ETH amount hacked by Clipboard attack!

[tusherk800]

Hi friends,

Yesterday one of my friend got hacked by pishing. I mean by clipboard attack. He lost his ETH. It is very dangerous hack.
Clipboard attack can change and know any data while you copy and paste.

So, Be careful while you do copy and paste your password or address. Check every time after pasting your translation address.


And you can also use a manual technique which is unique.

Wherever you save your address or private key will remove/change one digit and save it. but you have to remember the digit. because when you will paste anywhere you have to add the digit by checking the address.

This technique is useful.

No one could hack you even though they have your password.

because only you know the correct password.

Thanks.👍✌️

Friends this awareness in not only for Ethereum but also for all crypto asset. I hope this thread will make us aware and will make more educated.

[hase0278]

Thanks for the tips OP but I think that method is only effective at preventing yourself from being a victim of the clipboard attack. Also, that method will not make you 100% safe from that kind of attack because the hacker can try to just brute force the character you have edited since he got a clue on how your private key is structured(since you will only edit 1 character). Instead of editing only 1 character, I think editing 5 characters at least will make it harder for the hacker to access your wallet.

[tusherk800]

Thanks for the tips OP but I think that method is only effective at preventing yourself from being a victim of the clipboard attack. Also, that method will not make you 100% safe from that kind of attack because the hacker can try to just brute force the character you have edited since he got a clue on how your private key is structured(since you will only edit 1 character). Instead of editing only 1 character, I think editing 5 characters at least will make it harder for the hacker to access your wallet.

Thanks, mate. I think it will be more hard for the hacker and we will be safer.

[bartolo]

Thanks for the tips OP but I think that method is only effective at preventing yourself from being a victim of the clipboard attack. Also, that method will not make you 100% safe from that kind of attack because the hacker can try to just brute force the character you have edited since he got a clue on how your private key is structured(since you will only edit 1 character). Instead of editing only 1 character, I think editing 5 characters at least will make it harder for the hacker to access your wallet.

Thanks, mate. I think it will be more hard for the hacker and we will be safer.

In the case of the private key it's best to write it on a sheet of paper, or in two if possible. If not, you will run the risk of forgetting the digits or letters that you have changed and in addition you will still be at risk of being hacked and that the attacker discover your trick, especially if you only change one or more consecutive characters at the start or at the end of the private key.

[Mt. Dempo]

very dangerous, I always use the clipboard when I want to enter myetherwallet and it turns out that it is a crack to hack my wallet, this is terrible. thank you for your warning and I will use the technique you provided.

[dataispower]

Hi friends,

Yesterday one of my friend got hacked by pishing. I mean by clipboard attack. He lost his ETH. It is very dangerous hack.
Clipboard attack can change and know any data while you copy and paste.

So, Be careful while you do copy and paste your password or address. Check every time after pasting your translation address.


And you can also use a manual technique which is unique.

Wherever you save your address or private key will remove/change one digit and save it. but you have to remember the digit. because when you will paste anywhere you have to add the digit by checking the address.

This technique is useful.

No one could hack you even though they have your password.

because only you know the correct password.

Thanks.👍✌️

A great idea, we will change some characters in the password or private key and we have to save those characters somewhere else. I will do it this way, It's a bit of a hassle every time I log in, but it will help me stay safe if I'm attacked

[butka]

So, Be careful while you do copy and paste your password or address. Check every time after pasting your translation address.
[...]
And you can also use a manual technique which is unique.

This is one of the oldest tricks in the book, but it doesn't mean it is less effective. If you are in a hurry, you can easily overlook that the pasted address is not your intended address.

I don't think manually entering the address is an efficient ways to prevent such an attack. If you often make a lot of transactions, it can be a tedious job. However, for larger transactions, even that is possible.

A vanity address (I have no idea if Etherum has vanity generators, probably yes) is a nice thing to have to counter this kind of attack. You cannot miss noticing that your address has changed.

[VanDeinsberg12]

Hi friends,

Yesterday one of my friend got hacked by pishing. I mean by clipboard attack. He lost his ETH. It is very dangerous hack.
Clipboard attack can change and know any data while you copy and paste.

So, Be careful while you do copy and paste your password or address. Check every time after pasting your translation address.


And you can also use a manual technique which is unique.

Wherever you save your address or private key will remove/change one digit and save it. but you have to remember the digit. because when you will paste anywhere you have to add the digit by checking the address.

This technique is useful.

No one could hack you even though they have your password.

because only you know the correct password.

Thanks.👍✌️

I have seen so many people have been getting the same case as your friend. Basically your friend's PC has been affected by ransom ware that has copied the scammer's address to the clip board. You should remind your friend to keep update and never try to click on any suspicious link. It seems like your friend being trapped by scammer.

