1. Address verification ritual Never paste and immediately send. After pasting, manually compare the full address — not just first/last 4 chars. Clipboard hijackers craft addresses that match your target's prefix and suffix. Verify the middle characters too.
2. Use wallet address books For addresses you pay regularly (yourself, exchanges, friends), save them inside your wallet's address book. You select from there, never from clipboard.
3. QR codes for everything possible As @unboiled mentioned — the QR code scanner in a good wallet bypasses clipboard entirely. If the other party can show a QR, use it.
4. Review accessibility permissions On Android, go to Settings → Accessibility → Installed Apps. Revoke accessibility access from anything that doesn't need it. Clipboard hijackers frequently abuse the accessibility API to silently swap content.
5. Auto-clear clipboard Fossify Keyboard (mentioned by @Tjacten) has a clipboard manager where you can set auto-clear after N seconds. Even 30 seconds helps close the window. Or manually clear by copying something harmless (a space) right after pasting your address.
6. Hardware wallet for send confirmation When sending on-chain, a hardware wallet forces you to confirm the full destination address on the device screen — an environment the phone OS can't touch. That's the strongest protection for large sends.
Clipboard hijacking is a layered threat, so layered defense wins.
A few layers of defense worth combining:
1. Address verification ritual
Never paste and immediately send. After pasting, manually compare the full address — not just first/last 4 chars. Clipboard hijackers craft addresses that match your target's prefix and suffix. Verify the middle characters too.
2. Use wallet address books
For addresses you pay regularly (yourself, exchanges, friends), save them inside your wallet's address book. You select from there, never from clipboard.
3. QR codes for everything possible
As @unboiled mentioned — the QR code scanner in a good wallet bypasses clipboard entirely. If the other party can show a QR, use it.
4. Review accessibility permissions
On Android, go to Settings → Accessibility → Installed Apps. Revoke accessibility access from anything that doesn't need it. Clipboard hijackers frequently abuse the accessibility API to silently swap content.
5. Auto-clear clipboard
Fossify Keyboard (mentioned by @Tjacten) has a clipboard manager where you can set auto-clear after N seconds. Even 30 seconds helps close the window. Or manually clear by copying something harmless (a space) right after pasting your address.
6. Hardware wallet for send confirmation
When sending on-chain, a hardware wallet forces you to confirm the full destination address on the device screen — an environment the phone OS can't touch. That's the strongest protection for large sends.
Clipboard hijacking is a layered threat, so layered defense wins.