Binance analysts say that there is a global problem of malware spreading to replace transaction addresses
The exchange’s security service began blacklisting suspicious addresses and collecting information from victims
16.09.2024 - 09:50
2074
3 min
0
What’s new? Analysts at Binance, the world’s largest centralized crypto exchange (CEX), said there have been numerous incidents of malware capable of changing the withdrawal address during the transaction process. They urged caution in installing plugins and apps, including web versions and versions for Android and iOS devices.
What else is known? Binance emphasized that the exchange’s security team is dealing with the issue and is actively blacklisting suspicious addresses.
The software detected by analysts belongs to the Clipper type, such programs intercept data from the clipboard, and in this case, they target crypto wallet addresses.
When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with the one specified by the attacker. The cryptocurrency is sent to the attacker's wallet if the user completes the transfer without noticing the change.
Malware is often spread through unofficial apps and plugins, especially on Android and web versions, but analysts say iOS users should also remain vigilant.
Many victims mistakenly install such programs when searching for software in their native language or through unofficial channels, often due to restrictions in their countries.
In addition to blacklisting suspicious addresses, the exchange notifies victims of the malware and recommends that they check their devices. Victims are also asked for details about the incidents, which will help identify specific programs.
Binance experts urged not to install applications from unofficial sources, as well as to thoroughly check addresses before making transactions and use antivirus.
In August, IS company Check Point discovered software with a similar mechanism of action called Styx Stealer. The creator under the nickname Sty1x lives in Turkey and distributes the program on a paid monthly or perpetual subscription basis.
In the same month, Microsoft said a group of hackers from North Korea used a zero-day vulnerability in the Chromium web browser to steal cryptocurrencies.
Last year, antivirus developer ESET discovered trojans embedded in messengers WhatsApp and Telegram that could spoof crypto wallet addresses and extract seed phrases to gain access to them.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026

Telegram
Twitter