An unlucky Bitcoin (BTC) user was scammed out of 0.255 BTC, nearly $10,000, due to malware running on his computer.
Louis Nel, a tech blogger and cryptocurrency enthusiast, highlighted the issue on Twitter, referring to his friend as “C.”
A friend sent 0.255BTC from his bitcoin wallet to an exchange.
I have copied and pasted the wallet address on his computer.
After 4 hours he was worried when the funds did not arrive at the exchange…
— Louis Nel (@LouisNel) March 14, 2022
A friend sent 0.255 BTC from his bitcoin wallet to an exchange.
He copied and pasted the wallet address into his computer.
After 4 hours he got worried when the funds didn’t reach the exchange…
Nel told Cointelegraph that “C’s Bitcoin was sent from Kraken to VALR, a South African exchange,” however “malware running on his computer intercepted the copied data and inserted a new wallet address when he pasted this without realize”.
VALR exchange confirmed that the wallet address does not belong to them; In other warning signs, Nel added that “there are nine transactions in that wallet, so others have been intercepted as well.”
The wallet address in question now has a value of 0.27 BTC, but the funds have not moved. Nel shared a photo of the wallet address with connected addresses:
Malware attacks are nothing new in the world of crypto finance and indeed in Bitcoin transactions. Chainalysis estimates that a single malware bot stole up to $500,000 over the course of 2021.
Also, seasoned cryptocurrency enthusiasts may come under malware attacks: C first got involved in Bitcoin and cryptocurrencies in 2018. The malware attack is unlucky for C, but a poignant reminder for cryptocurrency users.
Bitcoin transactions are irreversible, or “immutable,” meaning that once funds have left a wallet, no party can tamper with or falsify data, or return the money. While it is one of the strengths of the protocol, in situations like this malware attack, it is a double-edged sword. Nell suggested:
“When you work with Bitcoin and cryptocurrencies, you are responsible for your own security. When copying and pasting wallet addresses, always check the first four to six characters and the last four to six characters to make sure they match.”
It boils down to one of Bitcoin’s most important mantras, “do not trust, verify”. If you send money, always re-read the addresses, marking “full address”. If it’s a large amount, send a test transaction of some Satoshis to make sure the funds arrive safely at the desired wallet address.
For C, despite the discovery and removal of the malware, “the problem was still there and he sent me [Nel] a video in which the wallet address was still changing dynamically.” The laptop, running Windows 10, appears to be compromised:
“All we know is that the malicious software was embedded in his operating system and it was still working.”
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.