{"id":416664,"date":"2022-03-15T16:57:58","date_gmt":"2022-03-15T13:57:58","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/bitcoin-stealing-malware-bitter-reminder-for-crypto-users-to-stay-vigilant\/"},"modified":"2022-03-15T16:57:58","modified_gmt":"2022-03-15T13:57:58","slug":"bitcoin-stealing-malware-bitter-reminder-for-crypto-users-to-stay-vigilant","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/bitcoin-stealing-malware-bitter-reminder-for-crypto-users-to-stay-vigilant\/","title":{"rendered":"# Bitcoin stealing malware: Bitter reminder for crypto users to stay vigilant"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a28098f25c62\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a28098f25c62\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/bitcoin-stealing-malware-bitter-reminder-for-crypto-users-to-stay-vigilant\/#%E2%80%9D_Bitcoin_stealing_malware_Bitter_reminder_for_crypto_users_to_stay_vigilant_%E2%80%9C\" >&#8221; Bitcoin stealing malware: Bitter reminder for crypto users to stay vigilant &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Bitcoin_stealing_malware_Bitter_reminder_for_crypto_users_to_stay_vigilant_%E2%80%9C\"><\/span>&#8221; Bitcoin stealing malware: Bitter reminder for crypto users to stay vigilant &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-128018ef>An unfortunate Bitcoin (BTC) user was duped out of 0.255 BTC, almost $10,000, due to malware running on their computer.\u00a0<\/p>\n<p>Louis Nel, a tech blogger and crypto enthusiast, flagged the issue on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a>, referring to his friend as \u2018C.\u2019<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">A friend sent 0.255BTC from his bitcoin wallet to an exchange.<\/p>\n<p>He copied and pasted the wallet address on his computer.<\/p>\n<p>After 4 hours he was worried when the funds did not arrive at the exchange&#8230;<\/p>\n<p>\u2014 Louis Nel (@LouisNel) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/LouisNel\/status\/1503433610317246470?ref_src=twsrc%5Etfw\">March 14, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nNel told Cointelegraph that C\u2019s \u201cBitcoin was sent from Kraken to VALR, a South African exchange,\u201d however, \u201cmalware running on his computer intercepted the copied data and inserted a new wallet address when he pasted this without realizing.\u201d<\/p>\n<p>VALR exchange confirmed that the wallet address does not belong to them; in further warning signs, Nel added that \u201cthere are nine transactions into that wallet, so others have been duped as well.\u201d <\/p>\n<p>The wallet <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.blockchain.com\/btc\/address\/3LH2UDkVdtb5hrmzzXd3mn7F2DMiBDknRQ\">address<\/a> in question now has a value of 0.27 BTC but the funds have not moved. Nel shared a photo of the wallet address with connected addresses: <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-03\/4653d114-c0e1-4bc9-8328-c4658e4f4e0b.jpeg\" alt=\"\" title=\"\"><figcaption style=\"text-align: center;\"><em>The Bitcoin wallet with affected addresses. Source:\u00a0 Louis Nel<\/em><\/figcaption><\/figure>\n<p>Malware attacks are nothing new to the world of crypto finance or indeed to Bitcoin transactions. Chainalysis estimates that as much as $500,000 was stolen by just one malware bot over the course of 2021.<\/p>\n<p>Plus, malware attacks can h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>en to seasoned cryptocurrency enthusiasts: C first got involved in Bitcoin and cryptocurrency in 2018. The malware attack is rotten luck for C, but a poignant reminder for cryptocurrency users.<\/p>\n<p>Transactions on Bitcoin are irreversible, or \u201cimmutable,\u201d meaning that once the funds have left a wallet, no party can manipulate or falsify data, or send back the money. While it\u2019s one of the protocol\u2019s strengths, in situations such as this malware attack, it\u2019s a double-edged sword. Nel suggested:<\/p>\n<blockquote><p>\u201cWhen working with Bitcoin and cryptocurrency you are responsible for your own security. When copying and pasting wallet addresses, always check the first four to six characters and the last four to six to ensure that they match.\u201d<\/p><\/blockquote>\n<p><strong><em>Related:\u00a0No crypto for criminals: Coinjoin BTC mixing tool to block illicit transactions<\/em><\/strong><\/p>\n<p>It boils down to one of the most crucial Bitcoin mantras, &#8220;don&#8217;t trust, verify.&#8221; If sending money, always reread addresses, checking &#8220;the entire address.&#8221; If it&#8217;s a large amount, send a test transaction of a few Satoshis to ensure the funds arrive safely at the desired wallet address.<\/p>\n<p>For C, despite discovery then removal of the malware software, \u201cthe issue was still there and he sent me [Nel] a video where the wallet address would still dynamically change.\u201d The laptop, which was running Windows 10, appears to still be compromised:<\/p>\n<blockquote><p>\u201cAll we know is that the malicious software became embedded in his operating system and was still doing its thing.\u201d<\/p><\/blockquote>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/bitcoin-stealing-malware-bitter-reminder-for-crypto-users-to-stay-vigilant\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Bitcoin stealing malware: Bitter reminder for crypto users to stay vigilant &#8220; An unfortunate Bitcoin (BTC) user was duped out of 0.255 BTC, almost $10,000, due to malware running on their computer.\u00a0 Louis Nel, a tech blogger and crypto enthusiast, flagged the issue on Twitter, referring to his friend as \u2018C.\u2019 A friend sent&#8230;<\/p>\n","protected":false},"author":1,"featured_media":416665,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDMvMzc2NDBjYjUtNjlmMi00Nzc4LTk3NjUtM2FlM2FlMTY0ZmM4LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74862,75023,75819,74894,75540,75857,74879,71101],"class_list":["post-416664","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-bitcoin","tag-bitcoin-scams","tag-bitcoin-wallet","tag-blockchain","tag-kraken","tag-malware","tag-wallet","tag-scams"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/416664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=416664"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/416664\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/416665"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=416664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=416664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=416664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}