Clipboard swapping is a technique that silently changes text after a user copies it and before it is pasted. In cyber security, it is often used to replace cryptocurrency wallet addresses, payment details, or command strings with attacker-controlled values. The user may see the original content when copying, but the pasted result is different.
This matters because the clipboard is a trusted workflow in many attacks. A clipboard-swapping payload can run on a compromised system, watch for copied strings, and substitute a lookalike address in milliseconds. In crypto theft, that can redirect funds to an attacker without raising suspicion until the transaction is irreversible. Defenders look for suspicious processes that monitor the clipboard, unexpected changes in pasted data, and malware that targets copy-paste behavior. Careful address verification and clipboard-aware security tools can reduce the risk.



