JUNE 2018




"One infamous example of malware within cryptoasset transactions is Cryptocurrency Clipboard Hijackers. This is code that monitors the Windows clipboard for cryptocurrency addresses. When it detects one, it swaps the intended address of the transaction with one that the ‘hijackers’ control, essentially send that money elsewhere. Without taking direct notice of the address you’ve used, you might not realise it’s changed as you’re about to transact."


"ClipboardWalletHijacker's end-plan is to hijack BTC and ETH transactions, so victims unwittingly send funds to the malware's authors."


"While cryptocurrency has seen tremendous growth over the past year, sending cryptocoins still requires users to send the coins to long and hard to remember addresses. Due to this, when sending cryptocoins, many users will simply copy the address into memory from one application and paste it into another application that they are using to send the coins."


"Attackers recognize that users are copying and pasting the addresses and have crea\ted malware to take advantage of this. This type of malware, called CryptoCurrency Clipboard Hijackers, works by monitoring the Windows clipboard for cryptocurrency addresses, and if one is detected, will swap it out with an address that they control. Unless a user double-checks the address after they paste it, the sent coins will go to an address under the attackers control instead the intended recipient."


"In some cases, it’s been found that versions of this virus have been able to monitor over two million cryptoasset addresses."


"Bitcoin fraud cases can come in many variations. In this blog, we exampled ponzi schemes, fake cryptoassets, malware, pump-and-dump scams and fake ICOs to name a few."


"Checking the balances of these addresses using Blockchain.info (1, 2) and Etherscan.io, we can see crooks only received 0.12434321 BTC from eight transactions and no Ether. That's around $800."


"CryptoCurrency Clipboard Hijackers was essentially a malware scam. Unlike most of the scams on this list, which fraudulently posed as legitimate cryptocurrencies, wallets, or other blockchain technology hubs, the Clipboard Hijackers attacked Windows systems by monitoring the clipboard for cryptocurrency addresses. When one was detected, it was swapped for an address controlled by the perpetrators. Since a centralized company wasn't to blame for these attacks, they have the potential to pop up even today, so be wary of your online security."

The best way to avoid falling victim to this scam is to always check not just the start but also the end of any pasted bitcoin addresses prior to making any transaction. It's best to send a small amount first when performing large transactions.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.