Bitcoin Forum
January 19, 2020, 04:06:44 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: How to lose your Bitcoins with CTRL-C CTRL-V  (Read 1261 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic. (7 posts by 7 users deleted.)
Lafu
Legendary
*
Offline Offline

Activity: 1400
Merit: 1307



View Profile
October 17, 2019, 08:24:56 PM
 #41

Sry that i have seen the thread so late and only now !

I have written and Thread over an year ago about this here for copy and paste https://bitcointalk.org/index.php?topic=4601535.msg41533052#msg41533052

Sadly to see that it happens already to somebody .

The copy+c and copy+v about btc adresses is i guess normal for the most but you should think about and always watching what you are install .
1579450004
Hero Member
*
Offline Offline

Posts: 1579450004

View Profile Personal Message (Offline)

Ignore
1579450004
Reply with quote  #2

1579450004
Report to moderator
1579450004
Hero Member
*
Offline Offline

Posts: 1579450004

View Profile Personal Message (Offline)

Ignore
1579450004
Reply with quote  #2

1579450004
Report to moderator
1579450004
Hero Member
*
Offline Offline

Posts: 1579450004

View Profile Personal Message (Offline)

Ignore
1579450004
Reply with quote  #2

1579450004
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579450004
Hero Member
*
Offline Offline

Posts: 1579450004

View Profile Personal Message (Offline)

Ignore
1579450004
Reply with quote  #2

1579450004
Report to moderator
Saint-loup
Hero Member
*****
Offline Offline

Activity: 1036
Merit: 914


CryptoTalk.Org - Get Paid for every Post!


View Profile
October 21, 2019, 08:58:00 AM
 #42

Sry that i have seen the thread so late and only now !

I have written and Thread over an year ago about this here for copy and paste https://bitcointalk.org/index.php?topic=4601535.msg41533052#msg41533052

Sadly to see that it happens already to somebody .

The copy+c and copy+v about btc adresses is i guess normal for the most but you should think about and always watching what you are install .
Thank you for this thread but a good way to fight clipboard hijackers is to encourage the use of BIP21 URI scheme instead of raw bitcoin addresses bitcoin:xxxxxxxxxxxxxxxxxxxxxxxxx

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

      .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit AirDrop $.|.Get 700 YoDollars for Free!.🏆
LoyceV
Legendary
*
Online Online

Activity: 1736
Merit: 5558


Most of loyce.club works again


View Profile WWW
October 22, 2019, 05:18:09 PM
 #43

encourage the use of BIP21 URI scheme instead of raw bitcoin addresses bitcoin:xxxxxxxxxxxxxxxxxxxxxxxxx
I've seen those, but I had a hard time making a payment. I don't like how difficult they make it to just find the address to pay to.

bitmover
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1237



View Profile
October 23, 2019, 11:58:41 AM
 #44

Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed.

Hey LoyceV,

Personally I think it is very unlikely that few characters are the same. Maybe 2-3, but if you check also the last 2-3, or about 5, that's almost impossible to happen. The attacker would have to ninja-mine vanity addresses for that.

The victims of this attack mostly don't even check the address. I think that even the address type may be different in most cases (legacy/segwit/nested segwit)

How to prevent this
1. Don't use Windows, but we both know you're not going to change that.

I won't change this lol
Never had any problem with windows... and I use computer at lot at work, where I can change my OS =D

I think people bash windows too much, if you have safe online habits and take basic precautions, you are fine...
Certainly I need to learn more about Linux

NeuroticFish
Legendary
*
Online Online

Activity: 2100
Merit: 1424


There are no mistakes. Only opportunities wasted.


View Profile
October 23, 2019, 12:29:43 PM
 #45

2. Check the entire address after copy/pasting, and not just the first few (or last few) characters. Check some in the middle too. That's a lot of work, so chances are you won't do that either.

It's not a lot of work. This is what I do for long time now.
I've got used to it long ago, when the payments for this campaign were sent to Bitsler account. They had at the withdrawal this rule somewhat enforced. It helped me get used to do it.
Now I check the first 3-4 characters, last 3-4 characters and some 3-4 characters from a random position in the middle (I "scan" to find something easy to remember).


Unfortunately I don't have a choice for getting rid of Windows, although maybe a VM with a Linux for crypto handling could not be such a bad idea.
Just I fear that since I don't know much of Linux I may make even bigger mistake...

coin-investor
Hero Member
*****
Offline Offline

Activity: 1260
Merit: 508


CryptoTalk.Org - Get Paid for every Post!


