My Bitcoin is gone! Sneaky virus story...

in #bitcoin7 years ago (edited)

Hey everyone! A bit of a sad story today, as I've lost a decent portion of my crypto portfolio (around 0.255 BTC) to a virus last night. Basically, I've lost it while sending it from one exchange to another because of a virus that I later realised I have. The thing recognizes bitcoin address in clipboard (when you copy it) and changes it to a different address when you paste it (the address of an attacker). Yes, it's a Windows machine...

btc lost.jpg

The virus does not manifest itself in any other way than this (changing the BTC address you copied to clipboard to its own), nor can you find it in task manager... It's still active on my home computer. When you know it's there, it's easy to avoid it by for example copying your BTC deposit address without the first character, and after pasting it, adding that character manually. Copying of the address without one character (first or last for example) goes fine, since the intruder does not recognize BTC address...

But I just copied and pasted a deposit address for BTC on the exchange I was trying to put it on (Cryptopia), without looking much at the address itself, clicked send, and bye bye bitcoin... Later did I realized what happened.

Writing this to warn you all to always double check your address even if you're sure you copied it properly, check some of the numbers and letters...

I've checked the attackers address on Blockchain info, has 88+ BTC on it, probably mostly from people foxed like me: https://blockchain.info/address/13JF5274VuNthhwKkLrYyZW73smjSYAEen

Realized all this when I searched the attackers address on google and got this result for this address: https://bitcointalk.org/index.php?topic=1842977.0

So I'm not first, nor the last for sure to get f...ed like this (I noticed his balance went up 1 BTC since last night when I got foxed), so once again, do a little compare of your copied and pasted address when you make transactions... Funny thing is I realized the addresses were not the same moments after pressing tx confirmation (like a gut feeling or something), but Poloniex went on with tx so fast I didn't managed to cancel it in time. Weird since BTC tx was not very fast lately... Sigh.

Hope I save someone his/her BTC with this post! Would be really glad if I did.

In the end, if anyone may want to help me out recover some of my BTC and lighten my sorrow, my address is: 14AUASvS4AFEhoECPCpGxZw71F7zK8FBEE (I double checked it this time haha...). Thanks for reading and take care out there, a lot of ways to loose your cryptos!

Sort:  

steemwin.jpg

HOW TO GET IN THE PLAYER-POOL?

(Pay once - play forever - win multiple times !)
All you have to do is sending once 10 SBD to @steemwin for a lifetime daily chance to win!

Click here for more details

Everything stolen from you will be returned ten fold in karma. Good Idea is to use white listed adresses on Bittrex and any other exchange that allows it. That way you can only withdraw to address you have specified and if you paste one in that doesn't match you will get an error message telling you its not one of ur addresses.

That's a nice option to have, thanks for the advice!

cha cha cha... sounds like Trump is saying that AMERICA FIRST :)))

If you never watched porn it wouldn't have happened :). Not funny at all and sorry to hear this it was of the first attacks mentioned on bitcoin talk years ago. I have sent to wrong addresses in the past and it sucks to know its gone for good. How did you get this malware or virus? what is it called? Good thing about steam and bitshares is the username rather than alpha numeric characters. I'm broke but my upvote might help a little hopefully everyone else does the same.

Thanks for the support man. I can't fin a process anywhere, it' well hidden somewhere. There was a weird program in my startup which I disabled, but the copy paste thing is still pasting the intruders address after a restart even... I don't know how I got it, one thing I installed was a Chrome portable, but I doubt it was that :/

no worries

What application are you running when you copy? You should be able to narrow down which clipboard is getting modified?

This is my sister's acc, it's me typing though (adnanefs) :) Typed with her account accidentally, but nvm

We learn something new every day and all the tricks, old and new, are coming back out to unsuspecting newbies.

who ever wrote that has to be smart, why can't they use those smarts for good.

Good is strictly subjective, therefore good is what helps the person. Earning 88+BTC is REALLY good for him...

This why we have to alsways check the adress before clicking send, uselly I spend about 10 minutes to check letter by lettre, number by number and then click send ! be careful the next time, it's a lesson !

I am sorry of course that this happned but we have to learn from our mistakes.

I will support by a vote, all that I can do for you.

I resteemed this because people have to understand the importance of checking their addresses and securing their BTC. Thank you for writing it on Steemit.

Good job!
Thanks for all your service to the Steemit Community!

Damn those sneaky bastards.

Thanks for informing us @adnanefs ^_^

Sorry to hear that. I lost a bit more, but it was in early days so I didn't really lose that much.

Do you have a Bitcoin Cash address?

Really sorry for your loss! Thank you for warning!