A clever hacking method has been revealed that might be stealing your money from your Ethereum wallet. A user posted on r/Ethereum subreddit, the largest community of Ethereum (over 131,000 members) that a malware is installed within your computer capable of changing Ethereum addresses simply by updating it in the moment the user copies and pastes the address.
A similar type of virus “Trojan.Coinbitclip” was implemented within the computers of Bitcoin users last year. This was then discovered by the major antivirus development firm Symantec in February 2016. This Trojan was spread around by different phishing attacks, scams or other usual hacking methods. Hackers stole a lot of Bitcoin wallets just by reallocating them to different wallet addresses.
Luke Parker, a Bitcoin journalist explained that the complexity of this malware. According to him, the reason it would have been difficult to spot was due to the algorithms the hackers used to match any victim’s Bitcoin address to a similar wallet address. They had 10,000 addresses stored in their system.
“The end result is that copying and pasting a payment address can easily trick you into sending your coins to the malware’s creator”- Parker added.
This new virus that has invaded Ethereum is very similar to Trojan.Coinbitclip. The user who first discovered the problem, Apneal, explained that the issue was only discovered after a few transactions were completed. He initially made a transaction of 0.01 Ether from a cryptocurrency exchange to his wallet and noticed that the transaction had not reached his wallet. That meant to him that it either had not been yet broadcasted in the Ethereum network, or it had been send to a different address.
Using Etherscan, Apneal confirmed that the transaction had in fact been successful and Ethereum had received the payment but something wasn’t right with the address. Apneal spotted that the final address was sent to a different wallet. After trying to copy and paste the same address in the notepad of his MyEtherWallet he could see that the address automatically changed to something different. He tried copying other text on the screen and that worked perfectly, unlike the address.
In Apneal’s case, his system has been compromised and just installing an antivirus will not help destroy the malware. The best thing to do in this occasion is format all connected drives, and reinstall Windows entirely to reset the device.
Also, make sure you always doublecheck your Ether Address even when copying and pasting.