Experts from SlowMist presented a rating of the reasons why individual and institutional investors lose their digital assets.
🧐个人/机构资产丢失原因占比排行榜:
1.助记词、私钥泄漏,占32%
2.钱包使用不当,签名钓鱼,占18%
3.下载假钱包、虚假交易软件,占16%
4.首尾号、木马软件钓鱼,占13%
5.专业黑客团伙攻击,占6%
6.虚假聊天软件,中间篡改,占8%
7.存放交易平台被定点攻击、钓鱼,占4%… pic.twitter.com/rjmhmD4Xa8
Almost a third — 32% — is accounted for by leaks of mnemonic phrases and private keys. The following are:
phishing with transaction signing (18%);downloading fake wallets and trading apps (16%);address substitution and phishing by Trojans (13%);phishing in messengers, including fake chat apps (8%);attacks by professional hacker groups (6%);attacks on trading platforms (4%);transaction errors, Ponzi schemes, loopholes in smart contracts, etc. (3%)."Do you think that self-storage is safer? It's fucking ridiculous — 99% of people can't take good care of their assets, so don't expect to end up in that 1%," wrote CISO SlowMist under the nickname 23pds.
The expert also gave some advice. For large amounts, he recommended using a hardware wallet and reliable storage of mnemonics and keys, if possible, although he admitted that organizing this was "the problem of the century."
For small amounts of assets, familiar methods like mobile applications are acceptable, but it is necessary to pay attention to security, 23pds noted.
He also urged not to blindly follow all the advice from the outside and not to give them yourself without being a professional.
The expert supported Binance in the story with the loss of $1 million by the user
The 23pds trade followed his detailed analysis of a recent incident involving the theft of $1 million worth of cryptocurrencies from a trader on Binance.
🚨 On June 3, 2024, @CryptoNakamao revealed how they lost over $1M due to downloading a malicious Chrome extension. This has sparked major concerns in the crypto community about extension risks and asset security.
Our CISO, @im23pds is here to provide additional information… https://t.co/AEOOvVTv1p
The reason for the loss was a malicious Chrome browser extension that provides the services of a trade data aggregator. The user made claims against the exchange, whose risk and security assessment systems did not work properly.
Binance co-founder Yi He has not acknowledged the platform's responsibility for the incident. She noted that the hacker manipulated the trader's device through a plug-in, and the exchange team could not influence the situation.
23pds actually sided with Binance. The expert stressed that the trader had independently installed the extension, which by default had access to all cookies, URLs and storage. The information collected was automatically transferred to the attackers' server.
A fragment of the plugin code with permissions. Data: SlowMist.Having received the necessary data, they intercepted a session opened by the user himself on the exchange's website. To do this, they did not need to interact with the platform, enter a username/password and undergo two-factor authentication (2FA).
In his opinion, exchanges can take a number of measures to reduce the risks of such incidents, such as:
forced 2FA for all transactions; using several types of authentication (SMS, e-mail, hardware tokens, etc.);disabling an inactive session;monitoring IP addresses and geolocation to warn of unusual activity;instant notification of the client about logging in from other devices with the right to block the session;strengthening security tools, risk control, the use of machine learning and others.However, he noted that the implementation of all the proposed measures may not be the "best approach" due to resource consumption.
"There must be a balance between security and business needs. If the measures are too strict, customer interaction may suffer. For example, 2FA for each transaction may be inconvenient for many," the expert believes.
23pds strongly recommended users, among other things, to install software only from trusted sources and always close sessions on trading platforms.
Recall that in April, crypto projects lost about $25.7 million as a result of hacking and fraud. This was a record low amount for a month since 2021, CertiK noted.
In May, a successful attack on the Japanese DMM Bitcoin exchange alone brought hackers 4502.9 BTC or ~$305 million.