Applications, whether websites or apps, have the right to get your clipboard, that is, when you copy a paragraph, they can steal your copied content like a ghost without your knowledge.
Because the interface for obtaining the copy clipboard is a standard general interface, we also enjoy the convenience of this interface in our daily life and work. For example, when I copy my newly published article on the network, it will be automatically recognized immediately. After I click the pop-up window, I can automatically paste the article link in, which is very convenient.
But if it is used to do evil, let's imagine an operation path. Suppose that when you enter the private key in a website, whether formal or not, you directly copy and paste it and fill it in. At this time, the private key will be left in your clipboard.
Then you open a malicious application and log in with the public key. The application will continue to read your clipboard because it has obtained your public key, and then take a chance to use the library collision attack and constantly try to log in the contents of the clipboard. There will be a probability that the contents of the clipboard are your private key, thus stealing your assets without your knowing it.
So how can we prevent this?
First of all, try not to store your private key where you contact the network, and do not fill in the private key in the form of copy and paste.
Secondly, suppose you really forget my advice and copy your private key. At this time, stop all other operations on your computer and mobile phone, copy large sections of other contents immediately, and flush out the private key you copied before.
Web3 dark forest series I have sent many articles. Deception is not high or advanced. As long as it works, you can cheat your money. Phishing websites, Trojan viruses, clipboard hijacking and so on. As long as the user level is large enough, there will be a probability that someone will be recruited. Be vigilant. The next person may be you.