Cybersecurity firm SlowMist’s investigative branch, MisTrack, has identified private key leaks as the main cause of crypto thefts in the second quarter of 2024. The report revealed that many users stored their private keys or mnemonic phrases in cloud storage services like Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs. Additionally, some individuals shared their private keys with trusted friends via platforms like WeChat, and even went as far as using WeChat’s image-to-text feature to copy mnemonic phrases into WPS spreadsheets, encrypt them, and store them on local hard drives.
Despite users’ attempts to enhance information security, these actions actually increased the risk of information theft. Malicious entities often utilized “credential stuffing” techniques to access accounts using leaked login information from online sources. Once successful, attackers could easily locate and extract crypto-related data, leading to theft incidents.
Fake wallets were also identified as a significant cause of private key leaks, emphasizing the importance of verifying the authenticity of crypto wallets before use. Furthermore, phishing schemes emerged as the second-highest cause of theft in the second quarter of 2024. Victims were tricked by fraudsters posing as customer support representatives or fell for deceptive phishing links on platforms like Discord, unknowingly disclosing their private key details.
SlowMist’s security team found that phishing scams often targeted unsuspecting users who clicked on malicious link comments under tweets from well-known projects. The team also discovered numerous phishing scam accounts in Telegram groups selling Twitter accounts associated with the crypto industry or influencers, highlighting the prevalence of such fraudulent activities.
Moreover, the quarter saw a rise in honeypot schemes, particularly on the Binance Smart Chain (BSC). Scammers created digital currencies that appeared promising to investors but were designed to be unsellable after purchase, leading to inflated trading figures due to artificial circulation among multiple accounts and exchanges. This deceptive tactic deceived investors and contributed to financial losses within the crypto community.
In light of these findings, it is crucial for crypto users to exercise caution when storing private keys, avoid sharing them with others, and remain vigilant against phishing attempts and fake wallets. By staying informed and adopting proactive security measures, individuals can better protect their crypto assets from theft and fraudulent activities in the evolving landscape of digital finance.