SlowMist, a leading blockchain security company, has released its “MistTrack Q2 2024 Stolen Funds Analysis,” providing an in-depth look at the trends and tactics behind cryptocurrency thefts during Q2 2024. Drawing on 467 reported stolen funds incidents, the analysis identifies critical vulnerabilities within the ecosystem and provides detailed insights into the methods used by cybercriminals.
Private Key Leaks: The Main Culprit
According to the SlowMist report, the most common cause of cryptocurrency theft is the mismanagement of private keys and mnemonic phrases. The tendency for users to store these critical security credentials on easily accessible or insecure platforms has led to substantial losses. Specifically, the report details the number of users who store their keys on cloud storage services such as Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs. He also mentions that some users further compromise their security by sharing these keys via messaging platforms like WeChat or even storing them on local hard drives with insufficient encryption measures.
The report clearly states: “Hackers often use credential stuffing techniques to attempt to log into these cloud services using databases of account credentials leaked online.” This exposes users to significant risk because once hackers gain access to these storage points, they can easily exfiltrate crypto-related information and then empty the associated wallets.
In addition to poor storage practices, the analysis highlights the dangers of fake wallets. Users frequently download these apps from unofficial sources, lured by fraudulent ads or misleading search engine results. SlowMist’s analysis includes a review of third-party app marketplaces where many apps are available. fake wallet apps are distributed. These applications are often complete replicas of legitimate software, tricking users into entering private keys that are passed directly to the attackers.
Phishing: A Persistent Cryptographic Threat
Phishing remains a common method of cryptocurrency theft, leveraging the vast reach and engagement of social media platforms. The report details sophisticated phishing operations in which criminals use social media profiles that appear legitimate to distribute phishing links. These profiles often originate from compromised accounts or are specially created with purchased followers to mimic real community influencers or project accounts.
“About 80% of the top comments under tweets from major project accounts are occupied by phishing scam accounts,” SlowMist’s analysis reveals. This tactic demonstrates the strategic use of social media by attackers to maximize the reach and impact of their malicious activities. Phishing operations also extend to platforms like Discord and Telegramwhere crypto communities actively exchange information, making them ideal targets for fraud.
Honeypot scams: deceptively attractive investments
The third major threat identified is the honeypot scam. In this scheme, scammers create tokens that appear promising and offer high yields, but these tokens are programmed to be unsellable. This type of fraud is particularly prevalent on decentralized exchanges like PancakeSwap, involving tokens primarily on the Binance Smart Chain (BSC).
The report examines the mechanics of honeypot scams and explains how they lure investors: “After purchasing the token, its value continues to increase (…) but when the victim tries to sell it, they discover that it is unsellable.” This scam exploits the investor’s desire to make quick profits, locking them into positions from which they can neither exit nor make any gains.
Recommendations for improving security
To mitigate these risks, SlowMist stresses the importance of robust security practices. They recommend using tools like their MistTrack service to assess the risk status of addresses before engaging in transactions. To verify the legitimacy of tokens, the report suggests using blockchain explorers like Etherscan or BscScan, which can provide information through audit trails and user comments.
Additionally, to combat phishing, SlowMist recommends implementing browser extensions like Scam Sniffer, which are designed to detect and alert users about potential phishing sites. Education is also highlighted as a crucial defense, encouraging users to familiarize themselves with common cyber threats.
The findings of this report serve as a critical reminder of the current vulnerabilities within the cryptocurrency landscape and underscore the need for continued vigilance and proactive security measures by all participants in the blockchain ecosystem.
At press time, BTC was trading at $60,526.
Featured image created with DALL·E, chart by TradingView.com
