|
shield132
|
 |
January 10, 2021, 02:35:35 PM |
|
Personally, I suggest everyone to use two devices: one for everyday use and one for only special purposes.
For special purposes:
Rule N1 - Use Linux!
Rule N2 - Only visit websites that are 100% secure. For example, if you only use binance, youtube and bitcointalk, visit only these websites and don't move on another one. Don't click on any 3rd party link that's posted on these websites, your browsing history should be only these three websites! This way you are sure that you won't get infected unless there is a problem with these three websites.
In reality, you aren't secured once you are online but it's always better to have two or more devices for special purposes.
Also, consider the OP's advice, always be extra cautious.
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Baskeyairdrop
Jr. Member
 Offline
Activity: 686
Merit: 3
|
|
March 14, 2021, 07:08:50 PM |
|
I get amazed over and over again when I read post on bitcointalk of means scammers devise to hack people account. I do copy and paste alot and most times do not take note of the address because after checking the the first 5 numbers/letters and they correspond, I go ahead.
Now that I see that I can be hacked in this manner, I would be extra careful.
|
|
|
|
|
xsnarferx
Newbie
Offline
Activity: 1
Merit: 0
|
|
March 14, 2021, 07:25:27 PM |
|
WOW!!! Total newbie here. Thanks for the Win/Droid clipboard heads up!
Do we have a scam alert or threats sub-board?
TIA
|
|
|
|
|
10_sjdovn_10
Member
Offline
Activity: 100
Merit: 30
Stay humble, be cool, make world better place.
|
|
March 15, 2021, 11:03:47 AM |
|
Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed. Hello, in relation to quote above, i am recently noticed that some bitcoin addresses start with a "1 + meaningful characters + ... " as if someone customize his address. How it is possible ? is there any software to do that ? -i am asking for academic purpose!- |
|
|
|
|
|
|
LoyceV (OP)
Legendary
Offline
Activity: 3304
Merit: 16633
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
March 15, 2021, 11:40:55 AM |
|
some bitcoin addresses start with a "1 + meaningful characters + ... " as if someone customize his address.
How it is possible ? is there any software to do that ? -i am asking for academic purpose!- See: Vanitygen: Vanity bitcoin address generator/miner [v0.22]Pretty Addy Giveaway - part 2Note: Checking just the vanity part of the address is not enough to ensure the address is correct. It's always safest to check all characters. |
|
|
|
BevNation
Member
Offline
Activity: 70
Merit: 19
|
|
March 15, 2021, 01:22:55 PM |
|
Note: Checking just the vanity part of the address is not enough to ensure the address is correct. It's always safest to check all characters.
Checking all characters seems like a lot of work to do and one can get a blurred sight along the line but then, looking from the perspective of what is involved, its better to be safe and go through the process than sorry. It appears the cryptoshpere isn't friendly, lol. |
|
|
|
|
Cryptoababe
Member
Offline
Activity: 709
Merit: 18
Do it For Better Humanity
|
|
March 18, 2021, 11:38:44 PM |
|
I went to search for this android app " clipper" on playstore. And I see that it's very dangerous to use the app. Android is Risky to use these days. Different kinds of malware.
|
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
I went to search for this android app " clipper" on playstore. And I see that it's very dangerous to use the app. Android is Risky to use these days. Different kinds of malware.
It's not just android. It basically is any operating system. Regardless of mobile (android, ios,..) or stationary (windows, linux, macos). Malware exists for every operating system. It is just that malware for more common systems are more likely to be encountered. In a targeted attack with malware, it doesn't really matter which OS you are using. You always need to be careful. |
|
|
|
ShowOff
Legendary
Offline
Activity: 2618
Merit: 1183
|
|
April 16, 2021, 06:45:44 PM |
|
If malware has infected, is there any other way to clean it apart from reinstalling the laptop?
Someone asked me about this problem, his laptop was attacked by malware hijacking the clipboard. Every time he copied an ethereum address, it had a different address when pasted.
|
|
|
|
LoyceV (OP)
Legendary
Offline
Activity: 3304
Merit: 16633
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
April 16, 2021, 06:47:40 PM |
|
If malware has infected, is there any other way to clean it apart from reinstalling the laptop? There's always a way, but you'll never know for sure. I wouldn't risk it. |
|
|
|
|
mediaBuzz
|
|
April 16, 2021, 08:27:39 PM |
|
Use QR addresses. No risk at all and no need to reset your operating system.
|
|
|
|
LoyceV (OP)
Legendary
Offline
Activity: 3304
Merit: 16633
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
April 16, 2021, 08:42:40 PM |
|
Use QR addresses. No risk at all Allow me to edit your quote. See for instance fake QR code generators will steal your Bitcoin. no need to reset your operating system. You shouldn't use a compromised system for so many reasons! |
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 17, 2021, 06:25:44 PM |
|
Uh, don't use websites to generate QR codes, and always scan them with another app to verify what you just generated. I downloaded a bar code generator that can make all sorts of codes offline, and I think for Android anyway, there is QR-Droid or QR Droid Private. |
|
|
|
ShowOff
Legendary
Offline
Activity: 2618
Merit: 1183
|
|
April 20, 2021, 10:17:31 PM |
|
When it comes to safety, perhaps the best option is not to consider trying something that might be risky. I have recommended him to reinstall his laptop, while all important data is well secured and the problem is resolved. Sometime, bad habit of browsing the web will bring about security issues and we have to protect ourselves with the right steps.
