The cryptocurrency industry, currently valued at over $2 trillion (Rs 1,70,32,400 crore), has been under threat from malicious actors whose numbers have rapidly increased around the world. In a recent blog post, Binance warned against “clipper malware” that cybercriminals are using to manipulate transaction details and steal tokens. The announcement comes just days after the FBI revealed that cryptocurrency users lost more than $5.6 billion (Rs 47,029 crore) to scams and fraud last year.
Understanding Clipper Malware
You may have noticed that when you copy something on your phone, the information is saved to the “clipboard” so it can be easily pasted into another app. This clipboard is exactly what cybercriminals target with the Clipper malware.
Crypto wallet addresses are usually made up of a random combination of numbers and letters and are difficult to remember. People often copy wallet addresses during transactions. According to Binance, clipping malware intercepts this data on the clipboard.
“When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with one specified by the attacker. If the user completes the transfer without noticing the change, the cryptocurrency is sent to the attacker’s wallet, resulting in financial loss,” the blog post reads.
Members of the crypto community who use Android devices and web apps are more vulnerable to clipper malware.
“Many users inadvertently install these malicious apps when searching for software in their native language or through unofficial channels, often due to restrictions in their country. iOS users should also remain vigilant,” the blog noted.
Attacks using the clipper malware reportedly spiked around August 27, 2024.
Recommended safety measures
Binance strongly recommends that cryptocurrency users double-check the wallet addresses they paste during transactions. To ensure the authenticity of applications and plugins, users should download them only from official sources. In addition, cryptocurrency investors are encouraged to install security software on their devices that can detect and remove malware.
“Awareness is a key component of cybersecurity. To be even safer, you can take a screenshot of the withdrawal address before sending payment and have the recipient verify it based on the photo, so text-modifying malware doesn’t stand a chance,” Binance said.
At the same time, cryptocurrency exchanges and businesses are required to proactively identify and blacklist suspicious wallet addresses through regular internal monitoring.
Binance said it is in the process of contacting users who may have been affected by the malware and providing relevant information. The exchange also said it is gathering more information about the malware and plugins that scammers are using to deploy Clipper malware.
Recent history of hacking of encryption apps
Crypto protocols have been hit by multiple hacks in recent months, resulting in millions of dollars in losses. In July, India’s WazirX cryptocurrency exchange lost more than $230 million (about Rs 1,900 crore) after hackers breached one of its multi-signature wallets. The exchange’s users are still under financial pressure as the exchange will take up to six months to finalize a financial restructuring plan.
Last week, Indonesia’s Indaodax cryptocurrency exchange lost $22 million (about Rs. 1.84 billion) in an alleged hacker attack, according to security firms SlowMist and Arkham, among others.
The FBI has warned cryptocurrency investors that North Korean hackers are also stepping up their activities, targeting the cryptocurrency sector with sophisticated techniques that are difficult to identify and respond to in a timely manner.
Follow us On Social Media Google News and Twitter/X