According to available data, Regtech firm SlowMist noted that the MistTrack Team received a total of 317 stolen fund reports during the third quarter of this year, which reportedly includes 245 local submissions as well as 72 different international submissions.
The team has now provided community-level assessment services for all of these cases. As clarified in the update, this data only includes cases “submitted via the form, and does not cover those reported via email or other channels.”
In Q3 of this yaer, the MistTrack Team has reportedly assisted 10 victims in successfully “freezing or recovering approximately $3.73 million in stolen assets.”
Among all malicious tactics observed in Q3 2025, Private key leakage is said to have became the “top cause of stolen assets.”
The update also examined several representative cases in order to help everyone better avoid potential traps, hopefully prevent more theft, and protect their valuable assets.
This quarter, the team said that they have again identified several different theft cases resulting from unsuspecting victims obtaining fake hardware wallets. One particular victim had bought an “imToken Secure Cold Wallet” for 618 RMB from a non-official merchant known as “ConsenShop Studio.”
Soon after transferring 4.35 BTC into the wallet, the assets had been pilfered.
These scams are fairly straightforward but very dangerous — not relying on advanced hacking, but on “information asymmetry and psychological manipulation.” Fraudseters pre-set the seed phrase or PIN prior to when the victim receives the device, so after assets get transferred, they go right into the malicious attacker’s pocket.
The usual modus operandi goes something like this: scammers first acquire a genuine device via the official channels, then proceed to unbox and activate it, noting down the seed phrase that is generated.
After this, they act deceptively by replacing the instruction manual, insert a counterfeit seed phrase card or scratch card, and then reseal the packaging with professional tools in order to make it seem “brand-new and unopened,” just prior to selling it at a low price via unofficial channels like social media, livestream digital commerce, or various second-hand online marketplaces.
In certain cases, they simply place a pre-printed seed phrase card inside the box, baiting unsuspecting users into “restoring” their crypto wallet with that phrase; others claim that scratching the card will reveal a unique PIN or activation code, or state that “a hardware wallet does not require a seed phrase.”
Regardless of the actual method being used, the outcome is said to be pretty much the same: the user falsely believes they are in control of the digital wallet, however in reality (and very concerningly) the private keys are already in the scammer’s hands, and any funds transferred are like a direct gift to the malicious actor.