Clipper Malware Poses Threat to Crypto Transactions: Binance Urges Users to Triple-Check Withdrawal Addresses

The crypto sector, that is presently valued at over $2 trillion (roughly Rs. 1,70,32,400 crore), is under constant threat from malicious actors who are increasing in number at a rapid pace globally. In a recent blog, Binance sounded an alert about the ‘clipper malware', that is being used by cyber criminals to manipulate transaction details and steal tokens. This information from Binance comes just days after the FBI disclosed that crypto users lost over $5.6 billion (roughly Rs. 47,029 crore) last year through scams and frauds.

Understanding Clipper Malware

You may have noticed that when you copy something on your phone, the information is saved to the 'clipboard' for easy pasting into another app. This clipboard is precisely where cybercriminals are targeting with Clipper malware.

Crypto wallet addresses are usually made of random combination of numbers and alphabets, that are hard to remember. People frequently copy wallet addresses during transactions. As per Binance, the clipper malware intercepts this data on the clipboard.

“When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with one designated by the attacker. If the user completes the transfer without noticing the change, the cryptocurrency is sent to the attacker's wallet, resulting in financial loss,” the blog stated.

Members of the crypto community using Android devices and web applications are more at risk of being attacked by the clipper malware.

“Many users inadvertently install these malicious apps while searching for software in their native languages or through unofficial channels, often due to restrictions in their countries. iOS users should also remain vigilant,” the blog noted.

The use of the clipper malware for facilitating attacks reportedly saw a spike around August 27, 2024.

Suggested Safety Measures

Binance strongly advises crypto users to triple-check the wallet addresses they paste during transactions. To ensure app and plugin authenticity, users should only download them from official sources. Additionally, crypto investors are encouraged to install security software on their devices that can both detect and remove malware.

“Awareness is a key component of cybersecurity. To be extra safe, you can take a screenshot of the withdrawal address right before sending the payment and have the recipient verify it against a photo to leave text-altering malware no chance,” Binance said.

Crypto exchanges and businesses meanwhile, have been asked to proactively identify and blacklist suspicious wallet addresses by regular internal monitoring.

Binance has said that users who may have been affected by this malware are being reached out to with relevant information. The exchange also said it is collecting more information on malicious software and plugins that scammers are using to deploy the clipper malware.

History of Recent Hacks on Crypto Apps

In recent months, multiple hacks on crypto protocols have resulted in the loss of millions of dollars. In July this year, India's WazirX crypto exchange lost over $230 million (roughly Rs. 1,900 crore) after hackers compromised one of its multi-sig wallets. Users of the exchange are still reeling under financial pressure as the exchange looks at a timeline of up to six months to finalise a financial restructuring scheme.

Last week, Indonesia's Indaodax crypto exchange lost $22 million (roughly Rs. 184 crore) in an alleged hack, as per security firms SlowMist and Arkham among others.

The FBI has warned crypto investors that North Korean hackers are also increasing their activities, targeting the crypto space with sophisticated techniques that are difficult to be identified and tackled timely.