An unfortunate Bitcoin (BTC) user was duped out of 0.255 BTC, almost $10,000, due to malware running on their computer.
Louis Nel, a tech blogger and crypto enthusiast, flagged the issue on Twitter, referring to his friend as ‘C.’
Nel told Cointelegraph that C’s “Bitcoin was sent from Kraken to VALR, a South African exchange,” however, “malware running on his computer intercepted the copied data and inserted a new wallet address when he pasted this without realizing.”
VALR exchange confirmed that the wallet address does not belong to them; in further warning signs, Nel added that “there are nine transactions into that wallet, so others have been duped as well.”
The wallet address in question now has a value of 0.27 BTC but the funds have not moved. Nel shared a photo of the wallet address with connected addresses:
Malware attacks are nothing new to the world of crypto finance or indeed to Bitcoin transactions. Chainalysis estimates that as much as $500,000 was stolen by just one malware bot over the course of 2021.
Plus, malware attacks can happen to seasoned cryptocurrency enthusiasts: C first got involved in Bitcoin and cryptocurrency in 2018. The malware attack is rotten luck for C, but a poignant reminder for cryptocurrency users.
Transactions on Bitcoin are irreversible, or “immutable,” meaning that once the funds have left a wallet, no party can manipulate or falsify data, or send back the money. While it’s one of the protocol’s strengths, in situations such as this malware attack, it’s a double-edged sword. Nel suggested:
“When working with Bitcoin and cryptocurrency you are responsible for your own security. When copying and pasting wallet addresses, always check the first four to six characters and the last four to six to ensure that they match.”
It boils down to one of the most crucial Bitcoin mantras, "don't trust, verify." If sending money, always reread addresses, checking "the entire address." If it's a large amount, send a test transaction of a few Satoshis to ensure the funds arrive safely at the desired wallet address.
For C, despite discovery then removal of the malware software, “the issue was still there and he sent me [Nel] a video where the wallet address would still dynamically change.” The laptop, which was running Windows 10, appears to still be compromised:
“All we know is that the malicious software became embedded in his operating system and was still doing its thing.”