Need help?
Blog HomepagePress
By NiceHash | 17 Jun 2022

PSA: Beware of Clipboard Malware

During the past few years, we have seen a major boost in cryptocurrency adoption and development. More people are using crypto to transact their money than ever before. While this is great for the industry as a whole, it also means that there is a great incentive for hackers to develop malware to steal your coins.

We have recently noticed an increase in the number of clipboard malware cases. Therefore, we are writing this article to bring awareness to this issue, and show you how you can detect such malware and prevent losing your funds.

How does Clipboard Malware work?

The concept of clipboard malware is very simple. When the victim copies their wallet address to their clipboard, the malware will replace it with a different address - which the attacker owns.

If after pasting the address the victim does not double-check if it matches the originally copied address, they might end up sending the funds to the address of the attacker instead.

Because blockchain transactions are irreversible, it is impossible to retrieve your funds once they have been sent to the wrong address and your coins are lost.

How do you know if you are affected?

Clipboard malware can come in many different forms. It can come as an application that you have installed/executed in your computer or even as a browser extension!

An easy way to detect this kind of malware is by simply copying a wallet address from an exchange and pasting it somewhere - for example in your browser or text editor, like notepad. If you notice that the wallet address that was pasted is different from the one you copied, then there is a pretty good chance that you have this malware on your device.

Note that if the malware is in the form of a browser extension, this address swap may only happen on addresses that are copy and pasted inside your browser.

What can you do to remove the malware?

There are a few steps you can take to try and remove the malware from your device:

  • Remove all extensions from your browsers;
  • Install trustworthy antivirus software and run a scan;
  • Perform a clean install of your operating system.

Usually, performing a scan with a trustworthy antivirus software, like Bitdefender or Malwarebytes will identify and clean this threat. Make sure that you are downloading them from official sources, otherwise you might end up installing even more malware!

However, each virus is different and there is a chance that it might leave trace files on your system. If you are unable to remove the malware with the two other steps or want to be completely sure that it is no longer present, it is best to reinstall your operating system.

Guides on how to freshly install Windows and other operating systems should be fairly easy to come about in Google.

What can you do to prevent getting the malware?

As mentioned, there are many places where you might find this malware, but there are a few good practices that can help to avoid being infected.

  • Always download software or applications from the official sources. If you are downloading our miners from GitHub make sure you download them from our official repositories!
  • Check web URLs to make sure you are on the correct site, scammers will often use sites like www.nicehesh.com or www.n1cehash.com Never download anything from these fake sites, as they often try to serve fake installers of mining software. Our team does its best to report and remove these as soon as they appear, but there are always new ones.
  • Keep your browser and operating system up to date and avoid installing unnecessary extensions.
  • Check the settings in your messaging apps, some apps such as WhatsApp or Telegram save attachments sent to you by default onto your device - TURN THIS OFF in your settings.
  • Be careful of anyone sending you attachments in public forums like Discord, or clicking on any links that are placed there by other members.
  • Scammers will often message you directly in social media platforms like Instagram or Discord, promising you money or other kinds of rewards. Do not trust these.
  • Be on the lookout for phishing emails. If you own crypto there is a good chance someone will target you with fake emails. Always hover over the sender with your mouse before opening to see the actual email used, and if it looks suspicious do not open it. Don’t open any links that you are not 100% sure where they lead to.
  • Antivirus software can sometimes detect this malware, but they are usually behind on the latest versions of malware (as they rely on known malware/viruses to be able to detect them), so you should never rely on Antivirus software alone to keep you safe. If you do use it, make sure it’s always up to date.
  • Do not store/access your crypto on your mining rig/personal computer! You should always keep your funds on a separate device to avoid issues like this - especially if you install third party software.
  • Do not trust applications that promise you double the hashrate or other crazy metrics at first sight! Always search for community reviews and feedback! Before our official LHR unlock, many hackers tried to spread malware in software that claimed to fully unlock LHR, while not actually delivering on its promises.
WRITTEN BY
NiceHash
NiceHash has a dedicated and passionate team of Bitcoin mining experts working all around the world, and is based in Zug, Switzerland. We are the leading hashrate marketplace for mining and hashrate derived products and services.
Don't miss from us!
Product Updates|By Marko Tarman |22 Apr 2026
Hosting Facilities and Miners: How Partnering With NiceHash Boosts Everyone's Profitability
Read more
NewsProduct Updates|By Simon Halužan |17 Apr 2026
Unified BTC Market Now Live
Read more
By Marko Tarman |8 Apr 2026
Bitdeer SealMiner A4: specs, electricity costs, and what it earns
Read more
This website uses cookies to ensure you get the best experience on our website.