Crypto Thefts Drop, Phishing Grows

SlowMist’s Q3 2024 report on crypto industry thefts reveals a decline in overall theft incidents. However, the report highlights a rise in more sophisticated phishing attempts, often involving advanced social engineering tactics.

One alarming trend is that sponsored search results can lead to scam links. Despite this, the most common thefts remain simpler, stemming from key leaks.

Crypto Thefts Get Smarter, SlowMist Reveals

SlowMist, a prominent blockchain security firm, has released their Q3 2024 report on thefts in the crypto industry. All in all, the situation is looking up: compared to their Q2 report this year, the number of reported thefts has gone from 467 to 313. Additionally, SlowMist was able to help victims freeze $34.3 million in stolen funds, greatly lessening the damage.

This report mirrors similar Q3 data from Immunefi, which confirms a downward trend in outright thefts across the industry. Indeed, compared to the previous report, the firm claimed that the leading causes of theft are identical. However, SlowMist did identify one concerning new trend: increasing sophistication in phishing efforts.

“More commonly, scammers posed as venture capitalists (VCs) or journalists, luring victims into downloading malicious video conferencing applications. The phishing website, fake project, and X accounts all appeared highly coordinated, making the scam seem like a legitimate project,” the report claimed.

Read more: Top 9 Safest Crypto Exchanges in 2024

The report outlined several tactics scammers use to appear as legitimate startups or projects. SlowMist highlighted the creation of sophisticated GitHub repositories for completely fictitious projects and the use of Telegram channels boasting over 50,000 fake members. In essence, social engineering plays a crucial role in these new forms of theft.

Most concerning, however, is SlowMist’s claim that an increasing number of phishing websites are being listed as sponsored results on Google and other major search engines, amplifying the threat to users.

“For example, when users searched for Rabby Wallet on Google, the top two results were phishing ads. In some cases, these ads deceptively displayed Rabby Wallet’s official website address, but after multiple proxy changes, they redirected users to the phishing domain,” SlowMist stated.

In light of these phishing attempts, SlowMist put it quite plainly: do not trust any ad results from search engines. Scammers are waiting in a number of frequently-used spots, even impersonating legitimate guarantors of various token projects.

Read More: Crypto Social Media Scams: How to Stay Safe

Still, despite all these frightening new projects, the firm reiterated that the most common type of crypto theft is private key leaks. Anyone storing their private keys on their personal device or cloud is just asking for trouble, but paper and hardware wallets are an easy counter to this tactic.

Ultimately, it’s important to remember that the space is becoming safer. Multiple reports concur that crypto thefts are on the decline, and SlowMist asserts that these social engineering projects are in the minority. With a wary attitude and secure private keys, the average crypto user should have little to fear.