Crypto News Report:
SlowMist’s investigative arm, MisTrack, has identified the leakage of private keys as the primary cause of cryptocurrency theft in the second quarter of 2024.
The report highlights numerous instances where users stored their private keys or mnemonic phrases in cloud storage services such as Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs.
Private Key Leakage:
Some users were also found to have shared their private keys or mnemonic phrases with trusted friends via tools like WeChat. In some cases, users even used WeChat’s image-to-text function to copy mnemonic phrases into WPS spreadsheets, encrypting them, and enabling cloud services while also storing them on local hard drives.
While these measures may appear to enhance information security, they ultimately significantly increase the risk of information theft. SlowMist has found malicious entities frequently employing “credential stuffing” techniques, attempting to access accounts using leaked login information obtained from online sources. Once successful, attackers can easily locate and extract data related to cryptocurrencies.
Fake wallets are another major cause of private key leakage.
Secondly, phishing schemes have become the second leading cause of theft. In certain scenarios, victims are deceived by impostors posing as customer support representatives who convince them to disclose their seed phrases. In other cases, users fall victim to deceptive phishing links on platforms like Discord, inadvertently entering their private key details.
SlowMist also observed that phishing led to numerous theft incidents in the second quarter of this year, particularly through deceitful links posted in comments under tweets from reputable projects.
The company’s security team previously discovered that nearly 80% of initial comments under tweets from prominent project accounts were plagued by phishing scam accounts. They also uncovered Telegram groups selling Twitter accounts, many related to the cryptocurrency industry, or influencers with varying numbers of followers and historical impacts.
BSC Encounters Honey Pot Schemes:
The second quarter also witnessed significant honey pot schemes where cryptocurrencies seemed promising to investors but were designed to be untradeable after purchase.
SlowMist’s analysis reveals that the majority of honey pot incidents reported this quarter occurred on the Binance Smart Chain (BSC). Scammers circulated these tokens among numerous accounts and exchanges, essentially creating an illusion of widespread participation, leading to inflated trading volumes.
