Clipboard Hijacking Cryptocurrency Scam
Americans lost $12.5 billion to fraud in 2024, according to the FTC.
Quick Answer
Clipboard hijacking scams use malware to secretly replace a legitimate cryptocurrency wallet address you copy with a scammer's address, causing you to send funds directly to the thief in unrecoverable transactions.
Think you've seen this scam?
Paste any suspicious text, email, or voicemail into our free checker — get a verdict in 5 seconds. Or get our free Scam Defense Playbook.
Free. No credit card. No signup required for the checker.
How It Works
1
A user's computer or mobile device is infected with malware, often called a "clipper." This malware is typically hidden within pirated software, unofficial application downloads, or malicious email attachments.
2
The malware runs silently in the background, constantly monitoring the device's clipboard for any text that matches the format of a cryptocurrency wallet address.
3
When the user copies a legitimate crypto address to paste into their wallet for a transaction, the malware instantly and silently replaces it with a wallet address belonging to the scammer.
4
The user pastes the address, fails to notice the change, and authorizes the transaction. The cryptocurrency is sent to the scammer's wallet and is irreversible.
Red Flags
- Downloading and installing software, applications, or browser plugins from unofficial or untrusted sources.
- Noticing that a pasted wallet address looks slightly different from the one you copied, even if only the middle characters are changed.
- Receiving unexpected small or "dust" transactions from unknown crypto addresses in your wallet's history, which is a tactic used to poison your transaction logs with fraudulent addresses.
- Pressure to act quickly on a transaction, which prevents you from taking the time to verify details.
- Your antivirus or security software alerts you to a potential threat, especially after a recent download.
What to Do If Targeted
- Always manually verify every single character of a wallet address after you paste it and before you send the transaction. Read it out loud if necessary.
- Use security features offered by wallets and exchanges, such as address whitelisting or saving trusted addresses in an address book.
- Install and maintain reputable antivirus and anti-malware software on all your devices to detect and remove clipper malware.
- Avoid downloading software from unofficial app stores, torrent sites, or suspicious links. Stick to official sources.
- If you believe you have sent funds to a scammer, immediately report the fraudulent transaction to the cryptocurrency exchange or wallet provider you used.
- File a detailed report with law enforcement, providing all transaction details, including wallet addresses and transaction hashes.
How to Report It
- FBI IC3 — Report all cybercrime, including cryptocurrency fraud, to the FBI's Internet Crime Complaint Center.
- FTC — File a fraud report with the Federal Trade Commission to help them investigate and stop scammers.
- FCC — File a complaint about phone scams, robocalls, or unwanted calls with the Federal Communications Commission.
- AARP Fraud Helpline — Call 877-908-3360 for free support from trained fraud specialists. Available to anyone, not just AARP members.
Key Statistics
- The FBI's Internet Crime Complaint Center (IC3) received over 69,000 complaints involving crypto fraud in 2023, with total losses exceeding $5.6 billion. — FBI IC3 2023 Cryptocurrency Fraud Report
- Losses from cryptocurrency investment fraud schemes alone rose to $3.96 billion in 2023, a 53% increase from the $2.57 billion lost in 2022. — FBI IC3 2024
- A single clipboard hijacking malware campaign disguised as the Tor Browser was used to steal approximately $400,000 in cryptocurrency in early 2023. — Kaspersky 2023
- A related tactic called 'address poisoning' has led to massive individual losses, including two separate incidents where victims lost $12.2 million and $50 million by sending funds to a lookalike address. — Scam Sniffer 2026
Get scam alerts before they hit your parents' inbox
One email per week. The scam that's spreading right now, the red flags, and what to tell Mom and Dad.
Free forever. Unsubscribe in one click.
Frequently Asked Questions
A clipboard hijacking scam, or clipper malware scam, is a type of cybercrime where malicious software infects your device to monitor your clipboard. When you copy a cryptocurrency address to make a payment, the malware automatically replaces it with the scammer's address. Victims unknowingly paste the wrong address and send their crypto directly to the thief.
The only way to be certain is to meticulously compare the address you copied with the address you pasted, character by character, before confirming the transaction. Scammers often use 'vanity' address generators to create wallets where the first and last few characters match the original, making a quick glance insufficient for verification.
Cryptocurrency transactions are designed to be irreversible, which means recovering stolen funds is extremely difficult and highly unlikely. Once the transaction is confirmed on the blockchain, the funds are permanently in the scammer's control. Reporting the theft to authorities and exchanges immediately is the only course of action, but it does not guarantee recovery.
Clipper malware is most often bundled with other software downloaded from untrustworthy sources. This includes cracked or pirated software, applications from third-party app stores, and files attached to phishing emails. The malware installs itself secretly and operates without any obvious signs.
Has this scam reached your family?
Ready to protect yourself?
We've vetted the tools that actually work — VPN, threat protection, and identity monitoring.
See our recommended tools →Get weekly scam alerts
One breakdown per week. Real threats. Zero fluff.
You're in! Check your inbox.