Clipboard hacking
Crypto addresses do not lend themselves to being memorised or typed in manually, like an email or username. Enter copy and paste, the unsung hero of crypto transactions. Many wallets and exchanges like MetaMask, include built-in 'copy' shortcuts that allow you to copy your address with a single click. These features smooth the process of pasting into a recipient field when transferring tokens.
Clipboard hacking does not mean you need to be suspicious of people bearing clipboards. You just need to get into the habit of double-checking the addresses you paste.
What is clipboard hacking?
In short, clipboard hacking exploits the copy and paste function to rob you.
It happens when a malicious actor installs a script on your device through some kind of malware/spyware. This script is designed to scan new additions to your clipboard continually, looking for public addresses. When it identifies one, it will replace the address you actually copied with one the script it is programmed to insert.
When you next attempt to send a transaction, the malware intervenes and inserts its own address, potentially resulting in you irretrievably sending funds to a hacker's wallet when you confirm a transaction. This is why it's always a good idea to double-check recipient addresses after you paste them.
How do I identify and address a clipboard hack?
Open your device's default text editor. On desktop, this will be Notepad for Windows devices and TextEdit for Mac. If you're using MetaMask Mobile, use your device's native note-taking/text editing app (such as Notes on iOS).
Now try this:
- Open the text editor and write anything, and then try copying and pasting this text within the same file. This should hopefully confirm that copy and paste is working correctly on your device.
- Copy your address from MetaMask and paste it into the text editor. Do the pasted address and your actual address match up?
If they don't correspond, you need to scan your device for potential malware/spyware/viruses. The methods for doing so vary considerably depending on your device, so please check with your manufacturer or OS provider.
Here are some starting points:
- Apple Support: Protect your Mac from malware
- Microsoft Support: Stay protected with Windows Security
- Google Support: Remove malware or unsafe software (Android)
Malware scanning is generally not possible on iOS due to its underlying structure. However, since App Store content is vetted so carefully, it is unlikely any malicious software can be downloaded by regular users.
Another important step to consider is to make sure your OS is completely up to date. New software versions often include security fixes that address the latest threats.
Stay vigilant
Whilst the method outlined above may help identify clipboard hacks, it may not work in all cases. Hackers are, naturally, continually improving the sophistication of their attacks to stay ahead of the curve; in some cases, the method above won't be enough to identify whether your device is affected. It's possible that the script may be advanced enough to recognize the location you're pasting into, and simply lie dormant until it spots that you're actually pasting an address into MetaMask, or any other wallet or dapp.
This is why we can't emphasize enough: get into the habit of always checking the addresses you paste. Even just a quick scan—double-checking that a handful of characters at the beginning and end of the address are correct—is enough.
How can I protect myself?
A logical first port of call is to ensure you have robust anti-malware software installed, and keep it updated. Your software should identify most potential clipboard hacking malware programs, notify you, and quarantine them before they can affect your crypto activity. For more hardware/software security recommendations, see this excellent list of suggestions by one of our admins on the MetaMask Community page. It relates specifically to keyloggers, but the same principles will apply.
However, since there is a possibility that your anti-malware software may not detect the program, the only way to be safe is to double- and triple-check addresses before you confirm any transaction. Some hardware wallets may prompt you to do this anyway, but as transactions are irreversible, it is a worthwhile habit to adopt.
Clipboard hacks have a closely related cousin in keylogging. Rather than just focusing on your clipboard, keyloggers allow bad actors to monitor every single keystroke on your computer.