SlowMist issued a security alert on February 14, 2025, with multiple users reporting unauthorized access to their wallets. On-chain analysis shows that these incidents are related to mnemonic phrase/private key leaks. Most of the affected users had installed an application called BOM, which was proven to be a carefully disguised scam.

Malicious actors used BOM to steal private keys and mnemonic phrases, allowing them to transfer and hide the stolen assets. The SlowMist AML team and the OKX Chinese team have conducted a detailed investigation, tracked the strategies used, and provided key security recommendations to protect users.