Clear DefinitionsFormjacking
1 min read
Pronunciation
[form-jak-ing]
Analogy
Like a hidden camera installed at an ATM keypad capturing your PIN as you enter it.
Definition
A web‑based attack where malicious JavaScript is injected into forms on websites or dApps to steal user input—such as private keys or seed phrases—when users submit data.
Key Points Intro
Formjacking compromises frontends to exfiltrate sensitive user inputs.
Key Points
Script injection: Malicious code loaded via compromised CDN or dependencies.
Input capture: Listens to form events and sends data to attacker server.
Stealth: Code often obfuscated and conditionally triggered.
Supply‑chain risk: Third‑party libraries are common injection vectors.
Example
A dApp’s wallet connect page loads a compromised analytics script that captures seed phrases typed into the recovery form and posts them to a remote server.
Technical Deep Dive
Attackers inject `
Security Warning
Always audit third‑party scripts, use Subresource Integrity (SRI), and implement Content Security Policy (CSP) to block unauthorized code.
Caveat
Strict CSP may break legitimate integrations; balance security with functionality.
Formjacking - Related Articles
No related articles for this term.