As a researcher with extensive experience in the field of cybersecurity, particularly within the context of cryptocurrency, I find SlowMist’s latest report on crypto thefts during Q2 2024 both enlightening and concerning. The findings that private key leaks were the leading cause of such incidents is not entirely surprising, given the human tendency to underestimate the risks associated with storing sensitive information online or sharing it with others, even if seemingly trusted.
In Q2 of 2024, according to the investigation team MisTrack at SlowMist, private keys being compromised emerged as the primary reason for cryptocurrency thefts.
As a researcher studying digital asset security practices, I came across numerous cases where individuals saved their precious private keys or mnemonic phrases on cloud storage platforms such as Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs.
Private Key Leaks
Some users have been discovered to transmit their private keys or recovery phrases to trusted individuals using tools like WeChat. They even employ WeChat’s image-to-text function to transfer mnemonic phrases into WPS spreadsheets, encrypt them, and utilize cloud services while keeping backups on local hard drives.
Although these actions may seem beneficial for enhancing data security, they unwittingly escalate the likelihood of data breaches. According to SlowMist’s findings, malicious actors frequently employ “credential stuffing” tactics. This technique involves attempting to log into accounts using stolen login credentials obtained from various online sources. Once they gain access, attackers can easily locate and extract cryptocurrency-related information.
Fake wallets represent another major cause of private key leaks.
Following that, phishing scams became the second most common reason for money being stolen. In some instances, people are tricked by deceitful fraudsters posing as customer service agents who coax them into revealing their recovery phrases. On other occasions, individuals unwittingly provide their private key information after clicking on misleading phishing links on platforms like Discord.
In the second quarter of the year, SlowMist noted an uptick in theft cases caused by phishing attacks. These attacks predominantly targeted unsuspecting users who clicked on malevolent links hidden among comment threads under tweets from reputable projects.
As a crypto investor, I’ve come to realize that I can’t take the comments section under tweets from prominent projects at face value. Based on my own research, I’ve discovered that around 80% of these initial comments are potentially harmful: they originate from phishing scam accounts. Furthermore, I’ve uncovered hidden Telegram groups where these same malicious accounts are being sold. Many of the targeted Twitter profiles belong to individuals within the crypto industry or influencers with varying follower counts and histories. It is crucial for us as investors to remain vigilant and avoid engaging with suspicious activity in these comment sections.
BSC Plagued With Honey Pot Schemes
In Q2, there were notable instances of honeypot scams involving digital currencies. These currencies seemed attractive to investors, only to become unsalable after being purchased.
According to SlowMist’s examination, a large number of honeypot scams reported during the quarter took place on the Binance Smart Chain (BSC). Crooks artificially created the impression of extensive involvement by disseminating these tokens across multiple accounts and exchanges, leading to inflated trading volumes.
Read More
- Hades Tier List: Fans Weigh In on the Best Characters and Their Unconventional Love Lives
- Smash or Pass: Analyzing the Hades Character Tier List Fun
- Why Final Fantasy Fans Crave the Return of Overworlds: A Dive into Nostalgia
- Sim Racing Setup Showcase: Community Reactions and Insights
- Understanding Movement Speed in Valorant: Knife vs. Abilities
- Why Destiny 2 Players Find the Pale Heart Lost Sectors Unenjoyable: A Deep Dive
- W PREDICTION. W cryptocurrency
- PENDLE PREDICTION. PENDLE cryptocurrency
- How to Handle Smurfs in Valorant: A Guide from the Community
- Dead by Daylight: All Taurie Cain Perks
2024-07-06 21:20