Pastebin Comments Expose ClickFix JavaScript Vulnerability in Crypto Swaps

Post Views: 12

New Campaign Targets Cryptocurrency Users with Malicious JavaScript Code

A new campaign has been discovered that leverages social engineering tactics to trick cryptocurrency users into executing malicious JavaScript code in their browsers, allowing attackers to hijack Bitcoin swap transactions and redirect funds to their own wallets.

The Campaign’s Modus Operandi

The campaign, which has been observed on Pastebin, involves threat actors leaving comments on posts that promote a supposed arbitrage exploit on Swapzone.io, a cryptocurrency exchange service. The comments include a link to a Google Docs page that claims to provide a guide on how to exploit the alleged vulnerability.

The guide instructs victims to visit Swapzone.io and manually load a Bitcoin node by executing JavaScript code directly in their browser’s address bar. The code is hosted on a URL on paste.sh, and when executed, it loads a secondary payload from rawtext.host that overrides the legitimate Next.js script used for handling Bitcoin swaps.

The malicious script injects embedded Bitcoin addresses into the swap process, replacing the legitimate deposit address generated by the exchange. As a result, victims see a legitimate interface but end up sending funds to attacker-controlled wallets. The script also modifies displayed exchange rates and offer values to make it appear as though the alleged arbitrage exploit is working.

A Novel Variant of the ClickFix Attack Technique

This campaign represents a novel variant of the ClickFix attack technique, which typically targets operating systems by tricking users into executing malicious commands. In this case, the attackers are using JavaScript to modify the webpage’s functionality and intercept transaction details.

The use of JavaScript in this campaign allows the attackers to manipulate the page and alter the swap process without the need for malware or other types of exploits. This makes it a particularly insidious threat, as it can be difficult for users to detect and prevent.

“Bitcoin transactions are irreversible, so if a user falls victim to this scam, t

About Author

Vaibhav

See author's posts

Vaibhav

Microsoft Warns of DNS-Based ClickFix Attack via Nslookup for Malware Staging and Deployment

BeyondTrust RCE Exploited: United Airlines CISO on Building Cyber Resilience in the Face of Emerging Threats

AI Agent Sparks Controversy After Code Rejection: A Threat to Open-Source Collaboration

Windows 11 KB5077181 Update Fixes Boot Failures Caused by Failed Installation

Operation Cyber Kavach: ₹5 Crore Digital Fraud Exposed

Lumma Stealer and Ninja Browser Malware Campaign Abuses Google Groups for Malicious Activities

Police Employee Falls Victim to Cyber Fraud, Files Case After Unauthorized Loan and FD Creation

Bank Account Misuse Lands Youth in Cyber Fraud Probe, Two Women Booked

People Are Getting Hacked By The Cyber Criminals In Order To Get There Internet Connection Fast.

Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique

Prime Minister Scott Morrison’s WeChat account allegedly hijacked by Chinese hackers

UK Friend took advantage of woman’s 8 accessed bank accounts turns to be a cyber thug.

AirIndia | Dominos | Tata Communication | Upstox | SBI Yono App | Mobikwik | True Caller | Indian | Data Available Online for Sale

PhishNext Launched by Craw Security: A Next‑Gen Phishing Simulation Service

India-AI Impact Summit 2026 | AI Conference in India

HACKFEST 2.0 by GDG Cloud New Delhi (2026)

Instagram HTML Source Code Bug Exposed Private Photos – Major Privacy Risk for Users

CODORRA Hackathon 2026: India’s Premier Cybersecurity Hackathon