Analysts explained how users lose their funds

SlowMist experts presented a ranking of the reasons why individual and institutional investors are losing their digital assets.

🧐个人/机构资产丢失原因占比排行榜：
1.助记词、私钥泄漏，占32%
2. 钱包使用不当，签名钓鱼，占18%
3.下载假钱包、虚假交易软件，占16%
4. 13%
5.专业黑客团伙攻击，占6%
6.虚假聊天软件，中间篡改，占8%
7.存放交易平台被定点攻击，占4%… pic.twitter.com/rjmhmD4Xa8

— 23pds (@im23pds) June 5, 2024

Almost a third—32%—account for leaks of mnemonic phrases and private keys. The following are:

• phishing with transaction signing (18%);
• downloading fake wallets and trading applications (16%);
• spoofing of addresses and phishing by Trojans (13%);
• phishing in instant messengers, including fake chat applications (8%);
• attacks by professional hacker groups (6%);
• attacks on trading platforms (4%);
• transaction errors, Ponzi schemes, loopholes in smart contracts, etc. (3%).

The expert also gave some advice. For larger amounts, he recommended using a hardware wallet if possible and securely storing mnemonics and keys, although he admitted that organizing this is “the problem of the century.”

For small volumes of assets, familiar methods such as mobile applications are acceptable, but it is necessary to pay attention to security, noted 23pds.

He also urged not to blindly follow all outside advice and not give it yourself without being a professional.

The expert supported Binance in a story where a user lost $1 million

The 23pds thread followed his detailed analysis of a recent incident involving the theft of $1 million worth of cryptocurrency from a trader on Binance.

🚨 On June 3, 2024, @CryptoNakamao revealed how they lost over $1M due to downloading a malicious Chrome extension. This has sparked major concerns in the crypto community about extension risks and asset security.

Our CISO, @im23pds is here to provide additional information… https://t.co/AEOOvVTv1p

— SlowMist (@SlowMist_Team) June 4, 2024

The cause of the loss was a malicious extension for the Chrome browser, which provides trading data aggregator services. The user made claims against the exchange, whose risk assessment and security systems did not work properly.

Binance co-founder Yi He did not admit the platform’s responsibility for the incident. She noted that the hacker manipulated the trader’s device through a plugin, and the exchange team could not influence the situation.

23pds actually sided with Binance. The expert emphasized that the trader independently installed the extension, which by default had access to all cookies, URLs and storage. The collected information automatically went to the attackers’ server.

Plugin code snippet with permissions. Data: SlowMist.

Having received the necessary data, they intercepted the session opened by the user himself on the exchange website. To do this, they did not need to interact with the platform, enter a login/password and go through two-factor authentication (2FA).

In his opinion, exchanges can take a number of measures to reduce the risks of such incidents, such as:

• forced 2FA for all transactions;
• using several types of authentication (SMS, e-mail, hardware tokens, etc.);
• disconnect an inactive session;
• monitoring IP addresses and geolocation to warn of unusual activity;
• instant notification of the client about login from other devices with the right to block the session;
• strengthening security tools, risk control, using machine learning and others.

However, he noted that implementing all the proposed measures may “not be the best approach” due to resource consumption.

23pds strongly recommended, among other things, that users install software only from trusted sources and always close sessions on trading platforms.