MistTrack, the investigative arm of cybersecurity firm SlowMist, has identified private key leaks as the leading cause behind crypto thefts in the second quarter of 2024.

According to a June 2 report, these leaks resulted from malpractices such as storing private keys on cloud storage services like Google Docs.

Further, the report warned that sending sensitive information via messaging platforms like WeChat also poses risks despite these platforms employing security measures such as end-to-end encryption.

β€œThese actions, which seem to enhance information security, actually greatly increase the risk of information theft.”

Hackers allegedly use β€œcredential stuffing” to gain access to victims’ sensitive information. This involves using leaked account credentials found online to log in to cloud storage and other services used by the victim.

β€œIf successful, they can easily find and steal crypto-related information,” the report added.

In addition, MistTrack warned of other deceptive tactics employed by attackers, such as posing as customer service agents and sending phishing links to victims via platforms like Discord.

As such, it urged users not to disclose their private keys or mnemonic phrases under any circumstances.

Fake Wallets and Phishing Risks

Fake wallets that mimic popular cryptocurrency wallet applications were also flagged as a leading cause of private key leaks. These applications are mostly prevalent on third-party sites, which users often prefer due to geographical constraints and other reasons.

SlowMist highlighted apkcombo, a Google Play Store alternative, which offered the imToken crypto wallet. While there is an actual imToken app, the imToken 24.9.11 version available on apkcombo was β€œnon-existent” and designed to steal a user’s private keys when interacted with.

β€œThe advanced nature and professional level of these phishing activities far exceed our expectations.”

Such applications aren’t just available on third-party sites. Last week, a similar incident occurred where a fake Phantom wallet managed to bypass Apple’s app store security measures and drained crypto assets from anyone who imported their private keys into the app.

Other Crypto Theft Causes

Other causes of crypto theft involved phishing links on social media platforms and fraudulent schemes. Honeypot scams were the most common fraud scheme in Q2 2024. This involves creating bogus cryptocurrency projects with promising use cases to lure in investors. However, once an investor invests, they are unable to sell their holdings.

Most honeypot incidents reportedly occurred on the Binance Smart Chain (BSC), the report added.

Crypto scams and hacks have wiped off approximately $20 billion worth of assets between 2011 and March 2024. June 2024 alone saw hackers steal $176.2 million worth of assets from crypto platforms.

Stay updated on the latest in the cryptocurrency world with more news from Global Crypto News.

Post Views: 5