Crypto users are falling victim to a wave of attacks that exploit their psychology. Scammers are employing new and never-before-seen tactics to rob victims of their digital assets. Lisa, the operations manager at SlowMist, lives up to her name by sounding the alarm. During the second quarter, she observed a worrisome trend in crypto related attack intelligence. These attacks consist of fraudulent web browser extensions, modified hardware wallets, and social engineering methods. According to SlowMist’s data, one victim was hit with a catastrophic $6.5 million loss. Ultimately, this occurred after they bought a hacked cold wallet that they saw promoted on TikTok.

This Q2 analysis from SlowMist is calculated on the basis of 429 stolen fund reports filed with the firm’s tracking bureau across the sector during that timeframe. Even with the increase in complex scams, SlowMist didn’t wait, they jumped into action, freezing and recovering an estimated $12 million. They assisted 890 victims who lost crypto to crime during Q2. The firm traced these thefts mainly to phishing attacks, fraud and private key leaks.

Emerging Attack Vectors

In addition to these scams, the second quarter was marked by new attack vectors, demonstrating the constantly evolving nature of crypto-related scams. Another big trend was bad browser extensions masquerading as security add-ons. The “Osiris” Chrome extension is a great example of this tactic, tricking users into undermining their security.

Even worse was the practice of selling unactivated hardware wallets. In one such attack, the attacker sold a compromised hardware wallet to their victim. Once the victim had moved their assets, the attacker promptly siphoned off the funds. Phishing methods advanced, taking advantage of EIP-7702, a function created in Ethereum’s most recent Pectra upgrade, to push maliciously mislead customers.

Adversaries are growingly using social media and communication platforms as an avenue for attack. One case, for example, saw an attacker compromising the accounts of multiple WeChat users to bait potential victims. A close-to flawless copy of the viral Revoke Cash Asset interface had hoodwinked users. It misled them into typing in their private keys with the bogus assertion of “scanning for dangerous signatures.”

The Rise of Social Engineering

Attackers have become adept at manipulation, using psychological exploitation to prey on the emotions and vulnerabilities of users.

"These social engineering attacks are not technically sophisticated, but they excel at exploiting urgency and trust." - Lisa

This new technique shifts the focus of scammers to override existing security controls by exploiting human behavior.

"Attackers know that phrases like ‘risky signature detected’ can trigger panic, prompting users to take hasty actions. Once that emotional state is triggered, it’s much easier to manipulate them into doing things they normally wouldn’t — like clicking links or sharing sensitive information." - Lisa

This data from Q2 shows just how big of a shift has taken place in attackers’ strategies.

Shifting Attack Strategies

This significant change in threat landscape means attackers are more targeting human psychology versus finding technical exploits.

"Looking back on Q2, one trend stands out: attackers’ methods may not be getting technically more advanced, but they are becoming more psychologically manipulative." - Lisa

While this evolution is a good thing, it makes crypto users more susceptible and unaware of threats that extend past the blockchain.

"We’re seeing a clear shift from purely onchain attacks to offchain entry points — browser extensions, social media accounts, authentication flows, and user behavior are all becoming common attack surfaces." - Lisa

This evolution requires crypto users to be more vigilant and aware of potential threats beyond the blockchain itself.

"Even more insidiously, attackers would guide users to visit well-known, commonly used websites like Notion or Zoom," - Lisa