Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Clipboard Hijacker

1 min read
Pronunciation
[klip-bawrd hy-jak-er]
Analogy
Like a pickpocket who swaps the money in your wallet with counterfeit bills while you’re not looking.
Definition
Malicious software that monitors and alters clipboard contents—often replacing cryptocurrency addresses with attacker-controlled addresses to steal funds.
Key Points Intro
Clipboard hijackers target users copying wallet addresses to divert transactions.
Key Points

Address monitoring: Watches for patterns matching crypto addresses.

Silent replacement: Substitutes user-copied address with attacker’s.

Persistence: Installs as background process or browser extension.

Evasion: Bypasses antivirus by using obfuscated code or legitimate-signed binaries.

Example
A user copies a Bitcoin address from a website; a clipboard hijacker replaces it with the attacker’s address before the user pastes into their wallet.
Technical Deep Dive
Hijackers hook OS clipboard APIs (e.g. Win32 `AddClipboardFormatListener`) or browser events, parse text for base58/Bech32 patterns, then rewrite buffer. Advanced variants monitor transaction amounts and only hijack high-value addresses.
Security Warning
Always verify recipient addresses after pasting, use address whitelisting tools, and maintain updated anti-malware software.
Caveat
Address checksum may not detect subtle changes; manual verification step is essential.
Related Terms
Phishing
Malware

Clipboard Hijacker - Related Articles

No related articles for this term.