Since
LoyceV deleted my message from his self-moderating topic
How to lose your Bitcoins with CTRL-C CTRL-V I write it in the unmoderated topic and add some more information.
I just saw
another victim of
clipboard hijacker malware.
How it works1. You select a Bitcoin address, and press CTRL-C.
2. The malware changes the address to an address owned by the hacker/scammer.
3. You press CTRL-V and lose any funds you send.
Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed.
How to prevent this1.
Don't use Windows, but we both know you're not going to change that.
2. Check the entire address after copy/pasting, and not just the first few (or last few) characters. Check some in the middle too. That's a lot of work, so chances are you won't do that either.
3. I came up with something else: don't copy the entire Bitcoin address, copy only a part, and manually type the last few characters. Even if the malware exchanges the incomplete Bitcoin address by their own, your wallet won't accept the (invalid) address if you've typed a few more characters by yourself.
You'll still need to follow Step 2 after this: check the address!
4. Use copy/paste to verify part of your address. Suppose you want to send funds to address 1PjpEgknyKxQKXtMcYFDym8odkfohFGkui. After copy/pasting, select "yKxQKXtMc" from the
pasted address, then press CTRL-C. Then, use CTRL-F followed by CTRL-V to see if the partial address matches the original source of the address. And make sure the source is authentic: email can be spoofed too!
5. I'll add
o_e_l_e_o's suggestion here:
Any time I am sending coins from any wallet I physically place the address I know is correct directly from the source, right next to the address I have entered to send to. That usually means either holding my hardware wallet or phone up next to my computer screen, or resizing two windows on my phone or computer to put the two address physically right next to each other. Once you have two addresses which are less than inch apart, its very easy to check the entire address and not just a few characters at the start or end.
Stay vigilantCheck, double check and tripple check before sending funds!
No spam pleaseI said please
I'll remove
excessive quotes.
Another one free retelling of the Mastering Bitcoin book, Andreas M. Antonopoulos, the 2nd edition. It is better and more useful to read the original source.
In addition to the fact that this security information for address verification is not new for a long time already, the way of stealing coins using address spoofing is not new and has long known.
In addition, hackers have already abandoned this method, since they are not happy with stealing just one transaction, usually not exactly with much value, their goal now is to steal everything what there is. To do this, modern hackers use more sophisticated methods, such as stealing private keys and intercepting web sessions.
And as a rule, the final goal justifies the time spent.Therefore, in connection with the foregoing, I suppose that with the example that inspired LoyceV to create a new topic with stale advice, something is wrong. And it’s strange that there the person checked only the beginning of the address before sending. Nobody has been doing so for a long time - everyone checks the beginning and the end. The described example of "
another victim of clipboard hijacker malware" is a regular bullshit, it is not clear for what purpose it was written.
