Hey everyone! A bit of a sad story today, as I've lost a decent portion of my crypto portfolio (around 0.255 BTC) to a virus last night. Basically, I've lost it while sending it from one exchange to another because of a virus that I later realised I have. The thing recognizes bitcoin address in clipboard (when you copy it) and changes it to a different address when you paste it (the address of an attacker). Yes, it's a Windows machine...
The virus does not manifest itself in any other way than this (changing the BTC address you copied to clipboard to its own), nor can you find it in task manager... It's still active on my home computer. When you know it's there, it's easy to avoid it by for example copying your BTC deposit address without the first character, and after pasting it, adding that character manually. Copying of the address without one character (first or last for example) goes fine, since the intruder does not recognize BTC address...
But I just copied and pasted a deposit address for BTC on the exchange I was trying to put it on (Cryptopia), without looking much at the address itself, clicked send, and bye bye bitcoin... Later did I realized what happened.
Writing this to warn you all to always double check your address even if you're sure you copied it properly, check some of the numbers and letters...
I've checked the attackers address on Blockchain info, has 88+ BTC on it, probably mostly from people foxed like me: https://blockchain.info/address/13JF5274VuNthhwKkLrYyZW73smjSYAEen
Realized all this when I searched the attackers address on google and got this result for this address: https://bitcointalk.org/index.php?topic=1842977.0
So I'm not first, nor the last for sure to get f...ed like this (I noticed his balance went up 1 BTC since last night when I got foxed), so once again, do a little compare of your copied and pasted address when you make transactions... Funny thing is I realized the addresses were not the same moments after pressing tx confirmation (like a gut feeling or something), but Poloniex went on with tx so fast I didn't managed to cancel it in time. Weird since BTC tx was not very fast lately... Sigh.
Hope I save someone his/her BTC with this post! Would be really glad if I did.
In the end, if anyone may want to help me out recover some of my BTC and lighten my sorrow, my address is: 14AUASvS4AFEhoECPCpGxZw71F7zK8FBEE (I double checked it this time haha...). Thanks for reading and take care out there, a lot of ways to loose your cryptos!