Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,200
- Points
- 113
During the quarter, victims of 467 cryptocurrency thefts applied to SlowMist for help.
The main causes of incidents were private key leaks, phishing, and fraud.
In the second quarter, SlowMist's MistTrack service received 467 reports of digital asset theft. Funds of 18 victims in the amount of $22.66 million were frozen.
Of the total number of requests to specialists of the Chinese company, 321 were received from users from China, 146-from abroad. SlowMist analyzed these incidents without including messages received through other channels in the report.
Among the most frequent methods of theft, experts named private key leaks, phishing and fraud.
SlowMist noted that users often store keys and mnemonic phrases in cloud services like Google Docs or send them to friends via instant messengers to create backups. However, such actions increase the risk of information interception by intruders.
There were also cases of scams where the victim was deceived, posing as a support service employee, and asked to share data.
"Fake wallets are another major cause of private key leaks," the experts said.
This is a long-known attack vector, but it remains relevant, they acknowledged. Some users prefer to download apps from dubious sources due to network restrictions for Google Play or for other reasons.
The company's specialists studied the implementation of backend-level functions in fake wallets, including user, asset, and deposit management.
"The advanced nature and professional level of these phishing activities far exceeded our expectations," they admitted in the end.
Phishing and fraud are also being improved
Regarding phishing, the analysis showed that approximately 80% of comments under the posts of popular crypto projects on the Internet are published by scammers.
Experts found numerous groups in Telegram selling various X-accounts with subscribers, posts and different registration times. This allows attackers to tailor the offer to their needs.
The pages available to scammers often completely copy the original design. For example, experts found an account called Optimlzm that looked almost identical to the real Optimism.
Using these properties, as well as promotion tools (for example, pinning their posts to the top of the comments feed), scammers successfully deceive their victims, who eventually click on phishing links.
Example of an NFT–related X account available for purchase with subscribers and a feed. Data: SlowMist
Of the various types of fraud in the second quarter, the most popular scheme was the honeypot. In cybersecurity, this is a virtual trap for luring intruders, allowing you to learn their methods and practices. In the crypto industry, this is the so-called method of attracting investors to useless and illiquid assets, which then cannot be realized.
Experts described a typical scam scheme:
1. A fraudster creates a smart contract and lures victims with promises of high profits, aggressively encouraging them to buy.
2. After purchasing an asset, the user sees that the price is rising and is in no hurry to sell it. When he decides to do this, he finds that it is impossible to implement tokens.
3. Scammer withdraws funds from victims who were involved.
SlowMist emphasized that even experienced investors often fail to recognize a honeypot right away.
The main causes of incidents were private key leaks, phishing, and fraud.
In the second quarter, SlowMist's MistTrack service received 467 reports of digital asset theft. Funds of 18 victims in the amount of $22.66 million were frozen.
Of the total number of requests to specialists of the Chinese company, 321 were received from users from China, 146-from abroad. SlowMist analyzed these incidents without including messages received through other channels in the report.
Among the most frequent methods of theft, experts named private key leaks, phishing and fraud.
SlowMist noted that users often store keys and mnemonic phrases in cloud services like Google Docs or send them to friends via instant messengers to create backups. However, such actions increase the risk of information interception by intruders.
There were also cases of scams where the victim was deceived, posing as a support service employee, and asked to share data.
"Fake wallets are another major cause of private key leaks," the experts said.
This is a long-known attack vector, but it remains relevant, they acknowledged. Some users prefer to download apps from dubious sources due to network restrictions for Google Play or for other reasons.
The company's specialists studied the implementation of backend-level functions in fake wallets, including user, asset, and deposit management.
"The advanced nature and professional level of these phishing activities far exceeded our expectations," they admitted in the end.
Phishing and fraud are also being improved
Regarding phishing, the analysis showed that approximately 80% of comments under the posts of popular crypto projects on the Internet are published by scammers.
Experts found numerous groups in Telegram selling various X-accounts with subscribers, posts and different registration times. This allows attackers to tailor the offer to their needs.
The pages available to scammers often completely copy the original design. For example, experts found an account called Optimlzm that looked almost identical to the real Optimism.
Using these properties, as well as promotion tools (for example, pinning their posts to the top of the comments feed), scammers successfully deceive their victims, who eventually click on phishing links.
Example of an NFT–related X account available for purchase with subscribers and a feed. Data: SlowMist
Of the various types of fraud in the second quarter, the most popular scheme was the honeypot. In cybersecurity, this is a virtual trap for luring intruders, allowing you to learn their methods and practices. In the crypto industry, this is the so-called method of attracting investors to useless and illiquid assets, which then cannot be realized.
Experts described a typical scam scheme:
1. A fraudster creates a smart contract and lures victims with promises of high profits, aggressively encouraging them to buy.
2. After purchasing an asset, the user sees that the price is rising and is in no hurry to sell it. When he decides to do this, he finds that it is impossible to implement tokens.
3. Scammer withdraws funds from victims who were involved.
SlowMist emphasized that even experienced investors often fail to recognize a honeypot right away.
