An in-depth report by MisTrack, the investigative branch of cybersecurity firm SlowMist, reveals the primary causes of cryptocurrency theft in Q2 2024, highlighting the importance of security measures to protect digital assets.
Points
- Private key leaks identified as the primary cause of cryptocurrency theft.
- Phishing schemes are the second major cause of crypto theft.
- Rise in honeypot schemes, particularly on the Binance Smart Chain (BSC).
- Urgent need for increased vigilance and stronger security measures in the cryptocurrency realm.
In the second quarter of 2024, private key leaks emerged as the leading cause of cryptocurrency theft, according to a detailed report by MisTrack, the investigative branch of cybersecurity firm SlowMist. The report underscores various incidents where users stored their private keys or mnemonic phrases on cloud storage services such as Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs. This common but risky practice has made users highly vulnerable to theft.
Moreover, some users have shared their private keys or mnemonic phrases with trusted friends using tools like WeChat. Others have employed WeChat’s image-to-text feature to copy mnemonic phrases into WPS spreadsheets, encrypting them, and then enabling cloud services while also storing them on local hard drives. While these actions might seem to enhance security, they often increase the risk of information theft.
SlowMist discovered that malicious actors frequently use “credential stuffing” techniques, where they attempt to access accounts using leaked login details found online. Once successful, these attackers can easily locate and extract cryptocurrency-related data.
Phishing Schemes: The Second Major Cause
Phishing schemes were identified as the second most common cause of crypto theft. In several instances, victims were deceived by fraudsters posing as customer support representatives, tricking them into revealing their seed phrases. In other cases, users were misled by deceptive phishing links on platforms like Discord, inadvertently entering their private key details.
The report also highlighted that many theft incidents occurred when unsuspecting users clicked on malicious link comments under tweets from well-known projects. SlowMist’s security team found that nearly 80% of the first comments under tweets from prominent project accounts were from phishing scam accounts. They also uncovered Telegram groups selling Twitter accounts, many linked to the crypto industry or influencers with varied follower counts and histories.
It is worth noting that the second quarter also saw a rise in honeypot schemes, particularly on the Binance Smart Chain (BSC). These schemes involve digital currencies that appear promising to investors but are designed to be impossible to sell after purchase. Scammers create the illusion of widespread participation by circulating these tokens among numerous accounts and exchanges, leading to inflated trading figures.
The MisTrack report underscores the urgent necessity for increased vigilance and stronger security measures in the cryptocurrency realm. Given the persistent threats from private key leaks and phishing schemes, it is crucial for all users to remain constantly aware and cautious. No one is immune to these risks, and adopting robust security practices is essential to safeguarding digital assets.
Always stay informed and prepared, as anyone can become a target in the fast-growing landscape of cryptocurrency theft.
解説
- Private Key Leaks: Storing private keys on easily accessible cloud platforms exposes users to high risks of theft. Encrypting and sharing keys through messaging apps also increases vulnerability.
- Phishing Schemes: Scammers often pose as customer support or use deceptive links to trick users into revealing sensitive information. Users should be cautious and verify the authenticity of links and representatives.
- Honeypot Schemes: Digital currencies that seem promising but are designed to be unsellable trap investors. Awareness of such schemes can help in avoiding potential losses.
- Vigilance and Security: Constant vigilance and strong security practices are crucial to protect digital assets. Users must adopt robust security measures to safeguard their cryptocurrencies.