Private key leaks have been identified as the leading cause of cryptocurrency thefts in Q2 2024 by cybersecurity firm SlowMist’s investigative arm, MisTrack.
The report highlighted several instances where users stored their private keys or mnemonic phrases in cloud storage services such as Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs.
Private key leaks
The researchers also found that some users shared their private keys or hashtags with trusted friends via tools like WeChat, and some also used WeChat’s image-to-text feature to copy hashtags into WPS spreadsheets, encrypt them, and enable cloud services while also storing them on local hard drives.
Although such moves may appear to improve information security, they ultimately greatly amplify the risk of information theft. is found Malicious entities often use “credential stuffing” techniques. This involves attempting to access accounts using leaked login information obtained from online sources. Once these attempts are successful, attackers can easily locate and extract cryptocurrency-related data.
Fake wallets are another major cause of private key leaks.
Phishing schemes then emerged as the second-highest cause of theft. In some cases, victims are tricked by scammers posing as customer service representatives who convince them to reveal their seed phrase. In other cases, users fall prey to deceptive phishing links on platforms like Discord, unwittingly entering their private key details.
SlowMist also noted that phishing led to several theft incidents, particularly through regular users clicking on malicious link comments under tweets from well-known projects in Q2.
The company’s security team had previously discovered that nearly 80% of the first comments under tweets from prominent project accounts were tainted by fraudulent accounts. They also discovered Telegram groups selling Twitter accounts, many of which were associated with the crypto industry or influencers with diverse follower counts and histories.
BSC suffers from fraudulent schemes
The second quarter also saw major fraudulent schemes, where cryptocurrencies were created that looked promising to investors, but were designed to be impossible to sell after purchase.
SlowMist’s analysis revealed that the majority of reported fraud incidents in the quarter occurred on Binance Smart Chain (BSC). The scammers essentially engineered the illusion of widespread participation by trading these tokens across multiple accounts and exchanges, inflating trading numbers.
$600 Free from Binance (Exclusive to CryptoPotato): Use this link to register a new account and get an exclusive $600 welcome offer on Binance (Full details).
Limited Offer for 2024 on BYDFi Exchange: Welcome Bonus up to $2888, Use this link to register and open a position of 100 USDT-M for free!