SlowMist Reports 467 Cryptocurrency Theft Cases in a Quarter

In the second quarter, SlowMist’s MistTrack service received 467 reports of digital asset thefts. Funds belonging to 18 victims, amounting to $22.66 million, were successfully frozen.

? As blockchain tech evolves, security incidents like theft, phishing, and fraud are becoming more frequent. In Q2 2024, the @MistTrack_io Team received 467 stolen fund reports.

This thread highlights key findings to help you safeguard your assets.?https://t.co/aUwdL1Pxiu pic.twitter.com/CIgVrbpU3V

— SlowMist (@SlowMist_Team) July 2, 2024

Of the total requests to the Chinese firm’s specialists, 321 came from users in China, and 146 from abroad. SlowMist analyzed these incidents, excluding reports received through other channels.

Among the most common methods of theft, experts identified private key leaks, phishing, and fraud.

SlowMist noted that users often store keys and mnemonic phrases in cloud services like Google Docs or send them to friends via messengers for backup. However, such actions increase the risk of information interception by malicious actors.

There were also cases of scams where victims were deceived by individuals posing as support staff, who then requested data sharing.

“Fake wallets are another serious cause of private key leaks,” experts emphasized.

This is a long-known attack vector, but it remains relevant, they acknowledged. Some users prefer downloading applications from dubious sources due to network restrictions for Google Play or other reasons.

The company’s specialists examined the implementation of functions in fake wallets at the backend level, including user, asset, and deposit management.

“The advanced nature and professional level of these phishing activities far exceeded our expectations,” they concluded. 

Phishing and Fraud Also Evolve

Regarding phishing, analysis showed that approximately 80% of comments under posts of popular crypto projects on X are published by scammers. 

Experts found numerous groups in Telegram selling various X accounts with followers, posts, and different registration times. This allows malicious actors to tailor offerings to their needs. 

Pages available to scammers often completely mimic the design of the originals. For example, specialists found an account named Optimlzm, which looked almost identical to the real Optimism.

Using these features, as well as promotional tools (such as pinning their messages at the top of comment threads), fraudsters successfully deceive their victims, who end up clicking on phishing links.

Among the various types of fraud in the second quarter, the honeypot scheme proved most popular. In cybersecurity, this is a virtual trap for luring attackers, allowing the study of their methods and practices. In the crypto industry, it refers to a method of attracting investors to worthless and illiquid assets that cannot later be sold.

Experts described a typical scam scheme:

1. The scammer creates a smart contract and lures victims with promises of high returns, aggressively urging them to buy.
2. After purchasing the asset, the user sees the price rising and hesitates to sell. When they decide to do so, they find they cannot liquidate the tokens.
3. The scammer withdraws the funds of the victims they managed to involve.

SlowMist emphasized that honeypots are often not immediately recognizable even to experienced investors.

Back in June, the company’s Chief Information Security Officer, known as 23pds, compiled a ranking of reasons why users lose digital assets.