For the past few months, cryptocurrencies like Bitcoin (BTC) have been skyrocketing in value. Now that bitcoin has surpassed a value of $7000, it’s at a high risk for hackers with malicious intent.
Bitcoin, by nature and definition, seems unhackable, but it very well may be. First, the user is still a human, and any human can be tricked and scammed. This is exactly what Cryptoshuffler took advantage of, stealing about $150,000 worth of BTC. Cryptoshuffler heavily depends on and uses the general lack of attention taken to minute details. In this case, when a user copies an address onto their clipboard, the program is designed to change the address to one owned by the creator of the malware. Unless the user pays attention and catches that the address was changed from the original, the money is sent to the malware owner. And since blockchain transactions (such as BTC) are irreversible, the user then has no recourse, and the funds are gone.
Because this type of malware is client based and only changes the address, it is not only compatible with bitcoin but works with other cryptocurrencies like Ethereum and Monero, since they are all based on the same method of sending money. At the time of writing, the creator of CryptoShuffler has received nearly 21 Bitcoin in just under a year of being in circulation. This is a current day equivalent of nearly $150k dollars. The simple idea of Clipboard-hijacking is not new, as it has been used many times with other similar services, such as credit card numbers and bank account numbers in the recent past. As more ways of paying emerge, expect to see more of these types of attacks in the future, as they are often easy, effective, and target those who are uncareful.
The success of CryptoShuffler, and many others we likely don’t even know about, shows how we need to be extremely careful online, and pay close attention to detail. Start by never downloading software from untrusted sources, and ensuring that the software you run has been signed. Use antivirus scanning software frequently, and have a reputable firewall installed. Where you can, use two-factor authentication, and keep different passwords for each website. Most of all, use common sense and be observant to small details…they can make all the difference, and keep you out of harm’s way.