merchants... ><

anywho... I would think sending a test amount before moving all 13 BTC would be prudent... not sure why this was being done anyway, but I would think testing makes sense... and perhaps some double checking.

[1Referee]

Wow on the double spend recommendation - didn't even realize that could be done...

You are here since 2011, and you have no clue about double spend 'attacks'?

makes me feel like that could be an easy double spend vulnerability that someone could use to mess with in store merchants...

Most merchants make use of third party payment gateways, which offers the merchants not only protection against the volatility, but also against double spend attacks. In order to perform a successful double spend attack, the initial transaction has to remain unconfirmed. As we speak, only a very few of these payment gateways accept unconfirmed transactions instantly (obviously only if they have a proper fee included), and only for small amounts.

[Coin-Keeper]

This is perhaps the largest reason why I started using hardware wallets.  On my Trezors I view the send address on the Trezor screen and IF I click to send the transaction its only going to the address on the screen, with no exceptions.  Many of my transactions are for more than a fraction of coin so I want to be sure when I send.  100 bucks for any hardware wallet is peanuts when sending $36,000.00 as this thread's transaction did.  I hate them for what they do, but in candor there are some amazing coders writing BTC malware.  Its actually impressive and ingenious how some of it works.  Personally, I couldn't imagine going back to my pre-hardware wallet days.

[Lucius]

It can never be said too often, but the prevalence of malware on the Internet, especially malware targeting Bitcoin and other financial software, makes it extra important today: you can never be too careful when sending Bitcoin transactions. A Reddit user today lost 13BTC, or around $36,000, when he pasted an address from his clipboard that was not the appropriate address.

    I copy pasted BTC address into electrum and confirmed the bitcoin transaction. the clipboard replaced my bitcoin intendet bitcoin address with a different one. few minutes later i discuss with friend if he already sees it in his wallet. he didnt. It sent to wrong address

This is a trivially done malware attack. Access to the clipboard is a basic functionality for user level applications, so mostly anything can see what is there. All the malware in question has to do is remain undetected and, when it notices a Bitcoin address on the clipboard, replace it with one. More advanced developers can have it actively try to swap the address with a similar-looking one. This malware can be contracted by any operating system, although for obvious reasons most renditions are probably authored for Windows. Its actual effects are avoidable by double-checking before sending. It’s helpful to highlight the first, middle, and last 3-5 characters of a transaction when doing this.

The 30 extra seconds (maximum) it would have taken for Reddit user ask_for_pgp would have saved him and his friend over $30,000.

The above recommendation goes in addition to always password-securing your Bitcoin wallet. Then it will ask for permission before sending, giving you another chance to look. Simply running a virus scan won’t save you, because new versions can be written and distributed before the virus definitions are updated, and you’re already copying the attacker’s addresses by that point.

Link to full article: https://www.cryptocoinsnews.com/malware-snatches-13btc-36000-bitcoin-user/

It is so sad to read such news,lose such a nice amount of money because you not protected your PC with some basic protection like antivirus&firewall.I think this is happening on a much larger scale but many users just not report this to public.I agree that antivirus&firewall can not always protect you,but some common sense should always be present when we sending BTC.

I see this attack on some faucets,when open faucet there is already address in box and many inexperienced users claim coins for for the attackers-this is not such big problem like mentioned above,but some people will always find a way to steal from others.

[Kprawn]

Not saying this is BS, but sending 13 BTC to a friend? I would like to be this guys friend. I cannot for the life of me think that I would not double

check a address if I am sending $36 000 to someone. Yes, I have heard of this before {Malware injecting their own Bitcoin address} but I think it

is unlikely that you will not check and double check, when you are sending such a large amount to someone. 

[European Central Bank]

I feel sorry for him, but why didn't he just attempt to double spend it, but then with a far higher fee?

he did try. there's a long reddit thread about it linked in the article. it didn't work. his attempts were repeatedly rejected.

does anyone know if the same thing is possible with a ledger nano s? the address appears in the chrome app so i assume you're still cutting and pasting on your pc.