Private key theft is no longer just a way for hackers to attack crypto users, but has become a serious business, according to GK8, a crypto custodian at Mike Novogratz’s cryptocurrency investment platform Galaxy Digital.
In a report released on Monday, GK8 detailed how private key theft has evolved into an industrialized activity, highlighting the rise of black market tools that allow perpetrators to find and steal someone’s seed phrases.
The study points to several tools, including malware infostealers and seed phrase finders, that can scan files, documents, cloud backups, and chat history to quickly extract users’ private keys, effectively giving attackers complete control of their assets.
“For the cryptocurrency industry, the use of secure storage, implementing multi-step approval processes, and enforcing separation of roles are essential to mitigating the risks posed by commercialized and constantly evolving threats,” the report states.
It all starts with malware
According to GK8, private key theft is a multi-step process that typically begins with a hacker using malware to steal large amounts of data from an infected device.
The threat actor then inputs the stolen data into automated tools to reconstruct the seed phrase and private key. After attackers identify wallets containing valuable assets, they evaluate security measures to exfiltrate funds.
“These applications perform high-precision mnemonic parsing and convert raw logs into keys, which are sold on darknet forums for hundreds of dollars,” GK8 revealed in a report.
Black Market Seed Phrase Parser Tool. Source: Galaxy’s GK8
Malware infostealers, a type of malware designed to covertly collect data from a victim’s device, have been on the rise in recent years, and macOS users are no strangers to them, according to cybercrime threat intelligence firm Kela.
Work: All
“MacOS devices, once considered relatively safe thanks to Apple’s built-in protections, remain a target for cybercriminals,” Kela said in a report published Nov. 10, adding that macOS information theft activity “looks like it will peak in 2025.”
How users can protect themselves
With private key hacking on the rise, users can protect themselves by assuming all local device data can be compromised, never storing seed phrases in digital form, using multi-party approvals for transactions, and relying on secure storage systems, GK concludes in the report.
“Minimizing the value of assets exposed to immediate exfiltration requires a healthy combination of high temperatures, low temperatures, and impenetrable vaults,” GK8 said.
Work: All
Kela warned that malware information thieves often rely on social engineering and use fake installers, harmful ads, and phishing campaigns to trick users.
Related: Arthur Hayes tells Zcash holders to withdraw from CEX and ‘protect’ their assets
“To stay safe, users should pay close attention to attachments and links, avoid software from untrusted sources, and resist scams that take advantage of macOS’ reputation for security,” Kela said.
The company also emphasized the importance of strong, unique passwords for financial apps that enable multi-factor authentication and keep macOS and all applications up to date to prevent sensitive information from being stolen by malware.
magazine: Saylor denies Bitcoin decline, XRP ETF debuts on top chart: Hodler’s Digest, November 9-15
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
