2.3 Million BTC Addresses Monitored by Bitcoin Hackers
Cybercriminals are trying to take several actions to acquire Bitcoin in an illegal way. During the last months we have seen how exchanges and other platforms have been hacked, for example, Bithumb or BitGrail. Other ways to steal currencies are by using ransomware and cryptojacking attacks, but this is another story.
The technology behind virtual currencies did not change so much since they appeared in 2009, indeed most of it remains unchanged including the long addresses to send funds to another account.
Some users are all the time, copying and pasting addresses to send coins to another user, but some hackers have already discovered the way to exploit that and steal Bitcoins.
New Hacking Methods
Hackers discovered how to keep stealing currencies by exploiting the process of copying and pasting addresses. They have created a computer malware, which is known as cryptocurrency clipboard hijacker. The malware is able to monitor between 400,000 to 600,000 addresses at a time. And according to Bleeping Computer, more than 2 million Bitcoin addresses are being monitored.
In order for it to work the user needs to instal this program, which is a malicious DLL that is installed to the person’s registry. The DLL called d3dx11_31.dll creates an autorun program that works in the background and swaps addresses.
The program is able to detect Bitcoin addresses, and once it recognizes one, then it swaps it for another address. It is a very simple attack that can be very harmful for users that are transacting important amounts of funds. It is important to remember that cryptocurrency transactions cannot be cancelled and funds cannot be returned.
How To Avoid Them?
At the moment, there are no possible measures to counter this exploit, but the users should always monitor which files are downloaded and if they are free from viruses.
For example, a good way to avoid these situations is by having an antivirus program that detects the presence of such malware. As the crypto clipboard hijacker runs in the background it will not cause any problem to the user and it will be more difficult to detect it.
Another way to solve this problem is by double checking addresses before sending funds. In this way, there will be less chances to make a mistake and send money to another address. Moreover, if a user is making a transaction it would be a good security measure to first copy and paste the address on the clipboard to check that the address is the same.
If all the checks are completed, then that means that the address is secure and you can send your funds there.