Bitcoin Forum
January 26, 2020, 12:21:35 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: How to lose your Bitcoins with CTRL-C CTRL-V  (Read 1280 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic. (7 posts by 7 users deleted.)
iasenko
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1564


Zombie mode:ON! o_0


View Profile WWW
October 09, 2019, 07:55:25 AM
 #21

Isn't it enough to check just the fist 4-5 and last 4-5 characters? This is what I do every time, if the first and last match I don't think I'm in danger.  If they manage to generate address similar to the address you are paying to with the first few characters, checking the last ones should make it super save, am I wrong?

1579998095
Hero Member
*
Offline Offline

Posts: 1579998095

View Profile Personal Message (Offline)

Ignore
1579998095
Reply with quote  #2

1579998095
Report to moderator
1579998095
Hero Member
*
Offline Offline

Posts: 1579998095

View Profile Personal Message (Offline)

Ignore
1579998095
Reply with quote  #2

1579998095
Report to moderator
1579998095
Hero Member
*
Offline Offline

Posts: 1579998095

View Profile Personal Message (Offline)

Ignore
1579998095
Reply with quote  #2

1579998095
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579998095
Hero Member
*
Offline Offline

Posts: 1579998095

View Profile Personal Message (Offline)

Ignore
1579998095
Reply with quote  #2

1579998095
Report to moderator
LoyceV
Legendary
*
Offline Offline

Activity: 1736
Merit: 5620


Most of loyce.club works again


View Profile WWW
October 09, 2019, 10:55:43 AM
 #22

Was wondering the same, how many checked characters would make the process safe?
I read that vanity gen is able to do 50mils keys per second, let's keep this number, multiply by 10 seconds and at this point, I still believe checking the first and last 4-5 characters is enough.
I can imagine malware that connects to an external server, which stores a large database of pre-created addresses.

Quote
And without having a clue I doubt the malware would store billions of addresses in text files and filling up the HDD with those.
There's also malware that monitors 2.3 million Bitcoin addresses: thanks to the public blockchain it's easy to create a list of all addresses that are worth stealing, and include a couple million similar addresses in the malware.

Isn't it enough to check just the fist 4-5 and last 4-5 characters?
It's probably enough, but I prefer a higher degree of certainty than just "probably".

GSpgh
Sr. Member
****
Offline Offline

Activity: 536
Merit: 300


View Profile
October 09, 2019, 11:53:17 AM
 #23

There's also malware that monitors 2.3 million Bitcoin addresses: thanks to the public blockchain it's easy to create a list of all addresses that are worth stealing, and include a couple million similar addresses in the malware.

Another argument for not reusing Bitcoin addresses but that's unfortunately not feasible when you have for example exchanges that issue one deposit address and don't even allow to change it manually (an argument to not use centralized exchanges I guess).
dothebeats
Legendary
*
Offline Offline

Activity: 2072
Merit: 1158


Crypto-Games.net: Multiple coins, multiple games


View Profile
October 09, 2019, 06:09:20 PM
 #24

Was wondering the same, how many checked characters would make the process safe?
I read that vanity gen is able to do 50mils keys per second, let's keep this number, multiply by 10 seconds and at this point, I still believe checking the first and last 4-5 characters is enough.
And without having a clue I doubt the malware would store billions of addresses in text files and filling up the HDD with those.



Given the sheer amount of addresses in the whole key space of bitcoin and other cryptocurrencies, this is already a good practice knowing that two addresses having almost the same characters as another one would be pretty slim. Though of course for the ultra-paranoid in us, 4-5 characters isn't really enough and therefore having two addresses side-by-side is still a (somewhat) bulletproof practice as suggested by o_e_l_e_o.

-snip-

The horrors of Windows in general. Every single data we have on our PCs we don't own completely, but we actually share it with Microsoft the moment we started using their operating system. The mere fact that most of the computers in the whole world runs with Windows is already an alarming thought, but what is there to do when Microsoft knows how to make things work with laymen? Of course, you wouldn't expect non-techie people to use CLI-based OS such as Linux just to be secured, and while being secure, Mac isn't really an option too knowing how costly it is to have one. Hackintosh is possible, but with limitations and bugs too.

