Author Topic: My Bitcoin withdrawal on BTER.COM gone/disappeared to "wrong" address ! (SCAM?)  (Read 5143 times)

0 Members and 1 Guest are viewing this topic.

Offline happybit

  • Full Member
  • ***
  • Posts: 87
  • Happy Bit!
    • View Profile
..
1) I have submitted a ticket to bter and I am still waiting for answers....
2) If I was on a fake bter how could I see my right balances? And second I am using Two-Factor Authentication  ::)  And why they didn't touched my other funds (worth about 10 BTC @time)

PS I suspect my chrome extensions on my windows PC or...BTER(?).... (anybody with bad experience with chrome/bter 8)?)

You are right. It may be a malware key-logger/replacer or a chrome extension.  Do a reformat/reinstall of Windows would help.

As for the chrome extension, you can disable/remove it by going to chrome://extensions

Yes, but the thing is, if you are using ANY, it is really dangerous, because they can update automatically (and we just can't always know if the owners have changed or something) and they start to STEAL! -- here is the info on the one that stole from me! :(

https://bitcointalk.org/index.php?topic=424686.msg6324333#msg6324333

Offline cube

  • Hero Member
  • *****
  • Posts: 1404
  • Bit by bit, we will get there!
    • View Profile
  • BitShares: bitcube
..
1) I have submitted a ticket to bter and I am still waiting for answers....
2) If I was on a fake bter how could I see my right balances? And second I am using Two-Factor Authentication  ::)  And why they didn't touched my other funds (worth about 10 BTC @time)

PS I suspect my chrome extensions on my windows PC or...BTER(?).... (anybody with bad experience with chrome/bter 8)?)

You are right. It may be a malware key-logger/replacer or a chrome extension.  Do a reformat/reinstall of Windows would help.

As for the chrome extension, you can disable/remove it by going to chrome://extensions
ID: bitcube
bitcube is a dedicated witness and committe member. Please vote for bitcube.

Offline happybit

  • Full Member
  • ***
  • Posts: 87
  • Happy Bit!
    • View Profile
I've had the exact same thing happen before!!!  It was a f*cking chrome extension!!!

They update automatically and can become malware without you being able to do anything about it!!!

I thought lastpass was changing the addresses on me, and I tried turning it off, and turning off autofill and everything.

Nothing worked, and then I found that it was a bitcoin price notification extension (i found out by searching for the address it was sent to, and found others posting about similar problems) I checked yours, google didn't say anything, though it could be a new virus.

I asked a google developer about how this could happen, he said: "Just turn off autoupdate" -- that is not possible from what I see, and he couldn't figure it out either.

be super careful with Chrome Extensions

I can digup more info on this if you need it. Good luck!  I hope it wasn't this, and BTer can somehow give you back your BTC

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
hm maybe you can doing some test, create Linux live cd/dvd/usb any distro from "clean" pc/laptop.
boot using live cd on your pc, login to bter then you can test sending very small amount of btc to your addy.

if same things happen, then bter compromise.
otherwise your pc is compromise.

just my 2btsx, good luck  ;)

thanks for your advice...
I already do that  ;)

will inform further on next post's with my conclusions...

Offline sva_h4cky0

  • Jr. Member
  • **
  • Posts: 30
  • onore dikeido
    • View Profile
  • BitShares: sva-h4cky0
hm maybe you can doing some test, create Linux live cd/dvd/usb any distro from "clean" pc/laptop.
boot using live cd on your pc, login to bter then you can test sending very small amount of btc to your addy.

if same things happen, then bter compromise.
otherwise your pc is compromise.

just my 2btsx, good luck  ;)
天の道を行き、総てを司る! Ten no michi o iki, subete o tsukasadoru!

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

That could be a method used in my case... I remember I copy-paste the original address to bter...
(I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)

It doesn't matter if you're offline while typing passwords as the log is sent when you're online.

offline just to avoid nobody is spying in real time my screen (like on teamviewer)
and see what I am "typing" with my virtual on-screen keyboard ...

PS I am not typing in the traditional way...

Offline Method-X

  • Hero Member
  • *****
  • Posts: 1131
  • VIRAL
    • View Profile
    • Learn to code
  • BitShares: methodx
A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

That could be a method used in my case... I remember I copy-paste the original address to bter...
(I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)

It doesn't matter if you're offline while typing passwords as the log is sent when you're online.

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
i have no problem on BTER so far.

seems like your computer is a long time infected. first wrong transaction occured in July?????

But I have no other incidents ... so assume I have a malware that change "only" the bitcoin address copied to the clipboard?

Could it be that the transactions on July are fake? Only on history to make the user (me) use the wrong address "again"?

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

That could be a method used in my case... I remember I copy-paste the original address to bter...
(I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)

Offline Shentist

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 1601
    • View Profile
    • metaexchange
  • BitShares: shentist
i have no problem on BTER so far.

seems like your computer is a long time infected. first wrong transaction occured in July?????


Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
Found this about a malware that could possibly be responsible for your loss:

"Malware stealing bitcoins[edit]Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins stolen.[235] Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys.[235] A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

Thats pretty genius.  I'm waiting on a BTC from btc38 that has been sitting there for 12 hours.  God I hate these crypto-exchanges.  Part of the problem is I don't think they really do enough volume to pay well and cover all their expenses.  If BTC went to $100 for example, I would be highly doubtful they could even run a skeleton crew.  Most crypto-businesses could adapt in theory, but not these non-fiat crypto-exchanges.   
I speak for myself and only myself.

Offline Chuckone

  • Sr. Member
  • ****
  • Posts: 314
    • View Profile
Found this about a malware that could possibly be responsible for your loss:

"Malware stealing bitcoins[edit]Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins stolen.[235] Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys.[235] A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware


Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
I am sorry you are facing this.  Two possible scenarios :

1) Bter is hacked.  You should quickly contact Bter support and check with them,  or

2) Your PC is being hacked or it got a malware infection.   Your could be a victim of a phishing attempt.   The Bter website you are accessing was a fake and you were sending information to a fake bter.  Or your PC could be remotely controlled/spied on and your transmissions were being altered.  You should do a immediate full and thorough anvirus/anti-malware scan.

1) I have submitted a ticket to bter and I am still waiting for answers....
2) If I was on a fake bter how could I see my right balances? And second I am using Two-Factor Authentication  ::)  And why they didn't touched my other funds (worth about 10 BTC @time)

PS I suspect my chrome extensions on my windows PC or...BTER(?).... (anybody with bad experience with chrome/bter 8)?)
« Last Edit: October 15, 2014, 06:35:37 pm by liondani »

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
That sucks. You are sure its not your address? I have heard of chrome extensions that did an address swap for coinbase bitcoin address if you logged in to coinbase after downloading an exstension. I think it was something to do with doge.

It was not my address but even if it was, the funds are gone from this address to another after one day without me doing anything!

Ggozzo

  • Guest
That sucks. You are sure its not your address? I have heard of chrome extensions that did an address swap for coinbase bitcoin address if you logged in to coinbase after downloading an exstension. I think it was something to do with doge.