A cryptocurrency investor lately lost $350 worth of bitcoins to a copy and paste crypto scam.
A Reddit post, a user, identified as “seraf1990,” warned members of the cryptocurrency Reddit Sub of a scam or malware that substituted a wallet address copied from Coinbase with an address that belonged to scammers.
The user said he was thinking to cash out some bitcoins by sending it from Binance to his Coinbase account and copied the BTC wallet address through the built-in copy function. He then pasted it as the destination address when Binance asked where he would like to send the bitcoins.
He verified the action without a second thought.
Later, he understood that the address he put on Binance is unusual from his Coinbase BTC wallet address, and the only similarity is that the first four characters are the same.
According to Cointelegraph, the compounding issue is that Coinbase does not show the user’s full wallet address but only the first few characters. The user assumes this is one reason why he didn’t detect the address swap initially.
“Money lost. No way to recover it. Please don’t repeat my mistake and do not blindly trust to copy-paste buffer, your computer could be infected with malware that swaps addresses and it will be too late when you realize that,”
he shared on Reddit, adding that funds were intended as payment for rent.
Similar users said it could be malware on his Windows computer or a browser add-on. But seraf1990 had already formatted his laptop, so there is no way to confirm what method was used to swap the address.
A cryptocurrency wallet address is an identifier of 26 to 35 alphanumeric characters signifying a possible destination of a Bitcoin transfer or payment. The 35 characters are challenging to memorize. Due to that reason, many markets employ the use of QR codes and copy-paste features to eliminate errors and incorrect wallet transfers.
Still, the case described by serif1990 is an implication that even those functions could be utilized by scammers using malware to swap the addresses. It is essential for the user to triple check the destination addresses of a Bitcoin transaction to avoid loss of funds.