▄▄█████████▄▄
▄█████████████████▄
▄████▀▀▀▀█████▀▀▀▀████▄
████▀██████▀█▀██████▀████
██████████████████████████
▐█████▄███████████████▄█████▌
▐███████▄▄█████████▄▄███████▌
▐██████▀█████████████▀██████▌
▐███████████████████████████▌
▀██████████████████████▀
▀████▄████▄▀▀▄████▄████▀
▀███████▀███▀███████▀
▀▀█████████████▀▀
  ▀▀▀▀▀▀▀▀▀
|
★.★.★   8 GAMES   ★   WAGERING CONTEST   ★   JACKPOTS   ★   FAUCET   ★.★.★
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▄█▀█▀█▄

 ▀███▀
  ▄▄▄
▄██▀▄█▄
██▀▄███
 ▀▄▄▄▀
  ▄▄▄
▄█ ▄▀█▄
██ █ ██
 ▀▄▄█▀
  ▄▄▄
▄▀▄▄▄▀▄
█▀▀▀▀▄█
 ▀███▀
  ▄▄▄
▄▀   ▀▄
█  █▄ █
 ▀▄██▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▀ █ ▀
▀▀▄▀▀
 ▀▄█▄
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
|
Artemis3
Hero Member
*****
Offline Offline

Activity: 532
Merit: 731


★777Coin.com★ Fun BTC Casino!


View Profile WWW
October 09, 2019, 08:25:05 PM
Merited by LoyceV (2)
 #25

How to prevent this
1. Don't use Windows, but we both know you're not going to change that.

This is the only choice that matters. You are a pessimist by rejecting the only logical choice beforehand.

Most people don't need Windows, all they need is a browser, and the likes of Chrome run in Linux perfectly fine. That attitude of yours, i have seen it in decades, and it only ends in grief.

Drop Windows and 80% of the issues are gone. If you need a "games" computer, have both separate. Money and serious things in one, the rest in the other.

Don't bother with dual boot, people lack the discipline to NOT boot Windows (or OSX).

None of your "tips" are really effective under a malware ridden windows computer, because you don't know beforehand the exact nature of the malware. Its not just malware that recognizes bitcoin addresses and change it, there are several more vectors for stealing, such as taking your privkeys/seed words, or hijacking your dns, but to name them all would make a book.

Money handling should not be done with insecure OSes, period.

LoyceV
Legendary
*
Offline Offline

Activity: 1736
Merit: 5620


Most of loyce.club works again


View Profile WWW
October 10, 2019, 06:28:43 AM
 #26

Money handling should not be done with insecure OSes, period.
Of course Smiley But 1.5 billion people use Windows for anything. If we could wipe out that insecure OS that would be great, but I'm trying to be realistic here: it's not going to happen.

Sancho18
Sr. Member
****
Offline Offline

Activity: 728
Merit: 360


Sancho


View Profile
October 10, 2019, 06:41:36 AM
 #27

How to prevent this
1. Don't use Windows, but we both know you're not going to change that.

This is the only choice that matters. You are a pessimist by rejecting the only logical choice beforehand.

Most people don't need Windows, all they need is a browser, and the likes of Chrome run in Linux perfectly fine. That attitude of yours, i have seen it in decades, and it only ends in grief.

Drop Windows and 80% of the issues are gone. If you need a "games" computer, have both separate. Money and serious things in one, the rest in the other.

Don't bother with dual boot, people lack the discipline to NOT boot Windows (or OSX).

None of your "tips" are really effective under a malware ridden windows computer, because you don't know beforehand the exact nature of the malware. Its not just malware that recognizes bitcoin addresses and change it, there are several more vectors for stealing, such as taking your privkeys/seed words, or hijacking your dns, but to name them all would make a book.

Money handling should not be done with insecure OSes, period.
I think you are too categorical. Ideal operating systems do not exist, and the romantic halo around Linux often disappears when you try to make him friends with your computer hardware. If you are not a bearded admin in a sweater, but an ordinary user, migrating to Linux may not be an easy task. I use a hardware wallet and check the address before sending, and until everything is fine.  Smiley

jseverson
Hero Member
*****
Offline Offline

Activity: 1218
Merit: 701


View Profile
October 10, 2019, 07:20:18 AM
Last edit: October 10, 2019, 08:40:44 AM by jseverson
 #28

This is the only choice that matters. You are a pessimist by rejecting the only logical choice beforehand.
Don't bother with dual boot, people lack the discipline to NOT boot Windows (or OSX).

