Slumist’s Q3 2024 report on cryptocurrency theft reveals a decline in overall theft incidents. However, the report highlights a rise in sophisticated phishing attempts, which often involve advanced social engineering tactics.
One worrying trend is that sponsored search results can lead to fraudulent links. However, the most common thefts are simpler, resulting from key leaks.
Cryptocurrency Heists Are Getting Smarter, Slumist Reveals
Slumist, a leading blockchain security firm, has released its Q3 2024 report on thefts in the cryptocurrency industry. Overall, the situation looks better: compared to the Q2 report this year, the number of reported thefts dropped from 467 to 313. Additionally, Slumist was able to help victims freeze $34.3 million in stolen funds, significantly reducing the damage.
This report mirrors similar data from Immunefi’s Q3, which confirms a downward trend in outright thefts across the industry. Indeed, compared to the previous report, the company claimed that the main reasons for theft were identical. However, Sloamist identified a worrying new trend: increased sophistication in phishing efforts.
Most commonly, the report alleged, scammers posed as venture capitalists (VCs) or journalists, luring victims into downloading malicious video conferencing apps. The phishing sites, fake projects, and X accounts appeared to be highly coordinated, making the scam appear to be a legitimate project.
The report highlights several tactics used by scammers to appear as legitimate startups or projects. Sloamist highlighted the creation of elaborate GitHub repositories for completely fake projects and the use of Telegram channels with over 50,000 fake members. In essence, social engineering plays a crucial role in these new forms of theft.
Most worrying, however, is Slumist's claim that an increasing number of phishing sites are being listed as sponsored results on Google and other major search engines, increasing the threat to users.
For example, when users searched for Rabbi Wallet on Google, the first two results were phishing ads. In some cases, these ads deceptively displayed the official Rabbi Wallet website address, but after multiple proxy changes, they redirected users to the phishing domain,” Slumist reported.
In light of these phishing attempts, Sloamist is clear: Don’t trust any search engine ad results. Scammers are waiting in a number of high-traffic places, impersonating legitimate guarantors of various token projects.
However, despite all these scary new projects, the company has once again emphasized that the most common type of crypto theft is private key leaks. Anyone who stores their private keys on their personal device or in the cloud is asking for trouble, but paper wallets and hardware wallets are an easy fix for these tactics.
Ultimately, it’s important to remember that the space is getting safer. Multiple reports agree that crypto thefts are on the decline, and Sloamist emphasizes that these social engineering projects are in the minority. With a cautious approach and secure private keys, the average crypto user shouldn’t have much to fear.