diff --git a/bip-0078.mediawiki b/bip-0078.mediawiki
index d1a14ff0..90aa94fc 100644
--- a/bip-0078.mediawiki
+++ b/bip-0078.mediawiki
@@ -351,7 +351,7 @@ For example, if the sender's scriptPubKey type is P2WPKH while the receiver's pa
 A receiver might run the payment server (generating the BIP21 invoice) on a different server than the payjoin server, which could be less trusted than the payment server.
 
 In such case, the payment server can signal to the sender, via the BIP21 parameter <code>pjos=0</code>, that they MUST disallow [[#output-substitution|payment output substitution]].
-A compromised payjoin server could still the hot wallet outputs of the receiver, but would not be able to re-route payment to himself.
+A compromised payjoin server could steal the hot wallet outputs of the receiver, but would not be able to re-route payment to himself.
 
 ===Impacted heuristics===