Private Key Leaks Identified as Leading Cause of Crypto Thefts in Q2 2024
Private key leaks have been identified as the leading cause of crypto thefts in the second quarter of 2024, according to a report by cybersecurity firm SlowMist’s investigative branch, MisTrack. The report highlighted various instances where users stored their private keys or mnemonic phrases in cloud storage services like Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs.
Some users were also found to have shared their private keys or mnemonic phrases with trusted friends via tools such as WeChat, and even used WeChat’s image-to-text feature to copy mnemonic phrases into WPS spreadsheets, encrypt them, and enable cloud services while also storing them on local hard drives. However, these seemingly secure practices actually increased the risk of information theft, as malicious entities often use “credential stuffing” techniques to access accounts using leaked login information.
Fake wallets were also identified as a major cause of private key leaks, further exacerbating the issue of crypto theft. Additionally, phishing schemes emerged as the second-highest cause of theft, with fraudsters posing as customer support representatives or using deceptive links on platforms like Discord to trick users into revealing their private key details.
SlowMist’s security team also discovered a significant number of phishing incidents involving unassuming users clicking on malicious link comments under tweets from well-known projects. They found that nearly 80% of the first comments under tweets from prominent project accounts were plagued by phishing scam accounts, highlighting the prevalence of these scams in the crypto industry.
Furthermore, the second quarter of 2024 saw a rise in honeypot schemes, particularly on the Binance Smart Chain (BSC). Scammers created digital currencies that appeared promising to investors but were designed to be impossible to sell after purchase, leading to inflated trading figures and widespread participation among accounts and exchanges.
Overall, the report underscores the importance of safeguarding private keys and being vigilant against phishing scams and fake wallets to protect against crypto theft in an increasingly risky digital landscape.
