Something not right.

[nc50lc]

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.

Probably because of those "low-level viruses" that can infect at binary level.
High-level format, aka: "format disk" or "delete partition" doesn't actually delete most of the files' traces, that's why it's possible to recover them using deleted file recovering tools.

Low-level format (zero-fill) should work in those cases, but that involves professional software tools.

[1714105226]

1714105226

[1714105226]

1714105226

[1714105226]

1714105226

[Bitstarzisascam]

The easiest way to check if you have been infected with a clipboard virus is to just copy any address, paste it somewhere and check if it is the same address that you copied.
Here, 34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo, I think this one belongs to Binance. Copy it and paste it in an empty document. Is the pasted address the same as the one I posted?

If it changes - you are infected with a clipboard virus.
If it stays the same - you are not infected with a clipboard virus and either your friend gave you the wrong address, you copied the wrong address or there was a bug with blockchain as suggested by some users.  

NOPE



It gaves me this 34xpbico3XJkx1eEn5D1toHgVQnPjzqS3P (when my RDP was on)

I tried it again now with my RDP turned off and it gaves me the same address, I found the issue guys, I think my Business remote control desktop is hacked, because when I'm connected to it, I copied paste that address you gave me and it gives me the hackers address above, now when I turned it off I copied pasted it again and its the same one  "34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo" So I think it's the RDP that caused this Somehow I never seen such thing before.

[prix]

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.

Probably because of those "low-level viruses" that can infect at binary level.
High-level format, aka: "format disk" or "delete partition" doesn't actually delete most of the files' traces, that's why it's possible to recover them using deleted file recovering tools.

Low-level format (zero-fill) should work in those cases, but that involves professional software tools.

There are malware which edits the firmware of the disk and then even full formatting will not remove the malware.
Therefore, advice for paranoid people is to replace the disk (perhaps flashing it will solve the problem, but who knows).
For even larger paranoiacs - replace (reflash) the motherboard. But in any case there is no guarantee that everything is taken into account.
One can only hope that such utilities will not be used for the mass user. Or use hardware/cold wallets.

One example:
https://www.wired.com/2015/02/nsa-firmware-hacking/

When a machine is infected with EquationDrug or GrayFish, the firmware flasher module gets deposited onto the system and reaches out to a command server to obtain payload code that it then flashes to the firmware, replacing the existing firmware with a malicious one.
~
The only solution for victims is to trash their hard drive and start over with a new one.

[Pmalek]

I have never heard of such issues with RDP before.
In the future you need to make sure to double check which address you are about to send to. Check the first 3-4 characters, the last 3-4 characters and some from the middle of the address. That is the least you should do if you don't want to check the entire address.

[HCP]

NOPE

It gaves me this 34xpbico3XJkx1eEn5D1toHgVQnPjzqS3P (when my RDP was on)

I tried it again now with my RDP turned off and it gaves me the same address, I found the issue guys, I think my Business remote control desktop is hacked, because when I'm connected to it, I copied paste that address you gave me and it gives me the hackers address above, now when I turned it off I copied pasted it again and its the same one  "34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo" So I think it's the RDP that caused this Somehow I never seen such thing before.

Sounds like one of your machines is infected with the clipboard jacker... and when using RDP, the "shared clipboard" feature means that the clipboard jacker is able to detect and change the bitcoin address.

This particular malware seems more advanced than most, in that it appears to have a database of "similar" addresses that it uses to try and avoid detection.

In any case, you should go and run some full scans on all your machines (as a bare minimum)... either that, or backup your important data and then re-format and re-install all your OSes

[mintme.com]

I really don't think it's a malware hijacking your clipboard, do you trust this friend? I think it's more like him edited the message after being sent, was the message sent on a service that allows message editing?

[Betwrong]

Note: sometimes when you are typing your wallet address, it use to bring options of related digits, if one is not careful and small difference in your digits will produce another wallet number. And you may not verify well before punching the send. That is automatically a loss or better still a prayer answered for another person.

Firstly, no one is typing a wallet address because it would be time consuming and vulnerable to mistakes. Secondly, if that were the case, the money would be lost forever, but it would stay on the address it was sent to unmoved. As we can see, the money was moved from 14wEycrQ2eb1DAbh51z4oQ3AYCA12Qeitm (the wrong addy) to another place, which means the address was controlled by the hackers.

I suggest to everyone, when sending BTC, check twice the fist 4 and the last 4 characters. It's easy to do, and it is very unlikely that your money will go to the wrong place after the check.

[nc50lc]

Note: sometimes when you are typing your wallet address, it use to bring options of related digits, if one is not careful and small difference in your digits will produce another wallet number. And you may not verify well before punching the send. That is automatically a loss or better still a prayer answered for another person.

Firstly, no one is typing a wallet address because it would be time consuming and vulnerable to mistakes.
-snip-

You should (both) know that there's a checksum with bitcoin addresses.
If there's a typo, the chance that the address will be invalid is too high that you wont be able to proceed to sign/send.

Plus it's designed to be manually written and typed with ease (Base58).

It is therefore designed for human users who manually enter the data, copying from some visual source -snip-