Top 3 Causes Of Crypto Theft Revealed By Security Firm

SlowMist, a number one blockchain security firm, has released its “2024 Q2 MistTrack Stolen Funds Evaluation,” providing an in-depth have a look at the trends and tactics behind cryptocurrency thefts through the second quarter of 2024. Drawing from 467 reported incidents of stolen funds, the evaluation pinpoints critical vulnerabilities inside the ecosystem and offers detailed insights into the methods utilized by cybercriminals.

Private Key Leaks: The Primary Perpetrator

In accordance with the SlowMist report, probably the most common explanation for crypto theft is the mishandling of personal keys and mnemonic phrases. Users’ tendencies to store these critical security credentials in easily accessible or insecure platforms have led to substantial losses. Specifically, the report details what number of users store their keys on cloud storage services like Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs. It also mentions that some users compromise their security further by sharing these keys via messaging platforms like WeChat and even storing them on local hard drives with insufficient encryption measures.

The report clearly states: “Hackers often use ‘credential stuffing’ techniques, attempting to log into these cloud services with databases of leaked account credentials found online.” This exposes users to significant risks as once hackers access these storage points, they will easily exfiltrate crypto-related information and subsequently drain the associated wallets.

Along with poor storage practices, the evaluation underscores the risks of pretend wallets. Users often download these applications from non-official sources, lured by fraudulent advertisements or misleading search engine results. SlowMist’s evaluation includes an examination of third-party app markets where quite a few fake wallet apps are distributed. These apps are sometimes complete replicas of legitimate software, tricking users into entering private keys which might be directly transmitted to attackers.

Phishing: An Evergreen Crypto Threat

Phishing stays a prevalent approach to crypto theft, leveraging the vast reach and engagement of social media platforms. The report elaborates on sophisticated phishing operations where criminals use social media profiles that appear legitimate to distribute phishing links. These profiles often originate from compromised accounts or are purpose-built with purchased followers to mimic real community influencers or project accounts.

“Roughly 80% of the primary comments under tweets from distinguished project accounts are occupied by phishing scam accounts,” reveals the SlowMist evaluation. This tactic demonstrates the strategic use of social media by attackers to maximise the reach and impact of their malicious activities. Phishing operations also extend to platforms like Discord and Telegram, where crypto communities actively exchange information, making them ripe targets for fraud.

Honeypot Scams: Deceptively Attractive Investments

The third significant threat identified is the honeypot scam. On this scheme, scammers create tokens that appear promising and offer high returns, but these tokens are programmed to be unsellable. One of these fraud is especially rampant on decentralized exchanges like PancakeSwap, involving tokens totally on the Binance Smart Chain (BSC).

The report discusses the mechanics of honeypot scams, explaining how they attract investors: “After purchasing the token, its value keeps rising […] but when the victim tries to sell the token, they find it can’t be sold.” This scam exploits the investor’s desire for quick profits, locking them into positions where they will neither exit nor realize gains.

Recommendations for Enhancing Security

To mitigate these risks, SlowMist emphasizes the importance of sturdy security practices. They recommend using tools like their MistTrack service to evaluate the danger status of addresses before engaging in transactions. For verification of token legitimacy, the report suggests using blockchain explorers like Etherscan or BscScan, which might provide insights through audit trails and user comments.

Further, to combat phishing, SlowMist advises the implementation of browser extensions like Scam Sniffer, designed to detect and alert users about potential phishing sites. Education can be highlighted as an important defense, urging users to familiarize themselves with common cyber threats.

The findings of this report function a critical reminder of the continuing vulnerabilities inside the cryptocurrency landscape and underline the need for continuous vigilance and proactive security measures by all participants within the blockchain ecosystem.

At press time, BTC traded at $60,526.

BTC falls below $61,000, 1-day chart | Source: BTCUSD on TradingView.com

Featured image created with DALL·E, chart from TradingView.com

Leave a Comment

Copyright © 2024. All Rights Reserved. Finapress | Flytonic Theme by Flytonic.