{"id":14094,"date":"2024-06-05T15:01:19","date_gmt":"2024-06-05T12:01:19","guid":{"rendered":"https:\/\/forklog.com\/en\/slowmist-identifies-key-causes-of-cryptocurrency-losses\/"},"modified":"2024-06-05T15:01:19","modified_gmt":"2024-06-05T12:01:19","slug":"slowmist-identifies-key-causes-of-cryptocurrency-losses","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/slowmist-identifies-key-causes-of-cryptocurrency-losses\/","title":{"rendered":"SlowMist Identifies Key Causes of Cryptocurrency Losses"},"content":{"rendered":"<p>Experts at SlowMist have outlined the primary reasons why both individual and institutional investors lose their digital assets.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"zh\" dir=\"ltr\">?\u4e2a\u4eba\/\u673a\u6784\u8d44\u4ea7\u4e22\u5931\u539f\u56e0\u5360\u6bd4\u6392\u884c\u699c\uff1a<br \/>1.\u52a9\u8bb0\u8bcd\u3001\u79c1\u94a5\u6cc4\u6f0f\uff0c\u536032%<br \/>2.\u94b1\u5305\u4f7f\u7528\u4e0d\u5f53\uff0c\u7b7e\u540d\u9493\u9c7c\uff0c\u536018%<br \/>3.\u4e0b\u8f7d\u5047\u94b1\u5305\u3001\u865a\u5047\u4ea4\u6613\u8f6f\u4ef6\uff0c\u536016%<br \/>4.\u9996\u5c3e\u53f7\u3001\u6728\u9a6c\u8f6f\u4ef6\u9493\u9c7c\uff0c\u536013%<br \/>5.\u4e13\u4e1a\u9ed1\u5ba2\u56e2\u4f19\u653b\u51fb\uff0c\u53606%<br \/>6.\u865a\u5047\u804a\u5929\u8f6f\u4ef6\uff0c\u4e2d\u95f4\u7be1\u6539\uff0c\u53608%<br \/>7.\u5b58\u653e\u4ea4\u6613\u5e73\u53f0\u88ab\u5b9a\u70b9\u653b\u51fb\u3001\u9493\u9c7c\uff0c\u53604%\u2026 <a href=\"https:\/\/t.co\/rjmhmD4Xa8\">pic.twitter.com\/rjmhmD4Xa8<\/a><\/p>\n<p>\u2014 23pds (@im23pds) <a href=\"https:\/\/twitter.com\/im23pds\/status\/1798149548034183527?ref_src=twsrc%5Etfw\">June 5, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Nearly a third\u201432%\u2014of losses are due to mnemonic phrase and private key leaks. Other causes include:<\/p>\n<ul class=\"wp-block-list\">\n<li>phishing through transaction signing (18%);<\/li>\n<li>downloading fake wallets and trading apps (16%);<\/li>\n<li>address spoofing and Trojan phishing (13%);<\/li>\n<li>phishing in messengers, including fake chat apps (8%);<\/li>\n<li>attacks by professional hacker groups (6%);<\/li>\n<li>attacks on trading platforms (4%);<\/li>\n<li>transaction errors, Ponzi schemes, loopholes in smart contracts, etc. (3%).<\/li>\n<\/ul>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThink self-custody is safer? That&#8217;s laughable\u201499% of people can&#8217;t take good care of their assets, so don&#8217;t expect to be in that 1%,\u201d wrote <span data-descr=\"Chief Information Security Officer\" class=\"old_tooltip\">CISO<\/span> SlowMist under the pseudonym 23pds.\u00a0<\/p>\n<\/blockquote>\n<p>The expert also offered some advice. For large sums, he recommended using a hardware wallet and secure storage of mnemonics and keys, though he admitted this is a \u201cproblem of the century.\u201d<\/p>\n<p>For smaller amounts, conventional methods like mobile apps are acceptable, but security should be a priority, noted 23pds.<\/p>\n<p>He also urged against blindly following all external advice and giving advice without being a professional.<\/p>\n<h2 class=\"wp-block-heading\">Expert Supports Binance in $1 Million Loss Incident<\/h2>\n<p>The thread by 23pds followed his detailed analysis of a recent incident involving the theft of $1 million in cryptocurrency from a trader on Binance.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">? On June 3, 2024, <a href=\"https:\/\/twitter.com\/CryptoNakamao?ref_src=twsrc%5Etfw\">@CryptoNakamao<\/a> revealed how they lost over $1M due to downloading a malicious Chrome extension. This has sparked major concerns in the crypto community about extension risks and asset security.<\/p>\n<p>Our CISO, <a href=\"https:\/\/twitter.com\/im23pds?ref_src=twsrc%5Etfw\">@im23pds<\/a> is here to provide additional information\u2026 <a href=\"https:\/\/t.co\/AEOOvVTv1p\">https:\/\/t.co\/AEOOvVTv1p<\/a><\/p>\n<p>\u2014 SlowMist (@SlowMist_Team) <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/1798098138315546962?ref_src=twsrc%5Etfw\">June 4, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The loss was caused by a malicious Chrome extension offering trading data aggregation services. The user blamed the exchange, claiming its risk assessment and security systems failed.<\/p>\n<p>Binance co-founder Yi He denied the platform&#8217;s responsibility for the incident. She noted that the hacker manipulated the trader&#8217;s device through the plugin, and the exchange team could not influence the situation.