SlowMist: 2025 Q3 MistTrack Stolen Funds Analysis
Since SlowMist launched the MistTrack stolen fund report submission feature, we have received a large number of help requests from victims every day, seeking support for fund tracing and recovery. Among them are cases involving losses of over tens of millions of USD.
Based on this, we have launched this quarterly series to collect statistics and conduct analysis on the stolen fund reports we receive, aiming to dissect both common and uncommon attack methods through real (anonymized) cases. The goal is to help industry participants better understand and guard against security risks, and to protect their assets.
According to statistics, the MistTrack Team received a total of 317 stolen fund reports in Q3 2025, including 245 domestic submissions and 72 overseas submissions. We provided free community-level assessment services for all of these cases. (Ps. This data only includes cases submitted via the form, and does not cover those reported via email or other channels.)
In Q3, the MistTrack Team assisted 10 victims in successfully freezing or recovering approximately $3.73 million in stolen assets.
Causes of Theft
Among all malicious tactics observed in Q3 2025, Private key leakage became the top cause of stolen assets. Next, we’ll walk through several representative cases to help everyone better avoid traps, prevent theft, and protect their assets.
1. Fake Hardware Wallets
This quarter, we again encountered multiple theft cases caused by victims purchasing fake hardware wallets. One victim purchased an “imToken Secure Cold Wallet” for 618 RMB from a non-official merchant named “ConsenShop Studio.” Shortly after transferring 4.35 BTC into the wallet, the assets were stolen.
These scams are simple yet extremely dangerous — not relying on advanced hacking, but on information asymmetry and psychological manipulation. Scammers pre-set the seed phrase or PIN before the victim receives the device, so once assets are transferred, they go straight into the attacker’s pocket.
The typical modus operandi is roughly as follows: scammers first purchase a genuine device through official channels, then unbox and activate it, recording the seed phrase that is generated. Next, they replace the instruction manual, insert a counterfeit seed phrase card or scratch card, and finally reseal the packaging with professional tools to make it appear “brand-new and unopened,” before selling it at a low price through unofficial channels such as social media, livestream e-commerce, or second-hand marketplaces. In some cases, they simply place a pre-printed seed phrase card inside the box, luring users into restoring their wallet with that phrase;others claim that scratching the card will reveal a unique PIN or activation code, or even assert that “a hardware wallet does not require a seed phrase.” Regardless of the method, the outcome is the same: the user believes they are in control of the wallet, but in reality the private keys are already in the scammer’s hands, and any funds transferred are essentially a direct gift to the fraudster.
Here are some practical suggestions to help you stay protected:
- Only purchase hardware wallets through official channels or authorized resellers, and never be tempted by cheaper offers on unofficial platforms or second-hand markets.
- When receiving the device, unbox it on the spot in an offline environment and generate the seed phrase on the device yourself. Never use any pre-existing seed phrase or printed card included in the box.
- If you find a pre-written seed, a scratch card with an exposed code, or any suspicious printed material in the box, stop using the device immediately and contact the manufacturer. Legitimate manufacturers never include pre-set sensitive information with the product.
- After purchase, always perform a small test transaction first — transfer a small amount of assets to the new wallet, and only move larger sums once you have confirmed its security.
- If the manufacturer provides a verification tool or QR code, be sure to use the official website or official tools to check the integrity of the packaging and firmware, and verify the firmware version along with the device fingerprint or serial number.
- If you suspect you have been scammed, do not transfer any funds into the wallet. Keep your purchase records and packaging evidence, contact the manufacturer’s customer service immediately, and consider seeking assistance from blockchain tracing services or security companies.
The security of a hardware wallet ultimately depends on who generates and holds the seed phrase. You only truly control your assets if you personally generate the seed phrase on the device and keep it properly secured.
2. EIP-7702 Phishing
In Q3, we also assisted several users whose funds were drained in a single EIP-7702 exploitation transaction.
After analysis, we concluded that this was a classic case of EIP-7702 phishing exploitation. The process is roughly as follows: the victim’s account suffered a private key leak, and the phishing group gained control of the account’s private key. They then set up an EIP-7702 exploitation mechanism on the wallet address corresponding to that private key, delegating the address to a malicious contract to prepare for subsequent automation and batch operations. When other accounts transferred funds to this compromised account, or when the victim attempted to withdraw the remaining tokens by supplying gas, the assets were “automatically” redirected to the phishing recipient address.
Many people are still not well aware of the malicious exploitation of EIP-7702. According to data from Wintermute on May 31, 97% of EIP-7702 approvals point to malicious delegate contracts, which are designed to automatically drain funds from EOAs with compromised private keys.
