Clipboard Hijacking Attacks
Clipboard hijacking silently replaces what you copy — crypto addresses, passwords, and bank details. It's invisible, automatic, and has cost millions in stolen cryptocurrency.
How It Works
- 1. Infection: Malware installed via phishing, malicious download, or compromised software
- 2. Monitoring: Malware runs silently in the background, watching clipboard content
- 3. Pattern matching: When you copy something that matches a pattern (crypto address, bank number, URL), the malware activates
- 4. Replacement: Your clipboard content is instantly replaced with the attacker's data
- 5. You paste: Without checking, you paste the attacker's address/number instead of the intended one
- 6. Theft: Crypto sent to wrong wallet. Payment made to wrong account. Irreversible.
What Gets Targeted
Cryptocurrency Addresses
CriticalBitcoin, Ethereum, and other crypto addresses replaced with attacker's wallet. Transactions are irreversible.
Bank Account Numbers
HighIBAN, routing numbers, and account details swapped during copy-paste for wire transfers.
Payment Links
HighPayPal, Venmo, and payment URLs modified to redirect to attacker-controlled accounts.
Passwords
MediumLess common but possible — copied passwords modified to log you into attacker-controlled sites.
Protection
Always verify after pasting
Check that pasted content matches what you copied. For crypto: verify first AND last 6 characters.
Use QR codes for crypto
Scan QR codes instead of copy-pasting addresses. Harder for malware to intercept.
Send test transactions
For large crypto or wire transfers, send a tiny amount first to verify the recipient.
Keep software updated
Clipboard malware exploits known vulnerabilities. Updates patch these.
Run endpoint protection
Windows Defender, Malwarebytes, or similar detects most clipboard hijackers.
Don't download from untrusted sources
Pirated software, game cracks, and unofficial apps are common clipboard malware vectors.