MistTrack, the investigative arm of cybersecurity firm SlowMist, has identified private key leaks as the leading cause behind crypto thefts in the second quarter of 2024.
According to a June 2 report, these leaks resulted from malpractices such as storing private keys on cloud storage services like Google Docs.
Further, the report warned that sending sensitive information via messaging platforms like WeChat also poses risks despite these platforms employing security measures such as end-to-end encryption.
βThese actions, which seem to enhance information security, actually greatly increase the risk of information theft.β
Hackers allegedly use βcredential stuffingβ to gain access to victimsβ sensitive information. This involves using leaked account credentials found online to log in to cloud storage and other services used by the victim.
βIf successful, they can easily find and steal crypto-related information,β the report added.
In addition, MistTrack warned of other deceptive tactics employed by attackers, such as posing as customer service agents and sending phishing links to victims via platforms like Discord.
As such, it urged users not to disclose their private keys or mnemonic phrases under any circumstances.
Fake Wallets and Phishing Risks
Fake wallets that mimic popular cryptocurrency wallet applications were also flagged as a leading cause of private key leaks. These applications are mostly prevalent on third-party sites, which users often prefer due to geographical constraints and other reasons.
SlowMist highlighted apkcombo, a Google Play Store alternative, which offered the imToken crypto wallet. While there is an actual imToken app, the imToken 24.9.11 version available on apkcombo was βnon-existentβ and designed to steal a userβs private keys when interacted with.
βThe advanced nature and professional level of these phishing activities far exceed our expectations.β
Such applications arenβt just available on third-party sites. Last week, a similar incident occurred where a fake Phantom wallet managed to bypass Appleβs app store security measures and drained crypto assets from anyone who imported their private keys into the app.
Other Crypto Theft Causes
Other causes of crypto theft involved phishing links on social media platforms and fraudulent schemes. Honeypot scams were the most common fraud scheme in Q2 2024. This involves creating bogus cryptocurrency projects with promising use cases to lure in investors. However, once an investor invests, they are unable to sell their holdings.
Most honeypot incidents reportedly occurred on the Binance Smart Chain (BSC), the report added.
Crypto scams and hacks have wiped off approximately $20 billion worth of assets between 2011 and March 2024. June 2024 alone saw hackers steal $176.2 million worth of assets from crypto platforms.
Stay updated on the latest in the cryptocurrency world with more news from Global Crypto News.