Hackers are always finding new ways to trick people in the crypto space. One significant threat to investors are address swap attacks, that trick victims into sending money to the wrong address. In this article, we will talk about what address swap attacks are, how they work, and how to prevent them.
How address swap attacks work
- Hackers infect a user’s device with malware that monitors the clipboard for copied wallet addresses.
- When a user copies a wallet address to send funds, the malware automatically replaces it with the hacker’s address.
- The user, unaware of the change, pastes the altered address and sends funds to the hacker.
How to protect yourself from an address swap attack?
Never assume that the pasted address is the one you copied – malware can alter it in the copy/pasting process without your knowledge.
Manually verify the first and last few characters of the wallet address
- Any time you paste an address, compare it to the source.
- Spot-check 3 sets of 5 characters within the address. It is not computationally feasible for malware to calculate an attacker’s address to match a copied address to that level of accuracy.
- It is not necessary to check every character.
- Hardware wallets will display the target address on their displays. Verify the address here when approving the transaction.
Enable transaction confirmations on your wallet or exchange
- Some crypto wallets and exchanges offer an extra confirmation step before completing a transaction.
- This allows you to review the wallet address again before the transaction is finalized.
- If your wallet has this feature, make sure it is turned on to avoid accidental mistakes.
Improve PC hygiene to minimize the odds of malware infection
- Use trusted antivirus and anti-malware software that can scan your device for clipboard hijacking malware.
- Keep your security software up to date to ensure protection against the latest threats.
- Regularly scan your device for malware and remove any suspicious programs.
Avoid downloading unknown files or clicking suspicious links
- Hackers often spread malware through phishing emails, fake software, or malicious websites.
- Be cautious when downloading crypto-related tools, plugins, or wallets—only use official sources like the project’s website or verified app stores.
- If you receive an email or message with a link to a wallet update or exchange login, verify the URL before clicking.
Beware of unsolicited messages offering help or financial opportunities
- Scammers often impersonate support agents, influencers, or investment experts to trick victims into installing malware.
- They may send messages via Telegram, Discord, Twitter/X, or email, offering to help with transactions or “exclusive” investment deals.
- Legitimate support teams never contact users first—always verify support channels before engaging.
By following these security measures, you can greatly reduce the risk of falling victim to an address swap attack and protect your crypto assets from fraud.
Looking for
In-depth CyberSecurity Consulting with BitcoinVN
As of January 2025, every wallet purchase on BitcoinVN Shop includes a free remote consultation with our Cybersecurity team to get you started the right way. For in-depth, private guidance, 1-on-1 sessions are also available for booking.