Aren't you being a little pessimistic yourself as well? I understand that getting people to stop using Windows is an uphill battle, but I'd think more people would be open to a dual boot set up than having two different devices for different purposes. (Edit: Maybe we should be promoting the use of Raspberry Pis instead lol)

Either way, while I completely agree that people shouldn't be using Windows for crypto (or anything else you could do with Linux really), I wouldn't go as far as saying it's insecure. It's certainly much less secure, but I don't expect a person who knows what they're doing to have any issues with it. Awareness is so much more important for security because no OS will protect you from everything. The info that LoyceV provided would probably help more users than simply saying "Don't use Windows!", for one.

Of course Smiley But 1.5 billion people use Windows for anything. If we could wipe out that insecure OS that would be great, but I'm trying to be realistic here: it's not going to happen.

The funny thing is, if everyone started using Linux instead and it got all the attention from bad actors that Windows does, users would probably just as vulnerable even with Linux's fundamentally stronger security. People do a lot of stupid shit for free stuff and/or whatever else they want, and no OS can really address that lol.

Ideal operating systems do not exist, and the romantic halo around Linux often disappears when you try to make him friends with your computer hardware. If you are not a bearded admin in a sweater, but an ordinary user, migrating to Linux may not be an easy task.

I've found that things have gotten a lot better on this end in recent years. Even then, most people only really have basic stuff anyway, and people with the more technical hardware tend to be more technical themselves.

stompix
Legendary
*
Offline Offline

Activity: 1316
Merit: 1341



View Profile
October 10, 2019, 07:36:35 AM
Last edit: October 10, 2019, 07:50:02 AM by stompix
 #29

There's also malware that monitors 2.3 million Bitcoin addresses: thanks to the public blockchain it's easy to create a list of all addresses that are worth stealing, and include a couple million similar addresses in the malware.

I sincerely don't understand what "monitoring" means here...
Are they monitoring used addresses so if a user tries to send a transaction to a known adress they have one resembling it to replace it?
That would be more effective for a reused address but a total fails with newly generated addresses.

Also, one of the exchanges I use gives me the same deposit address each time, but every time I deposit something the adress is emptied in the next block in a batch transaction collecting funds, so ...that would probably make the adress free from monitoring?  Grin Grin  I really wonder how they are choosing them..


How to prevent this
Don't use Windows
Drop Windows and 80% of the issues are gone

But a monkey behind a Volvo and it will become the deadliest car in history.



Sancho18
Sr. Member
****
Offline Offline

Activity: 728
Merit: 360


Sancho


View Profile
October 10, 2019, 07:47:57 AM
 #30

Ideal operating systems do not exist, and the romantic halo around Linux often disappears when you try to make him friends with your computer hardware. If you are not a bearded admin in a sweater, but an ordinary user, migrating to Linux may not be an easy task.

I've found that things have gotten a lot better on this end in recent years. Even then, most people only really have basic stuff anyway, and people with the more technical hardware tend to be more technical themselves.
The situation is really changing for the better and the Linux desktop is becoming more and more friendly to the average user, but it's too early to talk about any significant successes. Linux is the king of servers, and the market share is near zero on desktops. This is the reality of today. Smiley

It would be easier for Linux to succeed on desktops, but in fairness, I note that Windows 10 is not so bad, it has a built-in security center and rumors about the impossibility of disconnecting Cortana are greatly exaggerated.

LoyceV
Legendary
*
Offline Offline

Activity: 1736
Merit: 5620


Most of loyce.club works again


View Profile WWW
October 10, 2019, 08:15:26 AM
 #31

I sincerely don't understand what "monitoring" means here...
Good question, now I'm not so sure. I would have expected the malware to detect Bitcoin addresses based on the format, instead of based on a very long list of known addresses. It's quite easy to know if a certain string is a Bitcoin address.

Linux is the king of servers, and the market share is near zero on desktops.
From loyce.club last month:
Windows 63.2%
Linux 17.2%
Macintosh 1.6%
iOS 4.4%
Unknown 13.3%

Meanwhile, 4.1% of all pages was loaded from Windows XP (I'm not sure if Tor-browsers still identify themselves as Windows XP), 23.8% Windows 7 and 33.8% Windows 10.
And 3.9% of the users use Android, which is counted as Linux.

