Main Takeaways

• A global threat is ongoing, whereby malware is altering users’ cryptocurrency withdrawal addresses, leading to significant financial losses for victims.

• Binance's security team is identifying and blacklisting suspicious addresses, informing affected users, and monitoring and counteracting these threats.

• We recommend that users verify the authenticity of apps and plugins, double-check withdrawal addresses, and stay informed to protect themselves from this scam.

We have identified a global malware issue that is significantly impacting cryptocurrency transactions by altering withdrawal addresses during the transaction process. This type of malicious software, often referred to as "Clipper malware," intercepts data stored in the clipboard, primarily targeting cryptocurrency wallet addresses. When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with one designated by the attacker. If the user completes the transfer without noticing the change, the cryptocurrency is sent to the attacker's wallet, resulting in financial loss.

The issue has seen a notable spike in activity, particularly on August 27, 2024, leading to significant financial losses for affected users. The malware is often distributed through unofficial apps and plugins, especially on Android and web apps, but iOS users should also remain vigilant. Many users inadvertently install these malicious apps while searching for software in their native languages or through unofficial channels, often due to restrictions in their countries.

Binance's Countermeasures

Our security team is actively addressing this issue through several measures:

• Blacklisting Suspicious Addresses: We have blacklisted the attacker addresses to prevent further fraudulent transactions. This has successfully thwarted numerous withdrawal attempts from potential victims.

• User Notifications: We have informed affected users about the malware and advised them to check their devices for any suspicious software or plugins.

• Incident Reporting: Affected users have been asked to share details about their incidents to help us identify and analyze the malicious software and plugins involved.

• Ongoing Monitoring: Our team continues to monitor for new threats and update our security protocols accordingly.

Measures to Stay Safe

To protect yourself from this type of malware, follow these security tips:

• Verify Authenticity: Ensure that the apps and plugins you are using are authentic and not fake or potentially harmful versions. Avoid downloading software from unofficial sources.

• Double-Check Addresses: Always double- or triple-check your withdrawal address before completing any transactions. This simple step can prevent significant financial loss. To be extra safe, you can take a screenshot of the withdrawal address right before sending the payment and have the recipient verify it against a photo to leave text-altering malware no chance.

• Stay Informed: Keep up-to-date with the latest security advisories from Binance and other trusted sources. Awareness is a key component of cybersecurity.

• Use Security Software: Install reputable security software on your devices to detect and remove malware. Regularly update this software to protect against new threats.

By following these guidelines and staying vigilant, you can significantly reduce the risk of falling victim to this type of scam. Binance’s security team remains committed to safeguarding your assets and providing you with the tools and information needed to stay secure as the situation unfolds.

Further Reading

• How to Avoid and Report Fake Service Scams

• Know Your Scam: A Definitive Guide to Crypto's Most Prevalent Scams

• Understanding the Risks of Off-Exchange P2P Trading