SlowMist identifies private key leaks as primary factor in crypto hacks during Q2 2024

Private key leaks have emerged as the primary cause of cryptocurrency thefts in the second quarter of 2024, according to cybersecurity firm SlowMist’s investigative division, MistTrack. In a report released on June 2, MistTrack identified malpractices such as storing private keys on cloud storage platforms like Google Docs as the main source of these leaks. The report also highlighted the risks associated with sending sensitive information via messaging platforms like WeChat, despite their implementation of security measures like end-to-end encryption. Hackers are said to exploit leaked account credentials to gain access to victims’ information, enabling them to easily steal cryptocurrency-related data. MistTrack also cautioned against deceptive tactics employed by attackers, including posing as customer service agents and sending phishing links via platforms like Discord. Users were advised never to disclose their private keys or mnemonic phrases under any circumstances. The report further emphasized that fake wallets, particularly those mimicking popular cryptocurrency wallet applications, were a major cause of private key leaks. These fraudulent applications are typically found on third-party sites, which users often turn to due to geographical restrictions and other factors. One example cited was apkcombo, an alternative to the Google Play Store, which offered a non-existent version of the imToken crypto wallet designed to steal users’ private keys. However, fake applications are not limited to third-party sites, as demonstrated by a recent incident where a fake Phantom wallet bypassed Apple’s app store security measures and drained crypto assets from users who imported their private keys into the app. Other causes of crypto theft mentioned in the report included phishing links on social media platforms and fraudulent schemes. Honeypot scams were identified as the most common fraud scheme in the second quarter of 2024. These scams involve creating fraudulent cryptocurrency projects with enticing use cases to attract investors, who later find themselves unable to sell their holdings. According to the report, most honeypot incidents occurred on the Binance Smart Chain. The cryptocurrency industry has suffered significant losses due to scams and hacks, with an estimated $20 billion worth of assets wiped out between 2011 and March 2024. In June 2024 alone, hackers stole approximately $176.2 million worth of assets from crypto platforms.