Sancho18
Sr. Member
****
Offline Offline

Activity: 728
Merit: 360


Sancho


View Profile
October 10, 2019, 08:23:39 AM
 #32

I sincerely don't understand what "monitoring" means here...
Good question, now I'm not so sure. I would have expected the malware to detect Bitcoin addresses based on the format, instead of based on a very long list of known addresses. It's quite easy to know if a certain string is a Bitcoin address.

Linux is the king of servers, and the market share is near zero on desktops.
From loyce.club last month:
Windows 63.2%
Linux 17.2%
Macintosh 1.6%
iOS 4.4%
Unknown 13.3%

Meanwhile, 4.1% of all pages was loaded from Windows XP (I'm not sure if Tor-browsers still identify themselves as Windows XP), 23.8% Windows 7 and 33.8% Windows 10.
And 3.9% of the users use Android, which is counted as Linux.
People interested in crypto are usually more advanced in IT and are difficult to consider as ordinary users. I also want to note that if you consider Android as Linux, it would be logical and iOS + MacOS should also be considered as Linux, because they also have common roots. I'm talking about Linux desktop, such as Ubuntu. Market success of Android is difficult to question. Smiley

khaled0111
Hero Member
*****
Offline Offline

Activity: 952
Merit: 744


View Profile
October 10, 2019, 10:41:57 AM
 #33

My PC got infected once with this malware.
It changes Eth addresses from the one you copy to the hacker's address.
I was lucky and didn't lose anything because I discovered it when I was checking tokens values on etherdelta.
I was copying the token's contract address and pasting it in the navigation bar which redirects me to the exchange's home page everytime.

َAll I did to resolve the problem is copying a part of the address (all of it except the last char).
I confirm that this solution works for Ethereum addresses since they all have the same length which is not the case for Bitcoin addresses.

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
LogitechMouse
Sr. Member
****
Offline Offline

Activity: 868
Merit: 303


Don't put money in Banks. Invest it to be rich


View Profile WWW
October 10, 2019, 12:45:19 PM
 #34

2. Check the entire address after copy/pasting, and not just the first few (or last few) characters. Check some in the middle too. That's a lot of work, so chances are you won't do that either.
This is for me the best thing to do to prevent getting scammed by these hardcore stupid scammers/hackers.

Yes it is a lot of work to do. You will see if what you have pasted is the same with the one where you get your address but if you are sending a huge funds, you will double or triple check it so that you will be comfortable in sending it.

Lucky for me that I didn't encounter such things like this at this moment and I hope I will not encounter it Cheesy.

mk4
Legendary
*
Offline Offline

Activity: 1190
Merit: 1107


Vires in Numeris


View Profile WWW
October 14, 2019, 06:51:32 AM
 #35

Just comes to show how careless people are in general. It only takes like what? less than 5 seconds to double check the address you're sending the funds to? But yet people don't do it. It's so mind boggling how lazy and careless people are knowing that you can never do chargebacks with bitcoin.

Isn't it enough to check just the fist 4-5 and last 4-5 characters? This is what I do every time, if the first and last match I don't think I'm in danger.  If they manage to generate address similar to the address you are paying to with the first few characters, checking the last ones should make it super save, am I wrong?
It should suffice. This is what I do too. It's enough unless for some ultimately very unlucky reason the address you're sending the funds to and the hacker's receiving address has the same first and last 5 characters.

Kakmakr
Legendary
*
Offline Offline

Activity: 1890
Merit: 1388


View Profile
October 14, 2019, 07:49:17 AM
 #36

I think the length of these addresses and also the case sensitive requirement for Bitcoin addresses are forcing people to use "Copy & Paste" to use their wallets. It is a pity that something cannot be done to shorten the address like with URL shorteners to just post a shorter description for your wallet when you have to use it. <That description can be linked to your longer address to make it easier for you to remember it too.>

So you configure that on your own and link it to your address and when you type it, it converts the wallet description to your Bitcoin address. <This can be done on the users computer and also encrypted to protect it from hackers>

So no need for developers to add this to the Bitcoin code <Protocol> Obviously people will still have to double check the end result.  Wink 

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
LoyceV
Legendary
*
Offline Offline

Activity: 1736
Merit: 5620


Most of loyce.club works again


View Profile WWW
October 14, 2019, 08:35:53 AM
 #37

Just comes to show how careless people are in general. It only takes like what? less than 5 seconds to double check the address you're sending the funds to?
There's more to it than that: when I receive a PM with a payment address, I first have to make absolutely sure it came from the real account. With email, most people don't use encryption. That makes it even more difficult to be absolutely sure the sender is who he says he is.

