According to GK8, a cryptocurrency custody expert under Mike Novogratz's cryptocurrency investment platform Galaxy Digital, private key theft is no longer just another way for hackers to attack cryptocurrency users—it has become a mature business.

In a report released on November 17, GK8 detailed how private key theft has evolved into an industrial operation, highlighting the rise of black market tools that enable criminals to locate and steal others' mnemonic phrases.

The study pointed out several tools, such as malicious information-stealing software and mnemonic phrase finders, which can scan files, documents, cloud backups, and chat logs to quickly extract users' private keys, effectively allowing attackers to gain complete control over their assets.

"For the cryptocurrency industry, using secure custody, implementing multi-step approval processes, and enforcing role separation are crucial to reducing the risks posed by this commercialized and constantly evolving threat," the report noted.

According to GK8, private key theft is a multi-stage process that typically begins with hackers using malware to steal large amounts of data from infected devices.

Threat actors then input the stolen data into automated tools to reconstruct mnemonic phrases and private keys. After identifying wallets containing valuable assets, attackers assess security measures to drain funds.

"These applications perform high-precision mnemonic phrase parsing, converting raw logs into keys and selling them on dark web forums for hundreds of dollars," GK8 revealed in the report.

According to Kela, a cybercrime threat intelligence company, malicious information-stealing software—a type of malware designed to quietly collect data from victims' devices—has been on the rise in recent years, with macOS users not being spared.

"Although macOS devices were once considered relatively secure due to Apple's built-in protections, they remain targets for cybercriminals," Kela stated in a report released on November 10, noting that macOS information theft activities "seem to peak in 2025."

In light of the increasing number of private key hacking attacks, users can protect themselves by assuming that all local device data may be compromised, never storing mnemonic phrases in digital form, using multi-party approval for transactions, and relying on secure custody systems, GK8 summarized in its report.

"A healthy combination of hot storage, cold storage, and impenetrable vault storage is necessary to minimize exposure to the risk of immediate asset depletion," GK8 stated.

Kela warned that malicious information-stealing software often relies on social engineering, using fake installers, malicious ads, or phishing activities to deceive users.

"To stay safe, users should be extremely cautious with attachments and links, avoid using software from untrusted sources, and resist scams that exploit macOS's security reputation," Kela advised.

The company also emphasized the importance of setting strong and unique passwords for financial applications, enabling multi-factor authentication, and keeping macOS and all applications updated to prevent malware from stealing sensitive information.

Related: Mastercard partners with Polygon to convert cumbersome crypto addresses into simple usernames

Original article: “GK8 Warns: Cryptocurrency Private Key Theft Has Become an Industrial Threat”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。