The fundamental reason why such phishing attacks are so effective lies in the delegation mechanism introduced by EIP-7702 — an EOA address can be authorized to a contract, with its behavior then determined by that contract’s logic. Whether a user directly authorizes a malicious contract, is phished into granting approvals to a legitimate contract that attackers can later exploit, or suffers a private key leak that results in authorization to a malicious contract, all scenarios carry the risk of fund loss. Therefore, users must continue to prioritize private key protection. In addition, before signing, they should strive to ensure “what you see is what you sign” and carefully consider “who is being authorized and what actions they can perform.” For more guidance on mitigating the risks of EIP-7702, please refer to our previously published In-Depth Discussion on EIP-7702 and Best Practices.
3. Malicious GitHub Open-Source Projects
In Q3, we received numerous requests from users seeking assistance in analyzing the causes of their stolen wallet assets. After reviewing these cases, we found a common pattern: all the victims had used malicious open-source projects hosted on GitHub, which turned out to be the real culprits behind the asset theft. Attackers concealed malicious code within GitHub projects that appeared “popular and trustworthy,” luring users to download and run them, thereby stealing private keys or other sensitive data to ultimately drain their assets.
The first case involved a user whose entire crypto holdings were drained after running the repository zldp2002/solana-pumpfun-bot. Our analysis found that the repo’s Stars and Forks had been artificially inflated by the attacker to attract attention, but all commits in the repository were concentrated in recent weeks and showed no signs of long-term maintenance — typical “popularity-boosting” behavior. More importantly, the package-lock.json pointed to a TGZ link controlled by the attacker; the downloaded malicious package crypto-layout-utils-1.3.1.tgz was heavily obfuscated with jsjiami, and after deobfuscation we discovered it scanned the victim’s computer for files and uploaded any found private-key–type files to an attacker-controlled domain (githubshadow.xyz). The attackers also used multiple linked GitHub accounts to fork and distribute the repo and to inflate Forks/Stars, amplifying trust and spread. In some forks we also found another suspicious package, bs58-encrypt-utils-1.0.3, which was created on June 12, 2025 — we believe the attackers had begun distributing malicious NPM packages and malicious Node.js projects by that time. After bs58-encrypt-utils was taken down from NPM, the attackers switched to distributing by replacing NPM package download links.
The second case concerned a Solana open-source bot audiofilter/pumpfun-pumpswap-sniper-copy-trading-bot. This project hid suspicious code in the /src/common/config.rs configuration file, concentrated mainly in the create_coingecko_proxy() function. That function calls import_wallet(), which in turn calls import_env_var() to read environment-variable configuration from a .env file — where sensitive data such as PRIVATE_KEY is stored. Note that the malicious functionality is concealed inside code that appears related to a “price proxy” or initialization; it is presented as legitimate functionality and only triggers at startup, making it highly stealthy.
The third case is a classic mix of social engineering and technical exploitation: a community member was asked, during a first-round interview with a purported Web3 team from Ukraine, to clone a GitHub repo (https://github.com/EvaCodes-Community/UltraX) locally. The attacker had introduced an apparently innocuous but suspicious npm package rtk-logger@1.11.5 into the repository. Further analysis showed this package contains complex encryption/decryption and dynamic-execution logic: it collects extension data from mainstream browsers (Chrome, Brave, Opera, Firefox), cryptocurrency wallet files, and other sensitive user data, uploads any findings to attacker-controlled servers, may download and execute second-stage payloads (archives, Python scripts, etc.), and can even establish socket connections to receive remote commands. In other words, if an interviewee runs the interview code on a machine that contains real sensitive data, they can be fully compromised without noticing. These attacks typically combine social engineering with technical methods, causing users to fall into traps during seemingly normal operations.
Overall, these attacks are not technically sophisticated but are extremely deceptive: they often exploit “open-source trust,” “popularity effects,” or “interview requirements” to lower suspicion, and achieve data theft through methods such as dependency poisoning, obfuscated malicious packages, hidden communication interfaces, and disguising themselves as normal modules.
To identify such fraudulent open-source projects, there are several intuitive red flags to look out for:
- A mismatch between the repository’s Star/Fork count and its commit history (e.g., artificially inflated in a short period).
- Non-official tarball URLs or GitHub release links appearing in package-lock.json.
- References to packages that have been removed from NPM or never existed in the official registry.
- Code containing heavily obfuscated characters, dynamic eval, hardcoded encryption keys/IVs, or logic that reads sensitive paths such as .env, browser extensions, or Keychain and reports them over the network.
