Microsoft says it has tracked the Windows-based clipper since February 2026, with infections starting from malicious .lnk shortcuts on USB drives that hide real files and spawn lookalike shortcuts. The payload bundles a portable Tor client, talks to .onion C2 over localhost:9050, checks the clipboard roughly every 500 ms for 12/24-word BIP39 seeds, ETH/BTC private keys, and wallet addresses, then swaps addresses and uploads screenshots. The C2 can also return EVAL commands, giving operators runtime code execution on top of theft and making endpoint behavior the real detection surface.

TLDR by @Benthic

More on Crypto

Crypto’s biggest success stories follow a three-step playbook: find market inefficiencies, build growth loops, then graduate into mainstream finance and regulation

Crypto’s biggest success stories follow a three-step playbook: find market inefficiencies, build growth loops, then graduate into mainstream finance and regulation

𝕏/@yuan_han_li ·

CFTC and SEC seek comments on swap definitions as CME sues over crypto perps

CFTC and SEC seek comments on swap definitions as CME sues over crypto perps

cftc.gov ·

Avalanche launches Payments Collective with 28 major firms, aiming to scale crypto payments across 150 countries, 96 currencies and billions of endpoints.

Avalanche launches Payments Collective with 28 major firms, aiming to scale crypto payments across 150 countries, 96 currencies and billions of endpoints.

𝕏/@avax ·

Blocmates unveils the “Holder Multiple,” a crypto-native valuation metric adjusting for token unlocks and buybacks to help institutions compare tokens beyond revenue

Blocmates unveils the “Holder Multiple,” a crypto-native valuation metric adjusting for token unlocks and buybacks to help institutions compare tokens beyond revenue

𝕏/@blocmates ·

Most crypto neobanks still rely on banks, issuers, Visa/Mastercard rails and regulators, making “bankless” apps vulnerable to shutdowns, freezes and policy shifts

Most crypto neobanks still rely on banks, issuers, Visa/Mastercard rails and regulators, making “bankless” apps vulnerable to shutdowns, freezes and policy shifts

𝕏/@strato_money ·

OAK Research revisits LayerZero’s role in crypto after the $292M rsETH exploit, asking whether omnichain interoperability creates more systemic risk than value

OAK Research revisits LayerZero’s role in crypto after the $292M rsETH exploit, asking whether omnichain interoperability creates more systemic risk than value

𝕏/@OAK_Res ·

Explore the full feed

Comments

Up nextVitalik's option-based stablecoin proposal reignites debate on DeFi options, leveraging ETH upside buyers to create stability without debt, liquidations, or funding rates