With more companies using blockchain tech and crypto, there has been a corresponding increase in security incidents such as theft, phishing, and fraud.

SlowMist, a leading blockchain security firm, released its second quarter MistTrack Stolen Funds Analysis report, which examines cryptocurrency thefts in the second quarter of 2024.

In Q2, SlowMist’s MistTrack Team received 467 stolen fund reports, freezing approximately $20.66 million in funds across 13 platforms.

Based on these reports, the firm revealed three key weaknesses in the industry that led to crypto theft and explained the methods that users can utilize to protect their funds.

Private key leaks

Users often store private keys in cloud services like Google Docs and Baidu Cloud or share them via messaging platforms like WeChat, making them vulnerable to credential-stuffing attacks and phishing scams. 

Fake wallets also posed a threat in the quarter. Despite being an old issue, users continue downloading fake wallet apps from third-party sites, compromising their security.

Phishing

Phishing also remains a prevalent threat, particularly through malicious links in comments under tweets from well-known projects. 

Per SlowMist, phishing groups make similar-looking Twitter accounts and use promotion tools to increase their credibility, tricking users into clicking on phishing links and compromising their assets.

The report warned to be cautious and always double-check before clicking on any links, especially in comments under tweets from popular projects.

Fraud

Honeypot schemes are the most common fraud type in Q2. Scammers lure victims with promises of high returns on new tokens. Once purchased, these tokens cannot be sold, trapping the victim’s funds. Most honeypot incidents occur on the Binance Smart Chain (BSC), exploiting the hype around meme coins and “shitcoins.”

To protect against these dangers, the report recommended that people involved in crypto utilize resources such as Scam Sniffer to prevent phishing attempts and increase their awareness. Users should also confirm addresses using tools like MistTrack or GoPlus’s Token Security Detection, review contract audits on platforms like Etherscan or BscScan, and conduct thorough research into project backgrounds.