What is clipboard-hijacking crypto malware?

It's malware that watches your system clipboard for copied wallet addresses and swaps them for an attacker's, so crypto you meant to send yourself lands with the attacker instead. Microsoft's CryptoBandits family does this at roughly twice-a-second polling and also lifts seed phrases and screenshots.

How big were crypto scam losses in 2025?

Americans reported $11.37B in crypto fraud losses in 2025, a 22% rise on the prior year, with roughly 18,600 victims each losing more than $100K and an average loss above $62K. Chainalysis pegged global scam costs at up to $17B.

What is address poisoning?

An attacker sends you a tiny transaction from a wallet address that looks almost identical to one you regularly use. Later, when you copy a recent address from your history, you grab the lookalike by mistake and your funds go to the attacker.

How does a hardware wallet stop clipboard-swap scams?

A hardware wallet confirms the destination address and amount on its own secure screen, separate from your computer. Even if browser malware has swapped the address your machine shows you, the device-level check shows the real recipient before any signature.

What habits actually protect self-custody users?

Verify every deposit address inside the official app before broadcasting, treat any "loophole" or extra-value promise that needs an extension or script as a red flag, never share seed phrases or private keys on any connected screen, and slow down; urgency is the scammer's favorite tool.

〽️NEUTRAL 1h ago

CryptoSlate

Clipboard Malware Drains Crypto Wallets in $11.37B Scam Wave

The threat is shifting from protocol exploits to single-decision attacks on individual holders; a few pre-send verification habits and offline address checks close most of the gap.

Zipp Editorial Aggregated from CryptoSlate

Clipboard Malware Drains Crypto Wallets in $11.37B Scam Wave

Crypto fraud hit a record $11.37B in reported US losses in 2025, up 22% on the prior year, with global scam costs estimated at up to $17B by Chainalysis. The fastest-rising threats no longer break the blockchain. They target the moment before you hit send: clipboard-hijacking malware, address-poisoning lookalikes, fake support DMs, and approval-phishing airdrops.

Why it matters

Microsoft's threat intelligence team flagged a USB-borne Windows family, CryptoBandits, on June 17, 2026. It swaps a copied wallet address for an attacker's at roughly twice-a-second clipboard polling, while also siphoning seed phrases and screenshoting seed vaults. None of it defeats the cryptography. It only changes what your machine shows and copies at the worst possible moment. Investment-style social engineering drove about $7.2B of the FBI's 2025 loss tally; nearly 18,600 Americans each lost more than $100,000, and the average reported loss crossed $62,000. Attackers increasingly target the holder rather than the platform, knowing a single signed approval or lookalike address transfers the loss to the user.

Market impact

PeckShield pegged 2025 protocol exploit losses near $2.67B, roughly two-thirds of all crypto theft, but the marginal growth is in individual-victim scams. Self-custody defenses that move the final address check off the host screen, hardware wallets with on-device verification and Shamir-split key storage, blunt the clipboard-swap class entirely. Verify every deposit address inside the official app, treat any "loophole" or extra-value promise as a red flag, and keep seed phrases off any connected screen. That short habit stack is what the new threat model actually rewards.

#CryptoSecurity #SelfCustody #AddressPoisoning #HardwareWallet

Frequently asked questions

What is clipboard-hijacking crypto malware?

It's malware that watches your system clipboard for copied wallet addresses and swaps them for an attacker's, so crypto you meant to send yourself lands with the attacker instead. Microsoft's CryptoBandits family does this at roughly twice-a-second polling and also lifts seed phrases and screenshots.
How big were crypto scam losses in 2025?

Americans reported $11.37B in crypto fraud losses in 2025, a 22% rise on the prior year, with roughly 18,600 victims each losing more than $100K and an average loss above $62K. Chainalysis pegged global scam costs at up to $17B.
What is address poisoning?

An attacker sends you a tiny transaction from a wallet address that looks almost identical to one you regularly use. Later, when you copy a recent address from your history, you grab the lookalike by mistake and your funds go to the attacker.
How does a hardware wallet stop clipboard-swap scams?

A hardware wallet confirms the destination address and amount on its own secure screen, separate from your computer. Even if browser malware has swapped the address your machine shows you, the device-level check shows the real recipient before any signature.
What habits actually protect self-custody users?

Verify every deposit address inside the official app before broadcasting, treat any "loophole" or extra-value promise that needs an extension or script as a red flag, never share seed phrases or private keys on any connected screen, and slow down; urgency is the scammer's favorite tool.

Source attribution

Aggregated from CryptoSlate · Verified · Last refreshed 1h ago

Open original →

BTC Slips Below $60K as China Pumps $44B Into Liquidity

ED Raids in Bengaluru Push India's USDT Premium Above 8.5%

Bitcoin Crashes Below Key Cost Basis Levels as $45K Bottom Looms