Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Bleeping Computer
by Lawrence AbramsFebruary 15, 2026
Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets.
Verticals
securitytech
Originally published on Bleeping Computer on 2/15/2026