SlowMist flags private key leaks as leading cause of crypto hacks in Q2 2024

by

As a researcher with a background in cybersecurity, I find the findings from MistTrack’s investigative report on crypto thefts in Q2 2024 both concerning and informative. The identification of private key leaks as the leading cause behind these thefts is in line with my own observations and experiences.

In the second quarter of 2024, private key leaks emerged as the primary culprit for cryptocurrency thefts, according to the investigation conducted by MistTrack, the investigative division of cybersecurity company SlowMist.

Based on a June 6th report, the unauthorized disclosures were attributed to improper practices, including saving confidential keys on cloud platforms like Google Docs.

The report cautioned against using messaging apps like WeChat for transmitting confidential data, as they still present risks in spite of their encryption technologies.

“The steps taken, appearing to bolster information security, in reality, significantly amplify the likelihood of data breaches.”

Hackers are said to employ a technique called “credential stuffing” to illegally obtain sensitive data from victims. By utilizing leaked login credentials publicly available on the web, they attempt to gain unauthorized access to cloud storage and various other services that the victims utilize.

“If successful, they can easily find and steal crypto-related information,” the report added.  

Moreover, MistTrack identified other deceitful strategies used by hackers, including impersonating customer service representatives and distributing phishing links to targets through channels such as Discord.

I strongly advise against sharing your private keys or mnemonic phrases with anyone, no matter the situation. These are essential pieces of information that grant access to your crypto assets, and keeping them confidential is crucial for maintaining the security of your investments.

Counterfeit wallets resembling well-known cryptocurrency wallet apps have emerged as a significant source of private key breaches. Mostly found on external platforms, these applications are favored by users for various reasons, including geographical limitations.

SlowMist brought attention to apkcombo, a Google Play Store substitute, where the imToken crypto wallet could be found. Although there is an authentic imToken application, the imToken version 24.9.11 on apkcombo was reportedly non-existent and maliciously designed to steal users’ private keys upon interaction.

As a researcher studying phishing activities, I’ve been surprised to discover that some techniques used are more sophisticated than we initially anticipated.

As a crypto investor, I’ve come across various applications that aren’t only found on third-party sites. Last week, I read an alarming report on crypto.news about a counterfeit Phantom wallet. This malicious app managed to evade Apple’s app store security and successfully drained crypto assets from users who imported their private keys into the fake app.

As a diligent researcher, I’ve discovered alternative reasons behind cryptocurrency thefts. These methods extend beyond mere hacking attempts. They include deceptive phishing links concealed within social media messages and intricate fraudulent schemes designed to trick unsuspecting victims into revealing their valuable digital assets.

In Q2 2024, Honeypot scams were the most prevalent form of fraudulent activity. These schemes entail establishing fake cryptocurrency ventures with alluring applications to attract investors. Unfortunately, once an investor has put money in, they lose the ability to sell their acquired tokens.

Most honeypot incidents reportedly occurred on the Binance Smart Chain (BSC), the report added.

From 2011 to March 2024, crypto scams and cyberattacks resulted in the loss of around $20 billion in assets. In a single month, June 2024, hackers managed to steal over $176 million worth of assets from various crypto platforms.

Read More

2024-07-03 13:35