Slowmist’s MistTrack’s Stolen Funds Analysis shows that private key leaks remain the most common cause of crypto theft.

The findings indicate that 317 stolen fund reports were filed between July and September, with assets worth more than $3.73 million successfully frozen or recovered in ten of those cases.

Private Keys Remain the Core Vulnerability

The report highlights that most crypto thefts rely on compromised credentials rather than sophisticated attacks. It notes that unauthorized dealers continue to sell fake hardware wallets, which remain a common scam. These devices often contain pre-written seed phrases or have been tampered with to secretly capture recovery information, allowing attackers to access funds once victims deposit assets.

SlowMist advised users to only  purchase hardware wallets through authorized vendors, create seed phrases on their device, and try tiny transfers before transferring large sums of money. Simple checks, such as verifying packaging integrity and avoiding pre-set recovery cards, can help prevent losses.

Attackers are also developing new methods using phishing and social engineering. The report examined some occurrences of EIP-7702 delegate phishing, where compromised accounts were linked to contracts that automatically drained assets once a transfer was initiated. In such cases, victims believed they were engaging in regular activity, but hidden authorizations allowed hackers to gain control.

The analysis shows that social engineering remains a persistent threat, with phishers posing as recruiters on LinkedIn and building trust with job candidates over several weeks before convincing them to install “camera drivers” or other malicious code. In one case, attackers paired the program with a manipulated Chrome extension during a Zoom call, leading to losses of more than $13 million.

Old Phishing Scams Remain Effective

Traditional methods also continued to prove effective. Fraudulent Google ads cloned legitimate services such as MistTrack, while spoofed dashboards for decentralized finance platforms like Aave generated over $1.2 million in losses through hidden authorization requests. The exploiters also hijacked unused Discord vanity links left in project folders to trick communities.

Another attack vector disguises malicious commands as CAPTCHA verifications, tricking victims into copying code that steals wallet data, browser cookies, and private keys.

SlowMist explained that Web3 exploits are not about complex tricks but involve hackers taking advantage of everyday actions. That being said, simple actions like slowing down, double-checking sources, and avoiding shortcuts are the best ways to stay safe in a space where threats keep changing.

The post Private Key Leakage Remains the Leading Cause of Crypto Theft in Q3 2025 appeared first on CryptoPotato.