View Profile
October 23, 2019, 04:10:31 PM
 #46

I've read an article on this just last year and a lot of discussions have been created about this malware, and still going on right now because there are new investors coming in and newbies do not know the existence of this malware.
The only way to combat this is awareness and education if you are going to invite people to invest, it's part of recruiting that you educate them and inform then about the existence of these kinds of malware, and precautions to take when sending and trading.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit AirDrop $.|.Get 700 YoDollars for Free!.🏆
NeuroticFish
Legendary
*
Online Online

Activity: 2100
Merit: 1424


There are no mistakes. Only opportunities wasted.


View Profile
October 23, 2019, 06:41:09 PM
 #47

I've read an article on this just last year and a lot of discussions have been created about this malware, and still going on right now because there are new investors coming in and newbies do not know the existence of this malware.
The only way to combat this is awareness and education if you are going to invite people to invest, it's part of recruiting that you educate them and inform then about the existence of these kinds of malware, and precautions to take when sending and trading.

That's correct. And in the way I was "convinced" to do a real check on the recipient address, the wallets should do the same. It's not hard to make a window pop up and ask for double check start, middle and end. And the more advanced users can deactivate it.

Laskoo
Full Member
***
Offline Offline

Activity: 350
Merit: 144


View Profile
October 24, 2019, 06:52:03 AM
Merited by LoyceV (1)
 #48

Thanks for the tips, the part with using "copy" "paste" for a part of the address and typing the rest is pretty useful, I think this can be used for passwords too for extra security.

Now since this kind of malware is out there (that can change the address copied to clipboard) I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button). This would make checking the address worthless and your coins would vanish, so let's hope not.
NeuroticFish
Legendary
*
Online Online

Activity: 2100
Merit: 1424


There are no mistakes. Only opportunities wasted.


View Profile
October 24, 2019, 06:59:10 AM
Merited by LoyceV (1)
 #49

Now since this kind of malware is out there (that can change the address copied to clipboard) I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button). This would make checking the address worthless and your coins would vanish, so let's hope not.

Although your use case is highly improbable, there's counter measure for that too.
For example if you use Electrum, instead of pressing Send, you can press Preview and check there. Then Sign and Broadcast. If you go on this path there's no place they can change anything, no matter what.

bob123
Legendary
*
Offline Offline

Activity: 1134
Merit: 1652



View Profile WWW
October 24, 2019, 12:39:43 PM
 #50

How to prevent this
1. Don't use Windows, but we both know you're not going to change that.

Changing the OS doesn't necessarily eliminate this risk.
Such malware already has been seen in the wild for MacOS. And they can also easily exist for unix based operating systems.



I still believe checking the first and last 4-5 characters is enough.

Without doing the actual math, i am also pretty sure that this is enough to prevent such clipping board malware.

1) It is not possible for the malware to create that much addresses / store that much addresses on the victims computer without being blatantly obvious (if possible at all; i didn't do the actual math but this shouldn't be possible in a relatively short amount of time)
2) I have not seen any non plain-dumb clipping board malware yet (which doesn't mean that it doesn't exist tho).



o_e_l_e_o
Legendary
*
Offline Offline

Activity: 812
Merit: 3329


Decent


View Profile
October 24, 2019, 01:09:08 PM
 #51

I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button).
In addition to NeuroticFish's good suggestion above regarding Electrum, this would also be prevented by using a hardware wallet (and not just for bitcoin, but for all coins). Even if the malware changed your "send to" address just as you clicked "send", you would still have the opportunity to check the address on the hardware wallet's screen, and cancel the transaction if the address was different.

Laskoo
Full Member
***
Offline Offline

Activity: 350
Merit: 144


View Profile
October 25, 2019, 03:45:20 AM
 #52

I wonder if there is a possibility to exist even a malware that change the address "pasted" right before sending the TX (0.1 sec before you click "SEND" button).
In addition to NeuroticFish's good suggestion above regarding Electrum, this would also be prevented by using a hardware wallet (and not just for bitcoin, but for all coins). Even if the malware changed your "send to" address just as you clicked "send", you would still have the opportunity to check the address on the hardware wallet's screen, and cancel the transaction if the address was different.

Thanks for the tip, actually I am using Ledger Nano S (with a low amount of BTC), but since I like old school things I am using Bitcoin core wallet just because I trust it more than 3rd party apps, like Ledger's app, Electrum, etc.

