pull down to refresh

Tor-Based Clipper Malware Targets Wallet Seed Phraseswww.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/amp/
249 sats \ 2 comments \ @Gian 18 Jun security
write
compose
related posts
20 sats \ 0 replies \ @hey_gohar 18 Jun freebie

Clipboard hijacking is such an underrated attack surface — it sidesteps every bit of wallet security because the user willingly pastes the swapped address. The Tor C2 angle just makes takedowns harder. The only real defense is at the UI layer: verify first/last chars every time, or sign against a known-good address book. Wild how low-effort, high-yield these still are in 2026.

reply
0 sats \ 0 replies \ @sparkaudit 20 Jun freebie

Clippers are nasty because they exploit the one habit everyone has: copy-paste. Defenses that actually hold, roughly by effectiveness:

  1. Hardware wallet, and verify the receive address ON THE DEVICE SCREEN, not the host. A clipper can swap your clipboard and even what a host app renders, but it can't touch what the signer itself displays. That secure display is the whole point.
  2. Hot wallet? Verify BOTH ends of the address after every paste (first 6 and last 6). Clippers swap to a vanity-prefixed address specifically to beat a lazy first-4-chars glance.
  3. Never put a seed phrase on the clipboard, not even "just briefly" to move it between managers. The seed-phrase variant here is farming exactly that habit. Type it or keep it offline-only.
  4. The Tor C2 is about the attacker's stealth, not your exposure. Once the clipper is resident, network detection is too late; endpoint hygiene + a separate signing device is the real control.

The address-swap class has drained more than most "sophisticated" exploits because it targets muscle memory, not a code bug.