<\/p>\n<p>23pds effectively sided with Binance. The expert emphasized that the trader independently installed the extension, which by default had access to all cookies, URLs, and storage. The collected information was automatically sent to the attackers&#8217; server.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/Kak-vredonosnoe-rasshirenie-ukralo-million-dollarov-ot-SlowMist-iyun-2024-g.-Seredina-Google-Chrome.webp\" alt=\"Kak-vredonosnoe-rasshirenie-ukralo-million-dollarov-ot-SlowMist-iyun-2024-g.-Seredina-Google-Chrome\" class=\"wp-image-234185\"\/><figcaption class=\"wp-element-caption\">Fragment of plugin code with permissions. Data: SlowMist.<\/figcaption><\/figure>\n<p>Once they obtained the necessary data, they intercepted the session opened by the user on the exchange&#8217;s website. This did not require interaction with the platform, entering login\/password, or passing two-factor authentication (2FA).<\/p>\n<p>In his view, exchanges can take several measures to reduce the risks of such incidents, such as:<\/p>\n<ul class=\"wp-block-list\">\n<li>mandatory 2FA for all transactions;\u00a0<\/li>\n<li>using multiple types of authentication (SMS, email, hardware tokens, etc.);<\/li>\n<li>disabling inactive sessions;<\/li>\n<li>monitoring IP addresses and geolocation to warn of unusual activity;<\/li>\n<li>immediate client notification of logins from other devices with the option to block the session;<\/li>\n<li>strengthening security tools, risk control, using machine learning, and more.<\/li>\n<\/ul>\n<p>However, he noted that implementing all proposed measures might not be \u201cthe best approach\u201d due to resource constraints.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThere must be a balance between security and business needs. If measures are too strict, customer interaction may suffer. For example, 2FA for every transaction could be inconvenient for many,\u201d the expert believes.<\/p>\n<\/blockquote>\n<p>23pds strongly advised users to install software only from verified sources and always close sessions on trading platforms.<\/p>\n<p>As reported in April, crypto projects lost approximately <a href=\"https:\/\/forklog.com\/en\/news\/certik-reports-record-low-cryptocurrency-losses-in-april\">$25.7 million<\/a> due to hacks and frauds. This was the lowest monthly amount since 2021, according to CertiK.<\/p>\n<p>In May, a single successful attack on the Japanese exchange DMM Bitcoin <a href=\"https:\/\/forklog.com\/en\/news\/dmm-bitcoin-exchange-hacked-for-305-million\">netted hackers 4502.9 BTC<\/a> or ~$305 million.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Experts at SlowMist have outlined the primary reasons why both individual and institutional investors lose their digital assets. ?\u4e2a\u4eba\/\u673a\u6784\u8d44\u4ea7\u4e22\u5931\u539f\u56e0\u5360\u6bd4\u6392\u884c\u699c\uff1a1.\u52a9\u8bb0\u8bcd\u3001\u79c1\u94a5\u6cc4\u6f0f\uff0c\u536032%2.\u94b1\u5305\u4f7f\u7528\u4e0d\u5f53\uff0c\u7b7e\u540d\u9493\u9c7c\uff0c\u536018%3.\u4e0b\u8f7d\u5047\u94b1\u5305\u3001\u865a\u5047\u4ea4\u6613\u8f6f\u4ef6\uff0c\u536016%4.\u9996\u5c3e\u53f7\u3001\u6728\u9a6c\u8f6f\u4ef6\u9493\u9c7c\uff0c\u536013%5.\u4e13\u4e1a\u9ed1\u5ba2\u56e2\u4f19\u653b\u51fb\uff0c\u53606%6.\u865a\u5047\u804a\u5929\u8f6f\u4ef6\uff0c\u4e2d\u95f4\u7be1\u6539\uff0c\u53608%7.\u5b58\u653e\u4ea4\u6613\u5e73\u53f0\u88ab\u5b9a\u70b9\u653b\u51fb\u3001\u9493\u9c7c\uff0c\u53604%\u2026 pic.twitter.com\/rjmhmD4Xa8 \u2014 23pds (@im23pds) June 5, 2024 Nearly a third\u201432%\u2014of losses are due to mnemonic phrase and private key leaks. Other causes include: phishing through transaction signing (18%); downloading fake wallets and trading apps (16%); address [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14093,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1111,1150,1157],"class_list":["post-14094","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity","tag-news-plus","tag-storage"],"aioseo_notices":[],"amp_enabled":true,"views":"15","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/14094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=14094"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/14094\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/14093"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=14094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=14094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=14094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}