It is a pity that something cannot be done to shorten the address like with URL shorteners
There used to be a site for this, but it was discontinued (and I forgot the name). But the most unique thing about Bitcoin is being able to make payments without having to rely on third parties, and I wouldn't want to trust them for giving me the correct address.
Google's first result on a search shows a site which Google says may be hacked:
Image loading...

So you configure that on your own and link it to your address and when you type it, it converts the wallet description to your Bitcoin address. <This can be done on the users computer and also encrypted to protect it from hackers>
I see many problems with this, but not a single way to do it absolutely safe.

And even if you would make a safe implementation, you'll lose error correction. Currently, there's a 1 in 4 billion chance of making a typo in a Bitcoin address, that still leads to a valid address. If you shorten the error correction, mistakes become much more likely.

Quote
Obviously people will still have to double check the end result.  Wink
That defeats the purpose Wink

mk4
Legendary
*
Offline Offline

Activity: 1190
Merit: 1107


Vires in Numeris


View Profile WWW
October 14, 2019, 09:51:07 AM
 #38

Just comes to show how careless people are in general. It only takes like what? less than 5 seconds to double check the address you're sending the funds to?
There's more to it than that: when I receive a PM with a payment address, I first have to make absolutely sure it came from the real account. With email, most people don't use encryption. That makes it even more difficult to be absolutely sure the sender is who he says he is.

..aaaaand not only that! Personally, even though I'm already certain that the bitcoin address came from the legitimate person, I always ask the person to verify the pasted address! Like so:

Tradee: my address is bc1jf5jxxxxxxxxxxxx
Me: bc1jf5jxxxxxxxxxxxx
Me: ?
Tradee: bc1jf5jxxxxxxxxxxxx

And I even do that even with transactions as low as $20. You can never be so sure.

Saint-loup
Hero Member
*****
Offline Offline

Activity: 1036
Merit: 926


CryptoTalk.Org - Get Paid for every Post!


View Profile
October 16, 2019, 10:45:08 AM
Last edit: October 21, 2019, 09:39:28 AM by Saint-loup
 #39

Just comes to show how careless people are in general. It only takes like what? less than 5 seconds to double check the address you're sending the funds to?
There's more to it than that: when I receive a PM with a payment address, I first have to make absolutely sure it came from the real account. With email, most people don't use encryption. That makes it even more difficult to be absolutely sure the sender is who he says he is.

..aaaaand not only that! Personally, even though I'm already certain that the bitcoin address came from the legitimate person, I always ask the person to verify the pasted address! Like so:

Tradee: my address is bc1jf5jxxxxxxxxxxxx
Me: bc1jf5jxxxxxxxxxxxx
Me: ?
Tradee: bc1jf5jxxxxxxxxxxxx

And I even do that even with transactions as low as $20. You can never be so sure.
I don't understand you're doing trades by phone? The vendors spell their adresses letter by letter?
If I'm right. Why not using emails instead? If your sender use URIs you just need to click on the link, you don't even need to do a copy/paste manipulation, like bitcoin:bc1jf5jxxxxxxxxxxxxxxxxxx

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

      .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit AirDrop $.|.Get 700 YoDollars for Free!.🏆
stompix
Legendary
*
Offline Offline

Activity: 1316
Merit: 1341



View Profile
October 17, 2019, 07:56:59 AM
 #40

~

..aaaaand not only that! Personally, even though I'm already certain that the bitcoin address came from the legitimate person, I always ask the person to verify the pasted address! Like so:

Tradee: my address is bc1jf5jxxxxxxxxxxxx
Me: bc1jf5jxxxxxxxxxxxx
Me: ?
Tradee: bc1jf5jxxxxxxxxxxxx

I don't understand you're doing trades by phone? The vendors spell their adresses letter by letter?

Chat logs, he asks the person to confirm the address so he can make it a bit safer.
If the other party just copy-paste the adress he will probably not notice the change.

Now, if you ask him again, he will have more chances to see that what he copied isn't what he pasted.
Plus, due to the dialogue he can protect himself better in case of a dispute. Not bulletproof of course as the other user could simply not pay attention both times but it's better than nothing.

And no, I don't know a single person that dictates addresses by phone Tongue


Pages: « 1 [2] 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!