The blockchain security company SlowMist pointed out that the number of "psychological manipulation" attacks on crypto users increased in the second quarter, as hackers continue to explore more advanced and creative ways to steal crypto assets.

SlowMist's operations manager, Lisa, stated in the company's second-quarter MistTrack report on stolen funds analysis that while the hacking techniques themselves have not significantly improved, the methods of fraud have become increasingly complex, with a notable rise in fake browser extensions, tampered hardware wallets, and social engineering attacks.

"Looking back at the second quarter, one trend stands out: while attackers may not have improved technically, their psychological manipulation has significantly enhanced."

"We clearly see that attacks have shifted from single-chain attacks to more off-chain entry points—browser extensions, social media accounts, authentication processes, and user behavior have all become common attack surfaces," Lisa added.

Ironically, a recent attack vector involves browser extensions masquerading as security plugins. For example, the "Osiris" Chrome extension claims to detect phishing links and suspicious websites.

In reality, this extension intercepts all .exe, .dmg, and .zip file downloads and replaces them with malicious programs.

"More insidiously, attackers also guide users to visit well-known websites like Notion or Zoom," Lisa pointed out.

"When users attempt to download software from these official sites, what they actually receive is a maliciously tampered file—while the browser still shows that the file comes from legitimate sources, making it nearly impossible for users to detect any anomalies."

These malicious programs collect sensitive information from users' computers, including Chrome browser data and macOS keychain credentials, allowing attackers to obtain mnemonic phrases, private keys, or login information.

SlowMist also noted that another common attack method is to induce crypto investors to use tampered hardware wallets.

In some cases, hackers send modified cold wallets to users, falsely claiming they have won a free device or requesting users to transfer assets under the pretext that their existing device has been compromised.

Lisa revealed that in the second quarter, one victim lost as much as $6.5 million after purchasing a tampered cold wallet on TikTok.

There are also attackers selling pre-activated hardware wallets, and once victims transfer their crypto assets, hackers can immediately transfer all funds.

SlowMist reported that in the second quarter, they received a request for help from a user who claimed they could not revoke "high-risk authorizations" in their wallet.

Upon investigation, SlowMist found that the website the user attempted to use to revoke smart contract permissions "almost completely replicated the interface of the well-known Revoke Cash," and lured users into entering their private keys to "detect high-risk signatures."

"By analyzing the front-end code, we confirmed that this phishing site used EmailJS to send the user's input— including private keys and addresses— to the attacker's email."

"These social engineering attacks are not technically complex, but they can greatly exploit users' sense of urgency and trust," Lisa said.

"Attackers are well aware that prompts like 'high-risk signature detected' can easily trigger panic in users, prompting them to act recklessly. Once emotions are stirred, users are more easily manipulated into clicking links or disclosing sensitive information, actions they would normally never take."

Other cases include attackers utilizing phishing techniques related to Ethereum's latest Pectra upgrade with EIP-7702, as well as attacks carried out by gaining access to multiple WeChat user accounts.

Cointelegraph Magazine recently reported that attackers gained control of accounts through WeChat's account recovery mechanism, impersonating real account holders to deceive their contacts with discounted USDT.

SlowMist's second-quarter data is based on 429 reports of stolen funds received by the company during the quarter.

The company stated that in the second quarter, they froze and recovered approximately $12 million in assets for 11 victims who reported their digital assets stolen.

Related: FATF's cryptocurrency list hints at the next round of regulatory crackdowns

Original article: “Five 'Covert' Crypto Scams to Watch Out for This Year”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。