‘Clipper’ malware is being used to steal crypto, Binance warns

Jason Macuray
Binance is warning customers that malware is being used to manipulate withdrawal addresses in order to steal cryptocurrency, in a campaign that has led to “significant financial losses for victims.

Binance is warning customers that malware is being used to manipulate withdrawal addresses in order to steal cryptocurrency, in a campaign that has led to “significant financial losses for victims.”

The company, which is the largest cryptocurrency exchange in the world, said its security team is in the process of identifying and blacklisting suspicious addresses while also letting victims know if they have been affected by the so-called ‘clipper’ malware. Binance did not respond to requests for comment about how many people have been affected and how much money has been stolen. 

“We have identified a global malware issue that is significantly impacting cryptocurrency transactions by altering withdrawal addresses during the transaction process. This type of malicious software… intercepts data stored in the clipboard, primarily targeting cryptocurrency wallet addresses,” the company said

“When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with one designated by the attacker.”

If the user does not notice the change, the crypto is sent to the attacker’s wallet. Binance noted that it saw a spike in this kind of activity on August 27, adding that clipper malware is typically distributed through unofficial apps and plugins on Android devices. 

Victims often downloaded these malicious apps accidentally while trying to find software in different languages or through unofficial websites that they use because of restrictions in the country where they live. While Android devices are affected, Binance said iOS users should also be wary.  

Several crypto thefts have been stopped by Binance, according to their statement, and they urged victims to come forward if they believe their cryptocurrency was stolen. 

Researchers have long warned of strains of malware that allow hackers to steal cryptocurrency by swapping out addresses placed onto a victim’s clipboard.

In November, Binance agreed to pay more than $4 billion in settlements with several U.S. law enforcement agencies after years of investigations uncovered widespread criminal use of the platform. 

The Treasury Department said the platform was used by groups like Hamas’ Qassam Brigades, Palestinian Islamic Jihad (PIJ), Al-Qaida, and the Islamic State group— as well as ransomware attackers, money launderers, and other criminals. 

Last month, Binance said its security team recovered $73 million in user funds that were stolen in hacks through July 31. That figure far surpassed the $55 million recovered in 2023. 

Of the $73 million, the vast majority came from hacks or crypto platforms that had been exploited. One-fifth  come from a variety of crypto-focused scams. 

Jimmy Su, chief security officer at Binance, said they have tried to expand collaborations with third-party services to better allow them to track and recover stolen funds.

Chainalysis warned last month that crypto heists are on the rise, with cybercriminals netting nearly $1.6 billion in the first half of 2024, up from $857 million during the same period of 2023.

CybercrimeNewsMalware
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution

Next Post

Feds sentence 12 crypto thieves behind SIM swaps, home invasions

Related Posts

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is
Avatar
Read More

Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize real threats. What is Intel? Intel was created to fill a gap in the resources available for tracking emerging
Avatar
Read More