- Being forced to run an unreviewed repository or script locally during an interview or recruitment process.
A “convenient-to-execute” README, a “copy-paste-to-run” installation command, or an “interview requirement” can all serve as attack entry points. The defense recommendations are straightforward: don’t assume “the code looks fine.” Instead, make it a routine practice not to run unverified code in environments containing sensitive data. Normalize dependency auditing and isolated execution as part of your workflow — this is the most effective way to minimize such risks.
4. Social Engineering Attacks
Social engineering attacks remained prevalent this quarter — attackers use impersonation, fabricated credible backgrounds, a sense of urgency, or trust derived from “mutual acquaintances” to gradually lead victims into traps.
Some scams begin with what appears to be a normal direct message. For example, one user shared on Twitter their first encounter with a social engineering attack. The incident started when they received a seemingly credible recruitment DM from an account with many mutual followers, claiming to represent Hong Kong–licensed digital bank WeLab. The attacker then offered a part-time research/content creation position and added the victim to a Telegram group. In the group, members shared videos of airplanes taking off, provided seemingly legitimate Linktree links, and even included people with mutual followers — making the setup appear highly credible. However, the job description was vague, key individuals could not be found on LinkedIn, and group member profiles contradicted each other, all of which were red flags. Ultimately, when the attacker suggested using a niche meeting tool (KakaoVoice) instead of common platforms like Zoom or Google Meet, the victim became suspicious and successfully withdrew. After the victim raised their concerns, the entire group went silent, abruptly ending the scam. Post-incident review revealed that multiple group members had identity theft issues, contradictory profiles, or past fraud records.
Even more dangerous are sophisticated scams that combine social engineering with technical payloads. In a case involving over $1 million that we assisted AnChain.AI in handling, the attackers impersonated an HR representative from a multinational company on LinkedIn, constructing complete résumés, work histories, and brand endorsements, and conducted multiple rounds of interviews over three consecutive weeks to gain the victim’s trust. In the final stage, they asked the victim to install a so-called “camera driver” and run a compatibility test. In reality, this was a Windows malware installer: it could steal wallet. dat files, MetaMask extension caches and private keys, and implant clipboard hijacking logic (silently replacing copied addresses with the attacker’s address).
Social engineering often occurs in “rushed scenarios.” Recently, a community user fell victim to an attack disguised as a business meeting, resulting in a loss of approximately $13 million. The attackers sent a fake Zoom meeting link via Telegram; at the time, the victim hurriedly joined the meeting due to a scheduling conflict with another call and did not carefully verify whether the browser domain belonged to the official Zoom site. Meanwhile, the attackers, posing as the business meeting hosts, continuously pressured the victim during the meeting, preventing them from discerning whether upgrade prompts on the site were malicious. After gaining control of the victim’s computer, the attackers exploited features of Chrome Developer Mode to manipulate the wallet code in the victim’s browser extensions, enabling them to hijack and replace the victim’s original transaction data. The hardware wallet the victim used lacked a robust “what you see is what you sign” verification mechanism, ultimately causing the victim to sign a tampered transaction. Fortunately, rapid multi-party response prevented greater losses, but the incident highlights once again that people are most prone to mistakes under urgent or pressured circumstances. For details on how the computer was compromised, refer to the full exercise challenge provided in the Web3 phishing training platform Unphishable (#NO.0x0036) at https://unphishable.io/.
Moreover, social engineering does not always occur through fake meeting links. As mentioned in previous cases, attackers may embed malicious repositories, tampered NPM packages, or “interview question banks” into the interview process, luring candidates into running malicious code locally.
In summary, the essence of social engineering attacks lies in “getting the victim to cooperate willingly.” Whether in recruitment, business collaboration, or interview scenarios, attackers gradually build trust and seize control by crafting false identities, providing fabricated details, and creating time pressure. Compared with traditional vulnerability exploitation, these attacks are more covert and efficient. The key to defense does not lie in technical barriers but in cultivating risk awareness: maintain skepticism, verify identities, independently confirm communication channels, and remain highly vigilant whenever installing software, providing private keys, or joining unfamiliar meetings.
5. Phishing Websites
In Q3, we received multiple reports of asset losses caused by phishing websites — they often look almost identical to official pages, but their sole purpose is to trick you into making a dangerous signature or authorization, handing your assets over to the attacker.
For example, one user reported that attackers placed ads on Google, directing traffic to a fake page, misttrack[.]tools (very similar to the official misttrack.io), which prompted users to sign authorizations. This combination of “paid ads + spoofed domains” is particularly dangerous because the ads generate high traffic, increasing the likelihood of victims being targeted.