[talkbitcoin]

that is why you use cold storage!

for ease of use and if you have a considerable amount you just simply buy a hardware wallet and make yourself safe.
if you don't want that they you create a wallet offline and then use that to always sign transactions and then broadcast them online. you can even use MEW for this. there is an offline use section in it. you just have to download the website's source code and have it offline then move between the two systems.

of course it goes without saying that you should always double check everything and never install things you don't know or visit sites that are shady.

Ps. BIP21 that bitcoin has can prevent this
you just click a link and it fills the information inside your wallet without using clipboard or needing any copy paste.

[jarojak]

Password and other account security related is biggest problem nowadays.  Too many apps, accounts and passwords makes people can not rely on their memory to remember all of them.   Sometimes I already forgot my password as soon as I quit the apps I just sign-up, so I have to write it down on notes.  Thanks for the good tips.

[jhenfelipe]

Copy Paste Malware/Virus.

If you don't want to be a victim, just don't rush when payments/transactions are involve. Tbh, it should always be like that, right? ( well, for me it's a MUST). A minute or two would be enough to double/triple check the address/private key that we pasted.

I have seen so many people have been getting the same case as your friend. Basically your friend's PC has been affected by ransom ware that has copied the scammer's address to the clip board. You should remind your friend to keep update and never try to click on any suspicious link. It seems like your friend being trapped by scammer.

Ransomware is different, the malware encrypts your files and it will not be decrypted unless you pay a ransom to the address given. Friend of mine experienced it, but he didn't pay and decided to just reset the PC (fortunately he has a back up of the files)

[Raggie]

Hi friends,

Yesterday one of my friend got hacked by pishing. I mean by clipboard attack. He lost his ETH. It is very dangerous hack.
Clipboard attack can change and know any data while you copy and paste.

So, Be careful while you do copy and paste your password or address. Check every time after pasting your translation address.


And you can also use a manual technique which is unique.

Wherever you save your address or private key will remove/change one digit and save it. but you have to remember the digit. because when you will paste anywhere you have to add the digit by checking the address.

This technique is useful.

No one could hack you even though they have your password.

because only you know the correct password.

Thanks.👍✌️

Honestly i dont know about clipboard attack. How can the hacker know what kind of text copied by me ?
Yes, i am always double checking my pasted address when i want to send some of my coins to the other address.

[miyaka26]

It was not just a clipboard attack, it was infested with a virus to infect the copy and pasting of wallet address changing it to hackers wallet address, whenever I paste my own address I always double check it before engaging to any transactions, better to scan your own pc with a decent antivirus, keep your OS updated to patch, don't run any suspicious program.

[roadwell890]

thanks, very good advice, indeed I also have a sense of suspicion of some applications on my computer, because some applications, have access to what data we are copying and we will paste, so, I always do tricks like the you say,
and until now, my funds are safe

[bundo]

Hackers Steal Virtual Currency Ethereum It often happens and always finds loopholes. with a review that you write, hopefully everyone will be more careful in maintaining their assets.

[Slash61]

Thanks for the tips OP but I think that method is only effective at preventing yourself from being a victim of the clipboard attack. Also, that method will not make you 100% safe from that kind of attack because the hacker can try to just brute force the character you have edited since he got a clue on how your private key is structured(since you will only edit 1 character). Instead of editing only 1 character, I think editing 5 characters at least will make it harder for the hacker to access your wallet.

Thanks, mate. I think it will be more hard for the hacker and we will be safer.

In the case of the private key it's best to write it on a sheet of paper, or in two if possible. If not, you will run the risk of forgetting the digits or letters that you have changed and in addition you will still be at risk of being hacked and that the attacker discover your trick, especially if you only change one or more consecutive characters at the start or at the end of the private key.

But I think storing it in memory that is not accessible to the network or can be called offline will be safe because hackers do not have network access to retrieve it, indeed the main mistake is that each of us does not pay attention to the original site and does not pay attention to public connections, it is very risky to use it arbitrarily, so pay attention to its own level of security if after all is lost, everyone doesn't want to know.

[Noobaru]

Very unfortunate, I'm sorry. We can all just hope we won't get affected by these attacks as well. It's very hard to concentrate and do things right when you are in a hurry and adrenaline starts pumping in.

[temilade200]

I think this is actually one of the safest ways to prevent being hacked. Hackers are seriously at it. They are devising different ways of hacking into the wallets of innocent ones. That is why the use of hardware wallet is advisable. With that you will be 100% safe and there won't be any fear of someone hacking into your wallet.  If you are yet to get yours, then do not copy paste your private key directly to anywhere.

[steve_rogers321]

That's an interesting post. We need to be very careful while surfing on internet as the rates of hacking through malware and phishing websites have increased a lot. I rather prefer writing the passwords on a paper and store it somewhere safe.

[cryptoking252]

Thanks a lot for this tip and for giving the people a heads up regarding this. It is a bummer that there is a crack on the wallet and that all of these can be done using clipboard.