Private Key Theft is no longer just another way for hackers to attack crypto users—it’s become an entire business, according to GK8, a crypto security expert owned by Mike Novogratz’s Galaxy Digital investment platform.
In a report Published Monday, GK8 detailed how Private key Theft has evolved into an industrialized operation, featuring the rise of black market tools that allow perpetrators to find and steal a person’s seed phrase.
The study pointed to several tools, such as malware infostealers and seed phrase finders, that can scan files, documents, cloud backups and chat histories to quickly retrieve a user’s private key, Effectively giving attackers full control over their assets.
“For the crypto industry, the use of safekeeping, implementation of multi-step approval processes, and implementation of paper separation are essential to mitigate the risk of commercially acquired and constantly evolving threats,” the report states.
It all starts with malware
According to GK8, private key theft is a multi-stage process that usually starts with hackers using malware to steal large amounts of data from an infected device.
Threat actors then feed the stolen data to automated tools that reconstruct seed phrases and private keys. After identifying wallets that contain valuable assets, attackers assess security measures to drain the funds.
“These applications perform high-precision mnemonic parsing, transforming raw logs into keys, and are sold for hundreds of dollars on Darknet forums,” GK8 revealed in the report.
Malware infostealers, a type of malware designed to silently harvest data from victims’ devices, have increased in recent years, and MACOS users are not immune, according to cybercrime threat intelligence firm KELA.
“While considered relatively safe due to Apple’s built-in protections, macOS devices are still a target for cybercriminals,” Kela said In a report published on November 10, stating that macOS infostealer activity “appears to peak in 2025.”
How users can protect themselves
Amidst the rise of private key hacks, users can protect themselves by assuming that all local device data can be compromised, Never store seed phrases in digital formusing multiparty approval for transactions and relying on safe custody systems, GK concluded in its report.
“A healthy combination of hot, cold, and inevitable vault storage is necessary to reduce the amount of property exposed to an immediate drain,” says GK8.
Kela warns that malware infostealers often rely on Social Engineeringusing fake installers, Toxic adsor phishing campaigns to trick users.
Related: Arthur Hayes tells Zcash holders to withdraw from CEXs and ‘Shield’ assets
“To stay safe, users should be wary of attachments and links, avoid software from untrusted sources, and prevent scams that take advantage of macOS’ reputation for security,” Kela said.
The firm also emphasized the importance of strong, unique passwords for financial apps, enabling multifactor authentication and keeping macOS and all applications up to prevent malware from stealing sensitive information.
Magazine: Saylor Denies Bitcoin Sell-Off, XRP ETF Debut Tops Chart: Hodler’s Digest, Nov. 9-15
