CASE 26-011
Partial recovery- Type
- Cold-wallet drain via clipboard malware
- Jurisdictions
- Hong Kong SAR, United States
- Claimed loss
- $100K – $250K
- Duration
- 4 months
Legal strategy: On-chain tracing; exchange freezing at Coinbase; IC3 referral
Outcome: 54% recovered after the attacker attempted to cash out via Coinbase; the remaining ~46% had already been off-ramped via a peer-to-peer market. Closing report preserved the IC3 referral for future action.
Takeaway
Clipboard-hijacking malware remains a quiet but persistent theft vector, even for users who believe their setup is 'cold'. Speed from detection to exchange freezing is decisive; days-long delays collapse recovery probability.