Web3 Bits and Bytes

Share this post

⚠️I got scammed⚠️- A short story

web3bitsnbytes.substack.com

Discover more from Web3 Bits and Bytes

A weekly newsletter helping you learn web3 through real world examples
Continue reading
Sign in

⚠️I got scammed⚠️- A short story

Clipboard malware that swaps your wallet address when you copy and paste it is on the rise. Find out if you are affected, what you can do to remove it and how to prevent it 👇

Laisha Wadhwa
Oct 30, 2022
5
Share this post

⚠️I got scammed⚠️- A short story

web3bitsnbytes.substack.com
Share

Welcome back readers👋

Welcome To Work GIFs - Get the best GIF on GIPHY

If you’re a new reader, thank you for checking in💜. Feel free to check out this month’s newsletters, which is the best way to explain what you will get here👇👇

Web3 Bits and Bytes
💸The easiest way to earn money in Web3🤑
Diwali bonuses are around the corner👀, and I’ve got something special: it’s the bonus post for Bits n Bytes this week. Read on to find out more👇👇 Today's newsletter is a complete guide to bounties in web3 + a starter pack to help you: 🛠 Work in web3…
Read more
a year ago · 1 like · Laisha Wadhwa

In addition to the weekly newsletter format, I will occasionally write a long-form post discussing the recent happenings in web3 - it could be about an exploit in web 3.0 or a new tool launched in this space or a deep dive into how some of your favourite DApps actually work. Drop your suggestions in the comments

Leave a comment

During the past few years, there has been a major boost in cryptocurrency adoption and development.

More people are using Crypto to transact their money than ever before. While this is great for the industry as a whole, it also means that there is a greater incentive for hackers to develop malware to steal your coins. And that brings us to the scam story.

As of today’s post, Yes I got scammed, lost ~200$ because of a Clipboard Malware😪!

No Sad GIFs | Tenor
Me in denial after being scammed

Now, how did it happen in the first place?

So, I had won some bounties in a hackathon and had shared my ETH address to receive the bounty in my wallet (I use Metamask)

Majority of the folks donot type their address manually and I did the same, copied it from the firefox extension and pasted it in the form, not realising the address copied was slightly different than my actual ETH address 🥶

Bruh, What just happened?

There was a clipboard malware watching all crypto address copied on the clipboard and changing those to their own private wallets thus robbing me of my money. Because it happens in the clipboard most people wouldn’t notice the change between copying and pasting. I got scammed and how 😱

Scam GIFs - Get the best GIF on GIPHY

Clipboard virus is an extremely dangerous cryptocurrency virus that is misuses Clipboard to steal people's funds

Malicious actors behind such threats take advantage of the fact that cryptocurrency wallet addresses are long, and people often copy them and paste to the needed place.

The concept is very simple.

👉When the victim copies their wallet address to their clipboard, the malware will replace it with a different address - which the attacker owns.

👉If after pasting the address the victim does not double-check if it matches the originally copied address, they end up sending the funds to the address of the attacker instead.😔

👉Because blockchain transactions are irreversible, it is impossible to retrieve your funds once they have been sent to the wrong address and your coins are lost 🥵

📌As malware like these run in the background with no indication that it is even running, it’s not easy to spot that you are infected😰

📌Therefore it is important to always have a updated antivirus solution installed to protect you from these types of threats🤯

Well in my case that didn’t help either (probably because mine wasn’t updated in 2 weeks).😭

Malwares explained

How do you know if you’re affected?

Clipboard malware can come in many different forms. 🧐

It can come as an application that you have installed/executed in your computer or even as a browser extension! 😈

An easy way to detect this kind of malware is by simply copying a wallet address from an exchange and pasting it somewhere - browser / text editor😮

If you notice that the wallet address that was pasted is different from the one you copied, then there is a solid chance that you have this malware on your device.😨

P.S: If the malware is in the form of a browser extension, this address swap may only happen on addresses that are copy and pasted inside your browser. (Which happened in my case😫)

What can you do to remove the malware?🧐

Typically, malware such as Clipboard Hijacker is distributed using spam campaigns /emails, Trojans, untrustworthy software download sources/channels, unofficial tools that people use to activate software and fake software updaters. In my case it was a large dll file running in background.

There are a few steps you can take to remove the malware from your device:

  • Remove ❌ all extensions from your browsers.

  • Install ❌trustworthy antivirus software and run a scan.

Usually, performing a scan with a trustworthy antivirus software will identify and clean this threat.

🔔Make sure that you are downloading them from official sources, otherwise you might end up installing even more malware!

MALWARE MALWARE EVERYWHERE - Buzz and Woody (Toy Story) Meme ...

What can you do to prevent getting the malware?

👉 Never install browser extensions from untrusted sources

👉 Always doublecheck the websites for phishing scams. The malware entered my system through installation of infinity wallet extesnion in Firefox. 😨

👉Keep your browser and operating system up to date and avoid installing unnecessary extensions.

👉Be careful of anyone sending you attachments in public forums like Discord, or clicking on any links that are placed there by other members.

👉Scammers will often message you directly in social media platforms like Instagram or Twitter, promising you money or other kinds of rewards. Do not trust these.

👉Be on the lookout for phishing emails. If you own crypto there is a good chance someone will target you with fake emails. Always check for the sender address, and any personalizations in the email. AVOID clicking on any hyperlinks in suspicious emails.


🚧Clipboard hijackers are usually considered a low threat since these types of malware strains are usually focused on a very specific attack.

⚠️However, it is always good to keep in mind that malware can be easily updated over the air to include additional functionality or even download other secondary payloads.

❗Detection is crucial❗

Trendulkar on Twitter: "Air quality in Delhi, this morning.  https://t.co/OifNnYxkE1" / Twitter
Until next time 🤘

Now that you know what not to do, go audit your devices and see if you’re affected too. 👩‍💻

Web3 FOMO? Not sure where to start? Subscribe for freshly brewed web3 content right into your inbox🤩

🟣Opportunities in web 3.0 this week🟣

1️⃣ Lumos lab isorgaising Buidl for web 3.0 in Delhi. Prizes worth INR 18k. ALso stand a chance to win from apool of $100000. What are you waiting for? Apply here 🏃‍♀️

2️⃣ Stack Shift has launched a fellowship for Web3 builders and innovators to expand their network and explore high-impact jobs in Web3. Apply here

That’s a wrap for today!

If you want more web3 gyan, then, be sure to follow us on Twitter (@Web3_BNB)

Adios👋

How'd you like today's web3 Bytes?

Let me know in the comments

Leave a comment

5
Share this post

⚠️I got scammed⚠️- A short story

web3bitsnbytes.substack.com
Share
Comments
Top
New
Community

No posts

Ready for more?

© 2023 Laisha Wadhwa
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing