Recent reports indicated that a Bitcoin user was tricked into sending 0.255 Bitcoin to the wrong address as a result of malware running on their computer. The unfortunate Bitcoin user was duped out of BTC worth nearly $10,000.
One tech blogger and crypto enthusiast, Louis Nel, flagged this issue on Twitter, referring to his friend as ‘C.’
A friend sent 0.255BTC from his bitcoin wallet to an exchange.
He copied and pasted the wallet address on his computer.
After 4 hours he was worried when the funds did not arrive at the exchange…
— Louis Nel (@LouisNel) March 14, 2022
Nel said that C’s:
“Bitcoin was sent from Kraken to VALR, a South African exchange,” however, “malware running on his computer intercepted the copied data and inserted a new wallet address when he pasted this without realizing.”
VALR crypto exchange confirmed that the wallet address used does not belong to them. In more warning signs, Nel added that:
“There are nine transactions into that wallet, so others have been duped as well.”
Notably, the wallet address in question has a value of 0.27 BTC but these funds have not yet moved. Nel even shared a photo of the wallet address with connected addresses:
Malware attacks are not a new thing in the world of crypto finance or bitcoin transactions. Chainalysis estimates that up to $500,000 was stolen by only one malware bot over last year.
Moreover, malware attacks can happen to seasoned and experienced crypto enthusiasts: C first started trading and investing in Bitcoin and crypto in 2018. This malware attack is just bad for C, but a strong reminder for the crypto users.
Bitcoin transactions are irreversible and immutable, which means that once the funds leave a wallet, no party can falsify or manipulate data, or send back the money. Although it is one of the protocol’s major strengths, in situations like this malware attack, it is a double-edged sword. Nel said:
“When working with Bitcoin and cryptocurrency you are responsible for your own security. When copying and pasting wallet addresses, always check the first four to six characters and the last four to six to ensure that they match.”
It now gets down to one of the most critical Bitcoin mantras, “don’t trust, verify.” When sending funds, always reread addresses, and check “the entire address.” In case it is a huge amount, send a test transaction of several Satoshis to guarantee that the funds arrive safely at the desired wallet address.
“Despite discovery then removal of the malware software, the issue was still there and he sent me [Nel] a video where the wallet address would still dynamically change.”
His laptop that was running Windows 10 seems to still be compromised:
“All we know is that the malicious software became embedded in his operating system and was still doing its thing.”