Cybersecurity company SlowMist studied victim requests for help received by its investigative unit MistTrack in the second quarter of 2024 to analyze common or rare hacking techniques. After counting 467 stolen forms it received, it found that private key leaks, phishing, and scams were the three most common reasons for cryptocurrency theft last quarter.

Private key leak

According to a report released by SlowMist on Tuesday (2nd), the main reasons for the leakage of victims’ private keys include storing private keys/mnemonic phrases in various cloud storage services such as Google Docs. The report also warned that sending sensitive information such as mnemonic phrases through messaging apps such as WeChat also poses risks, even though these platforms employ security measures such as end-to-end encryption. The Slow Mist team wrote:

"These behaviors that appear to improve information security actually greatly increase the risk of information theft. Hackers often use the "Credential Stuffing" technique to try to use leaked account credential databases found on the Internet. to log in to these cloud storage services. If successful, they could easily find and steal cryptocurrency-related information. "

SlowMist also pointed out that attackers will also use other fraud techniques to trick wallet users into mnemonic phrases, such as posing as customer service personnel and sending phishing links through platforms such as Discord. SlowMist reminds that under no circumstances should the private key or mnemonic phrase be disclosed to anyone.

Fake Wallet App

Additionally, downloading of fake wallets pretending to be popular cryptocurrency wallet apps, mostly found on third-party app stores, has also been pointed out as one of the main reasons for private key leaks. SlowMist said that the team once discovered that a certain version of the imToken wallet provided on the third-party application store APKCombo was a non-existent version, "and it is currently the version with the most fake imToken wallets on the market." Additionally, there was even a rare case where a user downloaded a fake Twitter app and had their private key or mnemonic phrase stolen.

Scenarios where users were stolen by downloading fake cryptocurrency wallets (Source: SlowMist)

According to "crypto.news", this type of fake apps does not only appear in third-party app stores. Last week, a fake Phantom wallet bypassed the security measures of the Apple App Store and blocked any private wallets. Steal crypto assets from anyone whose keys were imported into the app. The fake app has reportedly been removed from the app store.

Phishing

Slow Mist pointed out that other reasons why cryptocurrency users are stolen include phishing links and scams on social media platforms. The main reason for encountering phishing attacks is to click on comments on phishing links posted by fraud groups under well-known cryptocurrency project accounts. If the user continues Authorization and signature may result in asset loss.

The report pointed out that the profiles or tweets of these fake accounts are often similar to those of real official accounts, and the fraud groups will even use promotional tools to increase the number of interactions and followers of the fake accounts to increase the credibility of the accounts. SlowMist recommends that users adopt strategies such as personal security awareness defense and technical defense to prevent it, including using various software and hardware tools to ensure asset and information security, such as the phishing risk blocking plug-in Scam Sniffer.

Related articles: "Spend a small amount of money to catch a big fish, Slow Mist reveals the secret of the 1155 WBTC fishing incident"

Pixiu plate scam

In terms of fraud, Slow Mist pointed out that the most common method is "Pixiu Pan", among which most of the Pixiu coins mentioned in its second quarter form occurred on the BNB Smart Chain (BSC). Fraud syndicates usually trick victims into buying Pixiu coins that can only be bought but not sold, and create the illusion of rapid appreciation through pull offers to induce victims to increase investment. Slow Mist also pointed out that many market participants were chasing this wave of "Tutu Fever" while the meme trend was prevalent, "but they accidentally stepped into the trap of Pixiu Pan, and they could no longer sell it after buying it."

The SlowMist team recommends that users check and confirm the tokens before making transactions, including using security detection tools like MistTrack or GoPlus to check the risk status of token-related addresses and checking smart contract code on a block explorer. Whether it has been audited and verified, read relevant comments, check the background of the project party, and improve self-prevention awareness.

Source: SlowMist, crypto.news

Source