Crypto Hijack via Email Attachment

Malware designed to access your crypto is just an email attachment away.


Crypto hijack via email attachment is a type of scam that combines traditional hacking and crypto scams. The victims are users who open the email attachment which infects their computers with malware specifically designed to target crypto.

Crypto Hijack via Email Attachment
Crypto Hijack via Email Attachment

Scam type

Malware. Hijack.


The purpose of this attack is to get the victim to open the email attachment infected with malware. If the victim opens the attachment and the malware is successfully installed, the malware will try to access the victim’s wallet and/or web browser and transfer all crypto to the attacker.


The attacker is a power user who develops and/or uses an already developed malware designed specifically to target crypto-based software and services on the victim’s computer. Attackers are trying to distribute the malware among the general public, infecting as many devices as possible. Malware is designed to access the victim’s crypto and to send all of the available assets to the attacker.


The victim of these attacks are users who open email attachments from unknown senders. The attachment usually holds malware or macro scripts that install the malware in your system or web browser. Once installed, the malware’s job is to access the victim’s crypto and send it to the attacker.

How does the crypto hijack via email attachment work?

In order for the attacker to succeed, the user has to take the following actions:

  • The user has to open the email sent by the attacker. Typically services like gmail will push some emails to spam folder if anything suspicious is detected.
  • The user has to open the email attachment sent by the attacker.
  • Once the email attachment is opened a macro script will be ran. If the user has antivirus software installed and the software successfully recognizes the security threat, the user is safe. However, if the user doesn’t have antivirus software installed, or if the malware bypasses the antivirus software, a malware will be installed on the user’s device.
  • The malware will attempt to access the victim’s wallet, web browser or clipboard in order to steal the victim’s crypto.

How to protect yourself?

The best way to protect yourself from these types of attacks is to get antivirus software and install it on all your devices. What makes these types of attacks particularly scary is the fact that you could lose your entire crypto.

For maximum protection:

  • Do not open emails sent from unknown sources.
  • Do not open email attachments from unknown sources.
  • Do not download or install pirate software. Do not download software or data from sketchy websites.
  • Make sure your computer has an up to date antivirus software installed.
  • Consider using a cold wallet to store your crypto.

Stay safe out there.

Written by Scam Buster

A cryptocurrency investor and a journalist by day, Scam Buster spends most of the daytime refreshing his portfolio and taking coffee breaks. By night, however, he sheds all pretense and takes to the shadowy URLs of the Internet, busting scammers wherever he goes.

leaked crypto wallet scam

Leaked Wallet Scam

crypto exchange listing scam

Crypto Exchange Listing Scam