📣 SlowMist Identifies Key Reasons for Cryptocurrency Losses
posted 3 Jul 2024
Security company SlowMist has analyzed reports of stolen cryptocurrency assets for the second quarter of 2024, which were collected through the MistTrack platform. This analysis only considered hack reports submitted via the official form, identifying three primary attack methods: theft of private keys, the use of fake crypto wallets, and phishing.
SlowMist Analysis Statistics. Source: Official SlowMist Blog
SlowMist's analysis revealed that many users still store private keys in cloud services, send them through messengers, or directly copy them from text files. The company has urged users to abandon such practices as hackers often target these vulnerabilities to break into third-party centralized accounts, messengers, and intercept data from the clipboard on any device.
Fake crypto wallets distributed via advertising links on various thematic sites and even search engines ranked second in common hacking methods. For example, the specialists found a non-existent version of the imToken crypto wallet on APKCombo, a popular platform for downloading Android apps without registration.
Phishing came in third: approximately 80% of the first comments under posts of popular crypto projects on the X platform are generated by disguised bots spreading phishing links. There has also been an increase in Telegram channels and websites that sell X accounts, allowing selection based on the number of followers, audience reach, and topics.
SlowMist recommended that users improve their technical literacy and urged developers to implement more sophisticated systems for analysis and alerts. As an example, the company mentioned the browser extension Scam Sniffer, which blocks potentially dangerous links at early stages of loading and alerts users to threats.