-
Crypto hacking tactics remain technically stagnant but have evolved into more psychologically manipulative schemes, warns SlowMist’s head of operations.
-
The rise in offchain attack vectors such as malicious browser extensions and tampered hardware wallets signals a shift in how hackers exploit crypto users’ trust and behavior.
-
Lisa from SlowMist highlights that attackers increasingly leverage social engineering, exploiting user anxiety and urgency to bypass traditional security measures.
SlowMist reveals Q2 crypto hacks focus on psychological manipulation via fake extensions, tampered wallets, and social engineering, shifting security risks offchain.
Emergence of Malicious Browser Extensions as a New Crypto Security Threat
In Q2, SlowMist identified a troubling trend where hackers deploy malicious browser extensions disguised as security tools, such as the “Osiris” Chrome extension. Ostensibly designed to protect users from phishing, these extensions instead intercept and replace legitimate software downloads with malware. This sophisticated deception exploits user trust by masking malicious files as originating from reputable sites like Notion or Zoom, making detection nearly impossible for average users.
The impact is severe: once installed, these extensions harvest sensitive data including Chrome browser information and macOS Keychain credentials. This data breach can expose private keys, seed phrases, and login credentials, effectively granting attackers full access to victims’ crypto assets. This shift from onchain to offchain attack surfaces underscores the need for heightened vigilance around browser security and software authenticity.
Psychological Manipulation: The New Frontier in Crypto Attacks
SlowMist’s analysis reveals that while hacking techniques themselves have not drastically advanced, the psychological tactics employed have become more refined. Attackers exploit user anxiety by creating scenarios that pressure victims into hasty decisions. For example, sending tampered hardware wallets under the guise of giveaways or urgent security warnings preys on users’ fear of losing assets.
One notable case involved a victim losing $6.5 million after purchasing a compromised cold wallet promoted on TikTok. Another involved pre-activated hardware wallets that allowed immediate fund theft upon asset transfer. These incidents highlight how social engineering combined with physical device manipulation can bypass even the most security-conscious users.
Social Engineering and Phishing: Exploiting Trust Through Fake Interfaces
SlowMist also documented sophisticated phishing campaigns using cloned websites to deceive users. A prime example is a near-perfect replica of the popular Revoke Cash interface, designed to trick users into submitting private keys under the pretense of revoking risky smart contract permissions.
Investigation revealed that this phishing site utilized EmailJS to funnel sensitive information directly to attackers, bypassing technical complexity by relying on emotional triggers such as urgency and fear. This method exemplifies how attackers capitalize on trust and panic, manipulating users into compromising their own security.
Exploiting Recent Ethereum Upgrades and Social Platforms
Additional attack vectors identified include phishing schemes targeting Ethereum’s EIP-7702 upgrade and social engineering attacks on WeChat users. By exploiting WeChat’s account recovery system, attackers impersonated legitimate users to scam contacts with fraudulent Tether (USDT) offers. These diverse tactics demonstrate the multifaceted nature of modern crypto threats, spanning blockchain protocol changes and popular communication platforms.
SlowMist’s Response and Industry Implications
During Q2, SlowMist received 429 stolen fund reports and successfully froze and recovered approximately $12 million for 11 victims. This proactive intervention highlights the importance of specialized blockchain security firms in mitigating losses and responding to evolving threats.
As crypto adoption grows, the industry must prioritize education on offchain vulnerabilities and enhance protective measures against social engineering. Users are encouraged to verify software sources rigorously, remain skeptical of unsolicited hardware offers, and avoid sharing private keys or sensitive information on untrusted platforms.
Conclusion
SlowMist’s Q2 report underscores a critical shift in crypto security: while hacking methods remain technically consistent, attackers increasingly exploit psychological manipulation and offchain vulnerabilities. This evolution demands that users and industry stakeholders adopt a holistic security approach, combining technical safeguards with heightened awareness of social engineering tactics. Staying informed and cautious remains the best defense against these sophisticated, trust-based attacks.
