# Clipboard Hijacking

If you copy a wallet address and notice that it changes when you paste it—stop immediately and check your device. It may be infected with malware designed to steal your funds.

### 🥷 How does it work?

A malicious program intercepts user's clipboard data and secretly replaces wallet addresses. Here’s how it happens:

{% stepper %}
{% step %}
Users copy a wallet address to send funds.
{% endstep %}

{% step %}
Malware swaps it with a scammer’s address in their clipboard.
{% endstep %}

{% step %}
Users paste the modified address into the transaction field.
{% endstep %}

{% step %}
Without noticing the switch, they confirm the transfer.
{% endstep %}

{% step %}
Their funds go straight to the scammer.
{% endstep %}
{% endstepper %}

Since blockchain transactions are irreversible, there's no way to get them back.

### 😰 Is your device infected?

Check it now:

{% stepper %}
{% step %}
Copy any random text or number (not a wallet address).
{% endstep %}

{% step %}
Paste it somewhere to confirm it copies correctly.
{% endstep %}

{% step %}
Now copy and paste a real wallet address.
{% endstep %}

{% step %}
If the pasted address is different from what you copied—your device is compromised.
{% endstep %}
{% endstepper %}

### 🕵️ How to protect yourself?

1. **Use antivirus software**

Regularly scan your devices for malware and viruses.

2. **Always double-check recipient addresses**

Even a single altered character can send your funds to the wrong place. Save trusted addresses in MyTonWallet to avoid mistakes.

3. **Send a small transfer first**

Before transferring a large amount, send a small sum to confirm it reaches the correct address.

4. **Be cautious online**

Avoid downloading files from unverified sources and don’t click suspicious links.

{% hint style="danger" %}
**Never share your seed phrase with anyone.**
{% endhint %}

{% hint style="warning" %}
If an offer sounds too good to be true, it probably is. Stick to basic [**security rules**](/intro/scams/how-to-protect-yourself-from-fraud.md) to protect your funds.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.mytonwallet.io/intro/scams/fake-deposit-addresses.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.