Another user, who lost $1.23 million, contacted us reporting that while searching for Aave on Google, they clicked on the top-ranked link and were directed to the phishing site app.avaea[.]eu[.]com/dashboard, resulting in their funds being stolen. Our analysis revealed that during the interaction, the user was tricked into authorizing their LP NFT to a malicious contract, ultimately causing a loss of approximately $1.23 million. The key factor here was that the phishing group exploited Uniswap’s Multicall mechanism — the transaction appeared legitimate on the surface but actually included a setApprovalForAll authorization to the phishing contract address, granting control of the victim’s LP NFT to the attacker. The attackers then used batchTransferERC721 along with calls to Collect and Multicall to drain both the principal and accrued rewards from the victim.
Another, more systematic attack method involves hijacking invitation links or documents. Discord invite links for several projects (such as KiloEx, Verisense Network, etc.) have expired and were subsequently taken over by scammers. These expired links often appear in project documentation, on CoinGecko/CoinMarketCap pages, or in historical tweets — all trusted entry points for users. Once users join a “fake group” through a hijacked invite or click on links within it, they are easily guided into signing authorizations, resulting in asset loss.
In Q3, we also discovered a type of phishing attack — commonly known as Clickfix (fake CAPTCHA + clipboard hijacking) — which warrants high vigilance. The malicious page mimics the common “I am human/VERIFY” interaction, enticing users to perform a seemingly harmless click or keystroke; once the user confirms, the page quietly places a malicious command onto the clipboard and prompts the user to paste and execute it. This leads to the download and execution of malware on the victim’s device, ultimately stealing wallet information or sensitive data. The danger of this attack lies in the fact that the interface closely resembles legitimate processes, and a simple “click” from the user can trigger a chain of disastrous consequences; moreover, the attack often combines social engineering tactics, increasing the likelihood of misjudgment.
Overall, the core of phishing attacks lies in “blurring the line between fake and real,” disguising dangerous operations within seemingly normal processes. Attackers often first create a trustworthy appearance (imitating official websites, placing ads, sending conference links), then use psychological manipulation (urgency, habitual clicking) to lower the user’s guard, ultimately guiding them to perform high-risk actions (malicious authorizations, executing code). For users, the simplest and most effective approach is: do not access critical services via search ads or links from social media history; establish official bookmarks/favorites and make it a habit to check signature content; ideally, install anti-scam tools such as ScamSniffer to assist with detection.
In Closing
Looking back at Q3, it is clear that attack methods are continuously evolving: from traditional fake hardware wallets, to malicious packages disguised as open-source projects, and then to job/interview scams and phishing websites, attackers are increasingly skilled at exploiting people’s everyday habits and trusted scenarios. Their common characteristic is usually that they appear normal — or even reasonable on the surface — but conceal high-risk operations underneath; once users let their guard down, losses are often irrecoverable.
These cases remind us that Web3 security risks do not come solely from complex technical vulnerabilities; many times, they arise from human negligence and exploited trust. Enhancing security awareness, maintaining basic skepticism, and verifying actions are the first line of defense against ever-changing attack scenarios. We recommend repeatedly reading the Blockchain Dark Forest Selfguard Handbook, which not only teaches survival skills but also imparts fundamental knowledge on avoiding becoming prey in the “dark forest.” At the same time, we suggest practicing on the Web3 phishing simulation platform Unphishable to gain hands-on experience and strengthen your ability to judge “what you see is what you sign.”
If you’ve fallen victim to cryptocurrency theft, we offer free community assistance to help evaluate your case. Simply submit the appropriate form based on the incident type (stolen funds, scam, or extortion). The hacker’s address you provide will also be shared with SlowMist InMist Lab’s Threat Intelligence Network for further risk control actions.
- Submit the Chinese form here: https://aml.slowmist.com/cn/recovery-funds.html
- Submit the English form here: https://aml.slowmist.com/recovery-funds.html
SlowMist has been deeply involved in the Anti-Money Laundering (AML) field for many years, developing a comprehensive and efficient solution that covers compliance, investigations, and audits. We are committed to fostering a healthy cryptocurrency ecosystem and providing professional services to the Web3 industry, financial institutions, regulatory bodies, and compliance departments. Our MistTrack platform offers compliance investigation services that include wallet address analysis, fund monitoring, and tracing. To date, MistTrack has accumulated over 400 million address tags, more than 1,000 address entities, 500,000+ threat intelligence data points, and 90 million+ risk addresses, providing strong protection against money laundering and ensuring digital asset security.
About SlowMist
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.
