Bitcoin stealing malware: Bitter reminder for crypto users to stay vigilant

An unfortunate Bitcoin (BTC) idiosyncratic was duped retired of 0.255 BTC, astir $10,000, owed to malware moving connected their computer. 

Louis Nel, a tech blogger and crypto enthusiast, flagged the contented connected Twitter, referring to his person arsenic ‘C.’

— Louis Nel (@LouisNel) March 14, 2022

Nel told Cointelegraph that C’s “Bitcoin was sent from Kraken to VALR, a South African exchange,” however, “malware moving connected his machine intercepted the copied information and inserted a caller wallet code erstwhile helium pasted this without realizing.”

Kraken speech confirmed that the wallet code does not beryllium to them; successful further informing signs, Nel added that “there are 9 transactions into that wallet, truthful others person been duped arsenic well.”

The wallet address successful question present has a worth of 0.27 BTC but the funds person not moved. Nel shared a photograph of the wallet code with connected addresses:

The Bitcoin wallet with affected addresses. Source:  Louis Nel

Malware attacks are nothing caller to the satellite of crypto finance oregon so to Bitcoin transactions. Chainalysis estimates that arsenic overmuch arsenic $500,000 was stolen by conscionable 1 malware bot over the people of 2021.

Plus, malware attacks tin hap to seasoned cryptocurrency enthusiasts: C archetypal got progressive successful Bitcoin and cryptocurrency successful 2018. The malware onslaught is rotten luck for C, but a poignant reminder for cryptocurrency users.

Transactions connected Bitcoin are irreversible, oregon “immutable”, meaning that erstwhile the funds person near a wallet, nary enactment tin manipulate oregon falsify data, oregon nonstop backmost the money. While it’s 1 of the protocol’s strengths, successful situations specified arsenic this malware attack, it’s a double-edged sword. Nel suggested:

“When moving with Bitcoin and cryptocurrency you are liable for your ain security. When copying and pasting wallet addresses, ever cheque the archetypal 4 to six characters and the past 4 to six to guarantee that they match.”

Related: No crypto for criminals: Coinjoin BTC mixing instrumentality to artifact illicit transactions

It boils down to 1 of the astir important Bitcoin mantras, "don't trust, verify." If sending money, ever reread addresses, checking "the full address." If it's a ample amount, nonstop a trial transaction of a fewer Satoshis to guarantee the funds get safely astatine the desired wallet address.

For C, contempt find past removal of the malware software, “the contented was inactive determination and helium sent maine [Nel] a video wherever the wallet code would inactive dynamically change.” The laptop, which was moving Windows 10, appears to inactive beryllium compromised:

“All we cognize is that the malicious bundle became embedded successful his operating strategy and was inactive doing its thing.”