Maybe I am just a bit paranoid with this things, sorry Cheesy
El-Cezeri
Full Member
***
Offline Offline

Activity: 238
Merit: 207


Analist - Trader - Yazar


View Profile
October 27, 2019, 09:44:48 AM
 #53

Thanks for this wonderful topic @LoyceV! It will be useful for beginners. I have many friends who are victims of this.
I translated this topic into Turkish.

Dikkat: CTRL-C CTRL-V ile Coinlerinizi Nasıl Kaybedersiniz? 

Laskoo
Full Member
***
Offline Offline

Activity: 350
Merit: 144


View Profile
October 27, 2019, 09:59:03 AM
 #54

Thanks for this wonderful topic @LoyceV! It will be useful for beginners. I have many friends who are victims of this.
I translated this topic into Turkish.

Dikkat: CTRL-C CTRL-V ile Coinlerinizi Nasıl Kaybedersiniz? 

This is actually a good idea.
If this is allowed and of course, @LoyceV is OK with it, I can translate it too for the Romanian sub-forum.
LoyceV
Legendary
*
Online Online

Activity: 1736
Merit: 5558


Most of loyce.club works again


View Profile WWW
October 27, 2019, 10:29:04 AM
 #55

I can translate it too for the Romanian sub-forum.
Translating any topic is okay, as long as you give credits to the original post. So go ahead Smiley

El-Cezeri
Full Member
***
Offline Offline

Activity: 238
Merit: 207


Analist - Trader - Yazar


View Profile
October 27, 2019, 11:37:39 AM
 #56

I can translate it too for the Romanian sub-forum.
Translating any topic is okay, as long as you give credits to the original post. So go ahead Smiley

Of course, thanks for your efforts.

loan.ruiu1
Jr. Member
*
Offline Offline

Activity: 43
Merit: 5

I'm AMA Hunter!


View Profile
November 08, 2019, 03:10:33 AM
 #57

I have encountered this case! I copied the address of a friend and pasted it into the deposit address. However, I have observed and found it unusual. I feel fortunate to have observed it! I tried to copy several times and it only shows someone's address. I took the computer to the store and ran the window software again. There was a lot of data lost
LoyceV
Legendary
*
Online Online

Activity: 1736
Merit: 5558


Most of loyce.club works again


View Profile WWW
November 08, 2019, 01:24:15 PM
 #58

I took the computer to the store and ran the window software again. There was a lot of data lost
Although slightly off-topic here, you made 2 mistakes that could have been prevented:
1. You didn't make backups.
2. You shouldn't trust anyone else with your data.

Robot1982
Newbie
*
Offline Offline

Activity: 11
Merit: 13


View Profile
November 09, 2019, 11:07:31 PM
Merited by LoyceV (1), o_e_l_e_o (1)
 #59

With enough care, this type of clipboard malware can be prevented. However, I am more concerned with the next type of malware that will change the address in the browser (source). For example, if you want deposit bitcoin to an exchange, the malware could change the address that the browser shows you to the attackers address. I don't think it is too difficult to create a chrome extension that does this (disguised under something else of course). You can compare the addresses (source and destination) and you will see no difference. How do you fight such an attack?
Dabs
Legendary
*
Offline Offline

Activity: 2576
Merit: 1350


The Concierge of Crypto


View Profile
November 10, 2019, 04:53:23 AM
 #60

Although your use case is highly improbable, there's counter measure for that too.
For example if you use Electrum, instead of pressing Send, you can press Preview and check there. Then Sign and Broadcast. If you go on this path there's no place they can change anything, no matter what.

For some reason, I almost always do this. Do a preview... invariably because I'm trying to adjust the fee all the time or tweaking the transaction to avoid using change or change addresses if my goal is to send everything.

That's another reason to always use the preview then before broadcasting. While you're at it, the more paranoid could use multi-sig with another computer / mobile device that also has Electrum, although that's more work to do.

I've only been infected once in my life (ok, a few times) but all those times can be attributed to carelessness.

Knowing that vanitygen / vanitysearch takes a long time with 5 or more character prefixes / suffixes, I find that checking BOTH the first 5 and last 5 are usually good enough. If some hacker / malware got on your system without you knowing and matched the first 5 and last 5 of the address you wanted to use, they must have targeted you specifically to generate that kind of address. Check your house and work place, they already bugged everything.

Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!