Clipboard Malware Swaps Crypto Wallet Addresses—$1,200 Lost from a Bybit Deposit

A Bybit user lost $1,200 after clipboard malware silently replaced their destination wallet address during a transfer. The victim copied a Bybit deposit address into MetaMask on an Android device, saw no warnings or errors, and sent the funds. When the deposit didn’t arrive, they checked the pasted address and discovered it was not the original—clipboard malware had swapped it for an attacker-controlled address. Cybersecurity researcher BalaiBB described how the attack runs in the background: once a wallet-like alphanumeric string is copied, the malware instantly substitutes it while the pasted text appears nearly identical (often only the last few characters differ). A suggested mitigation is to compare the first and last four characters of any wallet address after pasting before confirming a transaction. The article also outlines other quiet drain methods highlighted by BalaiBB and CNC Intel: fake token approvals on DEXs, phishing sites using lookalike URLs, and fake customer support that asks for seed phrases (which legitimate firms never do). Another vector is Discord social engineering via compromised accounts and malicious mint/airdrop links. CNC Intel notes that once a clipboard malware transfer is confirmed on-chain, crypto recovery is nearly impossible. The stolen amount can be tracked, but practical retrieval is rare, and there is no dispute or refund mechanism. For traders, this reinforces operational security risk around USDT transfers and DeFi interactions (e.g., Uniswap-related flows). Expect heightened attention to address verification in the short term, but limited broader market impact.