- 1 23pds, a security researcher and CISO of SlowMist Technology, listed eight reasons that collectively cause the loss of assets for individual or institutional investors.
- 2 Multiple security measures are also listed to protect users from such losses.
- 3 He also highlights that safety comes first above any or every investment.
Security researcher, CISO of SlowMist Technology, 23pds, took to his X account to share a report on the “Ranking of reasons for loss of personal or institutional assets.”
The report has highlighted eight reasons for their prevalence.
SlowMist is a blockchain security firm known for its scam alerts and early reporting. The company provides services, including security audits, security consultants, red teaming, and more.
个人/机构资产丢失原因占比排行榜:
— 23pds (@im23pds) June 5, 2024
1.助记词、私钥泄漏,占32%
2.钱包使用不当,签名钓鱼,占18%
3.下载假钱包、虚假交易软件,占16%
4.首尾号、木马软件钓鱼,占13%
5.专业黑客团伙攻击,占6%
6.虚假聊天软件,中间篡改,占8%
7.存放交易平台被定点攻击、钓鱼,占4%… pic.twitter.com/rjmhmD4Xa8
Elaborating the Reasons listed by 23pds
He mocked that 99% of crypto users can’t keep their assets safe, and he asked his 8,700 followers if they think they can keep their assets themselves.
It is a joke to assume that the user belongs to the rare 1% of the crypto community who have not been trapped in any scamming activities, as 99% have already been victims of the scamming activities despite the safety measures.
The reasons or causes highlighted in the post, in order of their prevalence, include:
– Mnemonics and private keys leaked: It accounts for around 32% of the total cases. Even after downloading and purchasing genuine wallets, it is a challenge to securely store private keys or mnemonic phrases, as these are the sole credentials to recover and control a crypto wallet.
The recommended ways to fight this challenge are to avoid sharing private keys and store them physically to protect them from network attacks.
– Improper use of wallets and signature phishing: This reason accounts for around 18% of losses. Signature phishing is a method through which attackers obtain an off-chain signature from users and then utilize it to steal funds or assets from the wallet.
The recommended methods to avoid this are enabling security alerts in their wallet and using safety browser extensions.
– Downloading fake wallets and trading software: This accounts for 16% of the total. Scammers often create fake wallets and trading software with a similar name, logo, and user interface to popular crypto players to fool users.
To overcome this challenge, users are often advised to closely verify and check the wallet or software before downloading or operating it.
– Phishing with first and last digit numbers and Trojan software: It is often reported that scammers create very similar addresses and use disguised codes to gain users’ trust.
Users should be careful when some unusual activities are observed or reported.
– Attacks by professional hacker groups: It accounts for 6% of the total cases. With all the growth in the crypto market, some professional hacker groups have been established that also help each other get users’ information, gain trust, and then loot people.
The recommended methods to be safe from such professional hackers are using secure devices, strong passwords, and avoiding sharing details.
– Fake chat software: These chat software programs were tampered with in the middle and account for 8% of the reasons for the loss of assets. Scammers create fake chat software disguised as social media or dating and then ask for crypto investments.
Verifying the authenticity of social media apps before sharing personal details on the platforms is essential.
- Targeted attacks on storage and trading platforms: Scammers hack storage and trading platforms to steal users’ funds, contributing 4% to the losses. These attackers are experts and adapt to the new security measures.
2FA security and other measures aim to protect users from such target attacks.
- Transfer, operational errors, Ponzi schemes, and contract loopholes: Such errors and schemes account for 3% of the total losses. However, these are the most reported reasons for the cases in the industry.
Such scams should be reported immediately so that the losses can be recovered to the extent possible and the subsequent losses can be stopped.
Recommendations from 23pds
The CISO of SlowMist suggests that if a user has the ability, they should use a hardware wallet for large amounts and keep private keys safe. For the small amounts of money, they should depend on the methods that are familiar to a particular user.
23pds states, “Always put safety first; don’t lose your coins.”
Disclaimer
The analysis given above is for informational and educational purposes only. You should not take it as financial, investment, or other advice. Investing in or trading crypto assets is risky. Please consider your circumstances and risk profile before making any investment decisions.
