Malware Snatches 13BTC ($36,000) From Bitcoin User

Journalist:
June 7, 2017

It can never be said too often, but the prevalence of malware on the Internet, especially malware targeting Bitcoin and other financial software, makes it extra important today: you can never be too careful when sending Bitcoin transactions. A Reddit user today lost 13BTC, or around $36,000, when he pasted an address from his clipboard that was not the appropriate address.

I copy pasted BTC address into electrum and confirmed the bitcoin transaction. the clipboard replaced my bitcoin intendet bitcoin address with a different one. few minutes later i discuss with friend if he already sees it in his wallet. he didnt. It sent to wrong address

This is a trivially done malware attack. Access to the clipboard is a basic functionality for user level applications, so mostly anything can see what is there. All the malware in question has to do is remain undetected and, when it notices a Bitcoin address on the clipboard, replace it with one. More advanced developers can have it actively try to swap the address with a similar-looking one. This malware can be contracted by any operating system, although for obvious reasons most renditions are probably authored for Windows. Its actual effects are avoidable by double-checking before sending. It’s helpful to highlight the first, middle, and last 3-5 characters of a transaction when doing this.

The 30 extra seconds (maximum) it would have taken for Reddit user ask_for_pgp would have saved him and his friend over $30,000.

The above recommendation goes in addition to always password-securing your Bitcoin wallet. Then it will ask for permission before sending, giving you another chance to look. Simply running a virus scan won’t save you, because new versions can be written and distributed before the virus definitions are updated, and you’re already copying the attacker’s addresses by that point.

Few Details are Known

Since no one has yet named or found the malware in question, we don’t have a lot of details about who is specifically running this campaign, but Blockchain data shows that the same address (19KrApXSZ6vPBVB7oErYLyPMXpM8UfWUst) has received over 30 other transactions already. So, worldwide, people are unknowingly sending money to this and presumably other addresses.

A smart man learns from his own mistakes, a wise man learns from the mistakes of another. Learn from Reddit user ask_for_pgp’s mistake and always verify the sending-to address. Avoid browsing known malvertisers (read: pornography) on the same system as you store bitcoins. Regularly check for browsers. Encrypt your wallet. Never send a Bitcoin transaction in a hurry, because if/when Bitcoin transactions become forcibly reversible we are no longer dealing with Bitcoin. Great power comes with great responsibility.

Featured image from Shutterstock.

Tags: malwarescams
P. H. Madore @bitillionaire

P. H. Madore has written for CCN since 2014. Please send breaking news tips or requests for investigation to bitillionaire+phm@gmail.com. He lives in Maine, USA. A single father of four young children, he does not discourage financial donations, provided they do not come with strings attached.