Closed omegaflarex closed 4 years ago
SomberNight
commented
4 years ago You probably have clipboard malware. To be specific, there is a type of malware out there that changes the contents of your clipboard if it detects it's a bitcoin address.
Either you have downloaded a malicious fork of Electrum (not from the official site), or the malware is an external program.
Try copying this address and see if gets changed: 19uSuVhbTbYFbexU6BuRB7aPgQr5AB8Moo
omegaflarex
commented
4 years ago Hello:
It has been verified via PGP/GPG. Further testing indicate that this single BTC address I provided via email is the only BTC address that changes its address after pasting it; the BTC address you provided pasted correctly.
I fired up electrum again and now it's working just fine. Strange.
Let me know.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, April 15, 2020 12:57 PM, ghost43 notifications@github.com wrote:
You probably have clipboard malware. To be specific, there is a type of malware out there that changes the contents of your clipboard if it detects it's a bitcoin address.
Either you have downloaded a malicious fork of Electrum (not from the official site), or the malware is an external program.
Try copying this address and see if gets changed: 19uSuVhbTbYFbexU6BuRB7aPgQr5AB8Moo
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
omegaflarex
commented
4 years ago Security Audit Log:
gpg: Signature made 07/11/19 10:26:15 Eastern Daylight Time
gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin ( https://electrum.org ) < thomasv@electrum.org
" [full]
gpg: aka "ThomasV < thomasv1@gmx.de
" [full]
gpg: aka "Thomas Voegtlin < thomasv1@gmx.de
" [full]
Thanks!
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, April 15, 2020 1:30 PM, techspec82 techspec82@protonmail.com wrote:
Hello:
It has been verified via PGP/GPG. Further testing indicate that this single BTC address I provided via email is the only BTC address that changes its address after pasting it; the BTC address you provided pasted correctly.
I fired up electrum again and now it's working just fine. Strange.
Let me know.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, April 15, 2020 12:57 PM, ghost43 notifications@github.com wrote:
You probably have clipboard malware. To be specific, there is a type of malware out there that changes the contents of your clipboard if it detects it's a bitcoin address.
Either you have downloaded a malicious fork of Electrum (not from the official site), or the malware is an external program.
Try copying this address and see if gets changed: 19uSuVhbTbYFbexU6BuRB7aPgQr5AB8Moo
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
SomberNight
commented
4 years ago Note for other readers: Based on private email received, the before/after addresses are both legacy p2pkh addresses ("1..."). The last two characters plus the second characters are identical (i.e. the malware bruteforced 3 base58 chars).
I have electrum 3.3.8 and I just purchased $200.00 worth of BTC. I copied the correct BTC address and pasted it so I could retrieve my BTC. 15 minutes passed and no confirmation. I double-checked my returning address and it's a wrong address. I swore I copied and pasted the correct BTC address. So I did some testing. Turns out my original suspicion is correct: copying the correct BTC address will result in a incorrect BTC address after using the paste function.
Sigh. I lost $200.00 - all of the specific BTC address and information is emailed to electrumdev@gmail.com due to privacy.
Electrum version 3.3.8