Key points to remember
An attack is currently being launched worldwide using malware that changes users' crypto withdrawal addresses and causes huge financial losses for victims.
Binance's security team identifies and blacklists suspicious addresses, notifies affected users, and monitors these threats to combat them.
We recommend users to verify the authenticity of apps, plugins, and withdrawal addresses, and continue to educate themselves to protect themselves from this scam.
We have identified a global malware issue that is significantly impacting crypto transactions by changing withdrawal addresses during the transaction process. This type of malware, often referred to as “Clipper,” intercepts data stored in the clipboard and primarily targets crypto wallet addresses. When a user copies and pastes a wallet address to transfer crypto, the malware replaces it with an address chosen by the attacker. If the user completes the transfer without noticing the change, the crypto is sent to the attacker’s wallet and the victim loses their funds.
This issue has seen a notable spike in activity, notably on August 27, 2024, and has caused significant losses to targeted users. The malware in question is often distributed via unofficial apps and plugins, especially on Android and web apps, but iOS users are not immune. Many users inadvertently install such malicious apps when searching for software in their native language or from unofficial channels, often due to restrictions in their country.
Binance retorts
Our security team is actively addressing this issue by deploying several measures:
Blacklisting of suspicious addresses: We blacklisted potential attacker addresses to prevent further fraudulent transactions from taking place, which allowed us to stop many withdrawal attempts by potential victims.
User Notifications: We notified affected users about the malware and advised them to check their devices for suspicious software or plug-ins.
Crash Reports: Affected users have been asked to provide us with details of the crashes they have experienced to help us identify and analyze the malware and plug-ins involved.
Continuous Monitoring: Our team continues to monitor for new threats and update our security protocols accordingly.
How to stay safe?
To protect yourself against this type of malware, follow these security tips:
Authenticity check: Make sure that the apps and plugins you use are genuine and not fake or potentially dangerous versions of the real thing. Don’t download software from unofficial sources.
Verifying withdrawal addresses: Remember to carefully verify your withdrawal address before committing to any transaction. This simple step can help prevent significant financial losses. For added security, you can take a screenshot of the withdrawal address right before sending the payment and ask the recipient to compare it to the payment details received to detect any potential alteration of the text by malware.
Stay informed: Check out the latest security tips from Binance and other trusted sources. Staying informed is crucial to staying safe online.
Use security software: Install reputable security software on your devices to detect and remove malware, and update it regularly to protect against new threats.
Follow these guidelines and stay vigilant to greatly reduce your risk of becoming the next victim of this type of scam. The Binance security team continues to protect your assets and provide you with the tools and information needed to stay safe as the situation evolves.
