Nasty crypto malware spies on your copy-and-paste — how to protect yourself

Cryptocurrency malware
(Image credit: Getty/Snappa)

Cryptocurrency holders beware. There's a nasty malware bug crawling around that jeopardizes your cryptocurrency transactions by spying on your clipboard (the temporary storage that hosts your copy-and-paste data), according to a Reddit post.

A Reddit user with the moniker SlappySpankBank (heh-heh) recounts when they spotted suspicious, unusual behavior from their PC when they tried to send Monero (touted as one of the best cryptocurrencies due to its private network) to another online wallet. Luckily, they detected the security breach before it was too late.

Malware bug steals crypto via clipboard snooping

To grasp how this bug executes its mission of stealing digital assets, you need to understand how cryptocurrency holders transfer coins from one online wallet to another.


Cryptocurrency (Image credit: Snappa)

Let's say you purchased Bitcoin from Coinbase (Wallet A), and now, you want to send it to a crypto online savings account (Wallet B). In order to send Bitcoin to your savings account, you'll need to know the address of Wallet B. Wallet B has a "Bitcoin address," a long string of code filled with random letters and numbers.

You must copy that Bitcoin address and paste it into a "Send to" field at Wallet A. Now, Coinbase knows exactly where to send your Bitcoin. Once you hit "Send," your Bitcoin will be sent to your crypto savings account.

Unfortunately for SlappySpankBank, this crypto-transferring process didn't go as planned. The Redditor attempted to send Monero from their Kraken account (Wallet A) to another platform (Wallet B), but here's where things got hairy: the address he copied from Wallet B looked completely different after he pasted it.

In other words, a malware bug accessed SlappySpankBank's clipboard and switched the genuine Monero address with the hacker's own address. If SlappySpankBank didn't notice that the addresses were different, they would have inadvertently sent their Monero straight into the hacker's lair.

"100% you have been compromised," Reddit user Wargizmo said. "This is one of the most common ways for hackers to steal crypto."

How to protect yourself from clipboard hacking

Wargizmo is right. Clipboard hacking is not uncommon in the cryptocurrency world — and it's not new either. In fact, cybersecurity firm 360 Total Security shed light on this malicious malware back in 2018; it discovered a Trojan that targeted Bitcoin and Ethereum holders.

"The Trojan monitors clipboard activity to detect if it contains the account address of Bitcoin and Ethereum. It tampers with the receiving address to its own address to redirect the cryptocurrency to its own wallet. This kind of Trojan has been detected on more than 300,000 computers within a week," the 360 Total Security report said.

So how does one avoid clipboard crypto hacking? First, you must always double-check your pasted wallet addresses to ensure it matches the code you originally copied. Secondly, make sure you have an updated anti-malware solution to protect your digital assets from malicious actors. 

It's also worth noting that SlappySpankBank claimed that he got rid of the clipboard-hacking virus by running a MalwareBytes scan.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!