3 Main Causes of Crypto Theft Revealed by Security Firm

Crypto Currency

Published on:

SlowMist, a leading blockchain security firm, has released the “2024 Q2 MistTrack Stolen Funds Analysis,” providing in-depth insight into cryptocurrency theft trends and tactics in the second quarter of 2024. Based on 467 reported fund theft incidents, the analysis highlights critical vulnerabilities in the ecosystem and offers detailed information on the methods used by cybercriminals.

Private Key Leaks: The Main Culprit

According to a report by SlowMist, the most common cause of cryptocurrency theft is the mishandling of private keys and mnemonics. The tendency for users to store these critical security credentials on easily accessible or unsecured platforms has led to significant losses. The report details how many users store their keys on cloud storage services such as Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs. It also mentions that some users are further compromising their security by sharing these keys via messaging platforms such as WeChat or even storing them on local tough drives with insufficient encryption measures.

The report clearly states, “Hackers often use ‘credential stuffing’ techniques to try to log into these cloud services using databases of leaked account credentials found online.” This puts users at significant risk because once they gain access to these storage points, hackers can easily steal cryptocurrency-related information and then empty the associated wallets.

In addition to indigent storage practices, the analysis highlights the dangers of fraudulent wallets. Users often download these apps from unofficial sources, lured by duplicitous ads or misleading search results. The SlowMist analysis includes an examination of third-party app markets where many fraudulent wallet apps are distributed. These apps are often complete replicas of legitimate software, tricking users into entering private keys that are directly transmitted to the attackers.

Phishing: The Evergreen Crypto Threat

Phishing remains a common method of cryptocurrency theft, taking advantage of the huge reach and engagement of social media platforms. The report discusses sophisticated phishing operations in which criminals exploit social media profiles that appear legitimate to distribute phishing links. These profiles often originate from compromised accounts or are intentionally created with purchased followers to mimic real social influencers or project accounts.

“About 80% of the first comments on tweets from prominent project accounts are phishing scam accounts,” SlowMist’s analysis reveals. This tactic demonstrates the strategic exploit of social media by attackers to maximize the reach and impact of their malicious activities. Phishing operations also extend to platforms like Discord and Telegram, where crypto communities actively exchange information, making them vulnerable targets for scams.

Honeypot Scams: Misleadingly Attractive Investments

The third significant threat identified is the honeypot scam. In this scheme, scammers create tokens that seem promising and offer high returns, but these tokens are programmed to be unsellable. This type of scam is especially common on decentralized exchanges such as PancakeSwap, which mainly deals with tokens on the Binance Astute Chain (BSC).

The report discusses the mechanisms of honeypot scams, explaining how they attract investors: “Once a token is purchased, its value increases steadily […] but when the victim tries to sell the token, it turns out that it is unsellable.” This scam takes advantage of investors’ desire for quick profits by locking them into positions from which they cannot exit or realize profits.

Recommendations for increasing security

To mitigate these risks, SlowMist emphasizes the importance of solid security practices. They recommend using tools like their MistTrack service to assess the risk status of addresses before engaging in transactions. To verify the legitimacy of a token, the report suggests using blockchain explorers like Etherscan or BscScan, which can provide insight through audit trails and user comments.

In addition, to combat phishing, SlowMist recommends implementing browser extensions such as Scam Sniffer, designed to detect and warn users about potential phishing sites. Education is also emphasized as a key defense, encouraging users to familiarize themselves with common cyber threats.

The findings of this report serve as a critical reminder of the continuing vulnerabilities in cryptocurrency security and underscore the need for continued vigilance and proactive security measures by all participants in the blockchain ecosystem.

At the time of going to press, the BTC price was $60,526.

BTC falls below $61,000, 1-day chart | Source: BTCUSD on TradingView.com

Featured image created with DALL E, chart from TradingView.com

Related

Leave a Reply

Please enter your comment!
Please enter your name here

theblockchainbeat.com
theblockchainbeat.comhttp://theblockchainbeat.com

© Copyright 2024. All Right Reserved By The Blockchain Beat