Crypto users faced a rise in psychologically manipulative attacks in the second quarter as hackers dreamt up advanced and creative ways to try and steal crypto, according to blockchain security firm SlowMist.SlowMists head of operations, Lisa, said in the firms Q2 MistTrack Stolen Fund Analysis report that while it didnt see an advancement in hacking techniques, the scams have become more sophisticated, with a rise in fake browser extensions, tampered hardware wallets and social engineering attacks.Looking back on Q2, one trend stands out: attackers methods may not be getting technically more advanced, but they are becoming more psychologically manipulative.Were seeing a clear shift from purely onchain attacks to offchain entry points browser extensions, social media accounts, authentication flows, and user behavior are all becoming common attack surfaces, said Lisa.Malicious browser extensions pretend to be security pluginsIronically, one emerging attack vector involved browser extensions masquerading as security plugins, such as the Osiris Chrome extension, which claimed to detect phishing links and suspicious websites.Instead, the extension intercepts all downloads of .exe.
.dmg and .zip files, replacing those files with malicious programs.Even more insidiously, attackers would guide users to visit well-known, commonly used websites like Notion or Zoom, said Lisa.When the user attempted to download software from these official sites, the files delivered had already been maliciously replaced yet the browser still displayed the download as originating from the legitimate source, making it nearly impossible for users to spot anything suspicious.These programs would then collect sensitive information from the users computer, including Chrome browser data and macOS Keychain credentials, giving an attacker access to seed phrases, private keys or login credentials.Sensitive info from a victims computer is sent to the attackers server.
Source: SlowMistAttacks prey on crypto user anxietySlowMist said another attack method focused on tricking crypto investors into adopting tampered hardware wallets.In some cases, hackers would send users a compromised cold wallet, telling their victims they had won a free device under a lottery draw or telling them their existing device was compromised and they needed to transfer their assets.In Q2, one victim reportedly lost $6.5 million by purchasing a tampered cold wallet that they saw on TikTok, according to Lisa.Source: Intelligence on ChainAnother attacker sold a victim a hardware wallet they had already pre-activated, allowing them to immediately drain the funds once the new users transferred in their crypto for storage.Social engineering with fake revoker websiteSlowMist said it was also contacted in Q2 by a user who could not revoke a risky authorization in their wallet.Related: US sanctions crypto wallet tied to ransomware, infostealer hostUpon investigation, SlowMist said the website that the user was using to try to revoke the smart contracts permission was a near-perfect clone of the popular Revoke Cash interface, which asked users to input their private key to check for risky signatures.Upon analyzing the front end code, we confirmed that this phishing website used EmailJS to send users input including private keys and addresses to an attackers email inbox.SlowMist found phishing attacks, fraud and private key leaks were the leading causes of theft in Q2.
Source: SlowMistThese social engineering attacks are not technically sophisticated, but they excel at exploiting urgency and trust, said Lisa.Attackers know that phrases like risky signature detected can trigger panic, prompting users to take hasty actions.
Once that emotional state is triggered, its much easier to manipulate them into doing things they normally wouldnt like clicking links or sharing sensitive information.Attacks exploit Pectra upgrade, WeChat friendsOther attacks included phishing techniques that exploited EIP-7702, introduced in Ethereums latest Pectra upgrade, while another targeted several WeChat users by gaining control of their accounts.Cointelegraph Magazine recently reported that the attackers utilized WeChats account recovery system to gain control of an account, impersonating the real owner to scam their contacts with discounted Tether (USDT).SlowMists Q2 data came from 429 stolen fund reports submitted to the firm during the second quarter.The firm said it froze and recovered around $12 million from 11 victims who reported having crypto stolen in Q2.Magazine: North Korea crypto hackers tap ChatGPT, Malaysia road money siphoned: Asia Express