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
June 04, 2021, 12:34:10 PM |
|
With any bitcoin or other altcoin address, I think the threshold to minimally inspect it would be the first 5 and last 5 characters. If you can check more characters or even the whole address, then so much better.
I don't think it's going to "scale" all that much even in the future, maybe if you're dealing with bigger amounts, you could look at 6 characters. And of course, for bitcoin I mean don't include the prefix in the count like 1 or 3 or bc1q.
Buying or selling coffee (or equivalent value), inspect first 5 and last 5, save a little time.
Buying or selling a house, inspect first 6 or 7, save a little time, the house is not going anywhere.
Buying or selling a car, check the whole address before it goes vroom vroom, because it's going down the road away from you ... but you probably have all the details you need, just in case, the payment would just be an irritating hassle if it went to the wrong address.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3262
Merit: 4110
|
Its actually quite simple to make mistakes when copying, and pasting anyway. If you need to send to multiple different addresses, and you work in a rather large workspace its simply to miss a key, and assume you actually did copy the newly highlighted address, when in reality you haven't, and because you are familiar with the address itself it will likely go unnoticed. With any bitcoin or other altcoin address, I think the threshold to minimally inspect it would be the first 5 and last 5 characters. If you can check more characters or even the whole address, then so much better.
I get your point, that this is probably enough. Since, the chances of an attacker having a nearly identical address is close to none. However, I personally always check each letter/digit. This is just a habit I've developed, since if you are taking the responsibility of being your own bank, you should probably consider the weight of that. Unfortunately, because of our culture, and the fact we've started to rely on banks for many years now, we've become acquainted with short cuts, and getting other third parties to assure everything is correct. This develops complacency, which I believe is one of the biggest threats to anyone's security, no matter who you are. In fact, its probably more dangerous as you become more confident, and assured with Bitcoin, since that's basically how complacency works. In the beginning you are probably checking every letter/digit, and your heart is pumping the first time you send that transaction, and check it on the Blockchain to make sure it actually was sent correctly. Then, once you develop a confidence, you start checking less, and less as its a time sink. However, wallets don't have a built in function to protect you from complacency. Well, they kind of do; some will prompt you whether you mean to send it to x address, but as we are human, and are already susceptible to complacency, most will just click okay without actually checking anything. |
|
|
|
|
xayan123
Copper Member
Member
Offline
Activity: 211
Merit: 10
|
|
June 04, 2021, 01:34:26 PM |
|
Sad, just be careful with your downloads and always have a good antimalware software in place!
|
Our greatest glory is not in never falling, but in rising every time we fall. ~ Confucius
|
|
|
LoyceV (OP)
Legendary
Offline
Activity: 3304
Merit: 16633
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
June 04, 2021, 02:18:34 PM
Last edit: June 04, 2021, 02:47:35 PM by LoyceV Merited by vapourminer (2) |
|
Buying or selling coffee (or equivalent value), inspect first 5 and last 5, save a little time. When paying small amounts, I don't really check anything. I scan the QR-code and pay. But I'm fully aware of the risks. For larger amounts, I check all characters. That's how I found this Ledger bug: DMv1UW6d2vXUqNGw7YZyXjPEx959wM2FEN
↑ This is what it looks like on the Ledger:  Buying or selling a house, inspect first 6 or 7, save a little time, the house is not going anywhere.
Buying or selling a car, check the whole address before it goes vroom vroom, because it's going down the road away from you ... I don't really get why a house would be different than a car: the house may not go anywhere, but your money will be gone if you lose it because of clipboard malware. And the house won't be yours if that happens. For any serious amount: 2. Check the entire address the chances of an attacker having a nearly identical address is close to none. To show the risks of only checking the first characters: all those addresses hold funds: 14Cnk6Qyt9G4WZfsYfVyL1jcnXciNjbvjk
14Cnk6Qyt9G4Wc2qXYH1er2NiK1yPMZfhq
14Cnk6Qyt9G4WcxPgtU91XvVmXyR5V6ePi
14Cnk6Qyt9G4Zf1L3EhzESXMSAPhT1mg4x
14Cnk6Qyt9G4Zf1h7F3akGrxTJ7DGVTfaC
14Cnk6Qyt9G4Zfhv1BdyiQW7Wrdc5BshFv
14Cnk6Qyt9G4Zfhv1CJLAV5ks773XgzbA5
14Cnk6Qyt9G4Zfhv1CJSHNU7eyNHYK2Rv7
14Cnk6Qyt9G4Zfhv1CJSHNUBo9BN2Ju7Gb
14Cnk6Qyt9G4Zfhv1CJSHNUBo9CrhDp2sz |
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
I did say inspect first AND last. So a total of 10 characters. ... But yes, your example has the first half the same as another.
Clipboard malware that can do that on the fly (or probably communicates with a server to get an address) is too complex or will get caught or something.
If any malware can create an address with only 8 characters different from the original, within the time it takes for a human to do a copy and then a paste, we've got problems.
The house one is more of, if you are selling the house, it would be the buyer's responsibility to make sure you got paid. I think it came about something else concerning confirmations or blocks. I'd give the keys to the house after seeing the transaction, but I'm pretty sure the new owner wouldn't mind if I waited at least 20 minutes for one or two confirmations.
|
|
|
|
|
