Author | Lisa
Editor | Liz
Since the launch of SlowMist’s MistTrack recovery funds submission feature, we’ve received numerous requests for assistance daily, with victims seeking help in tracking and recovering funds. These cases often involve significant funds, with some victims losing millions of dollars. In this report, we will provide a detailed analysis of the theft cases submitted during Q4 of 2024. Our aim is to highlight both common and less known attack methods, drawn from real, anonymized cases. Our goal is to raise awareness and offer useful tips to help users better protect their assets and stay safe from potential risks.
Statistics and Overview
In Q4 of 2024, MistTrack received a total of 2,077 theft reports, including 335 from domestic users and 151 from international users. Among these, 1,591 submissions were related to the DEXX incident. We provided free evaluation services for these cases as part of our community support initiatives. (Note: This analysis only includes cases submitted via the form and excludes those received through email or other channels.)
During this quarter, the MistTrack Team assisted 25 victims in freezing approximately $53.52 million across 18 platforms.
Causes of Theft
Fraud ranked as the top cause of theft in Q4 2024. Alongside traditional methods, several new scam tactics emerged this quarter. Let’s dive into the details:
1. Malicious Trading Bots
Several users reported encountering new trading bots displayed at the top of official Telegram channels. Believing these bots to be official updates, users clicked on them, imported their private keys to bind their wallets, and subsequently had their assets stolen. On closer inspection, these bots had an “Ad” (advertisement) label, which is a standard Telegram feature. However, since the ads appeared in official channels, users mistakenly assumed these bots were legitimate.
In other cases, users searched for well-known trading bots on Telegram and selected malicious bots appearing at the top of the results. They then pasted their private keys into the bot, resulting in the theft of their wallet assets within minutes. We advise users to be cautious when prompted to input private keys, rely on reputable trading bots, regularly check the security of bot platforms, ensure they use the latest versions, and strengthen private key management practices.
2. Staking Rebates
Staking rebate scams, a classic fraud tactic, continued to target users in 2024. These scams often pose as “official rebate campaigns,” claiming users can earn high returns by staking their assets. Attracted by promises of lucrative returns, victims transfer funds to contract addresses. Initially, they receive rebates, prompting them to invest more, only to have all their funds stolen by scammers.
Worse still, some scammers return fake tokens as rebates. Unaware users believe they’ve received legitimate rewards, only to discover the tokens are worthless when attempting to trade them.
Users should exercise caution, avoid blindly trusting high-return promises, and always verify project details through official channels.
3. Phishing Through Fake Zoom Meetings
A surge in phishing attacks disguised as Zoom meeting links was observed recently. Attackers used domains resembling official Zoom URLs to create pages nearly identical to the legitimate platform. They posed as investors, journalists, or other credible figures to lure potential victims into clicking malicious links. When users clicked the “Start Meeting” button, they unknowingly downloaded a malicious package, infecting their devices with malware. This allowed attackers to remotely control devices, steal sensitive information, and even access cryptocurrency wallets, refer to https://medium.com/@slowmist/seeing-is-deceiving-analysis-of-fake-zoom-meeting-phishing-attack-3b0138e13e49.
We recommend users remain vigilant when clicking website links, install reputable antivirus software (e.g., Kaspersky, AVG), and immediately transfer wallet funds and scan their devices for malware if infected.
4. Fraudulent Tokens
Based on submission statistics, many victims were lured into investing in fraudulent tokens like “Pixiu Coins” through scammers’ persuasive claims. Attackers create tokens with no real application and exaggerate their potential to attract investors. Victims are guided to purchase these tokens through unverified platforms or wallets, only to have their funds stolen when scammers move the money to their wallets. Since these tokens lack market circulation, victims are unable to sell or exchange them. In some cases, scammers use Ponzi schemes to create the illusion of rising token value, further attracting new investors.
Before investing, users should use token detection tools like Goplus to verify tokens, check project whitepapers, and thoroughly research team backgrounds to avoid unverified ICOs or new cryptocurrencies.
5. Scams on Xiaohongshu (REDnote)
Recently, MistTrack observed significant losses — reaching millions of dollars — from scams originating on Xiaohongshu (REDnote). Searching for terms like “cryptocurrency” or “Bitcoin” on the platform reveals posts from users sharing their trading profits or losses, often with sensational titles like “10x Growth in a Day.” Scammers exploit comment sections to lure victims, posing as service providers offering exchange installation help. Victims, in their first step into Web3, often fall into traps such as downloading fake exchanges, leading to fund losses.
Some scammers also masquerade as “industry experts” or “investment gurus,” showcasing fake success stories to build credibility. They then privately message users, offering exclusive investment opportunities with “guaranteed profits,” eventually redirecting communication to other platforms to continue their fraud. Users must remain cautious, avoid trusting strangers, and remember the saying: “While you aim for interest, they’re after your principal.”
Final Thoughts
If you’ve fallen victim to cryptocurrency theft, we offer free community assistance to help evaluate your case. Simply submit the appropriate form based on the incident type (stolen funds, scam, or extortion). The hacker’s address you provide will also be shared with SlowMist InMist Lab’s Threat Intelligence Network for further risk control actions.
- Submit the Chinese form here: https://aml.slowmist.com/cn/recovery-funds.html
- Submit the English form here: https://aml.slowmist.com/recovery-funds.html
SlowMist has been deeply involved in the Anti-Money Laundering (AML) field for many years, developing a comprehensive and efficient solution that covers compliance, investigations, and audits. We are committed to fostering a healthy cryptocurrency ecosystem and providing professional services to the Web3 industry, financial institutions, regulatory bodies, and compliance departments. Our MistTrack platform offers compliance investigation services that include wallet address analysis, fund monitoring, and tracing. To date, MistTrack has accumulated over 300 million address tags, more than 1,000 address entities, 500,000+ threat intelligence data points, and 90 million+ risk addresses, providing strong protection against money laundering and ensuring digital asset security.
About SlowMist
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.
