Tricks that were once enough to protect your crypto can now be trashed

Published: 19 November 2025
criminal-crypto

Criminals have turned crypto private key thefts into a new industry. Everything is now automated through various darknet tools, a new report warns, suggesting that you assume all your local device data is compromised.

Galaxy Digital–owned crypto custody solutions provider GK8 said that these schemes now operate "like factories."

After stealer malware infects a device and collects everything from chat logs and screenshots to browser data and crypto wallet remnants, intelligent parsers detect the faintest traces of seed phrases and private keys, identifying words hidden in screenshots and reconstructing cryptographic secrets, per the report.

ADVERTISEMENT

Then, these “factories” filter confirmed keys through balance checkers that scan numerous blockchains and protocols before draining the funds. However, before the final step, criminals also evaluate safeguards such as multisig and time-locks, assessing whether rapid asset transfers are possible before detection mechanisms respond, GK8 added.

The researchers once again warned not to store private keys and seed words on internet-connected devices, especially if it’s a substantial sum. Moreover, tricks such as making an intentional typo to protect your private keys and seed words also do not work, as criminals can solve those as well by using various commercial tools.

"These applications perform high-precision mnemonic parsing, transforming raw logs into keys, and are sold for hundreds of dollars on darknet forums," the report said.

Seedkeys finder
Seedkeys finder promotion on a darknet forum. Source: GK8

Meanwhile, other tools are used to perform swift security assessments by analyzing smart contract logic, detecting and avoiding multi-signature requirements, and sometimes monitoring for incoming funds.

The researchers also found that criminals increasingly use services of CaaS (cybercrime-as-a-service) vendors, who offer complete end-to-end handling of stolen data, from parsing to fund extraction, in exchange for a commission.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

How to protect your funds

ADVERTISEMENT

The report suggests that employees and users must operate under the assumption that clipboard contents, screenshots, and text files on their devices can be entirely exfiltrated by stealers. Avoid storing seed phrases and private keys on devices entirely.

For companies, educating users on log avoidance, strengthening approval protocols, designing resilient custody systems, and implementing multi-tiered custody strategies might help as well.

Unlock more Cybernews content on YouTube

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT