即使是高級加密貨幣投資者也成為網路釣魚攻擊的受害者，因為（又一次）損失了數百萬美元

這是用戶常見的錯誤，如果使用促進這些攻擊的加密貨幣，即使是具有先進知識的投資者也會受到影響。

Someone lost (yet another) millions of dollars’ worth of funds to a phishing attack while using decentralized finance (DeFi). This is a common mistake among users, affecting even investors with advanced knowledge if using cryptocurrencies that facilitate these attacks.

有人在使用去中心化金融（DeFi）時因網路釣魚攻擊而損失了（又）數百萬美元的資金。這是用戶常見的錯誤，如果使用促進這些攻擊的加密貨幣，即使是具有先進知識的投資者也會受到影響。

In this most recent event, the Ethereum address ‘0xAA1582084c4f588eF9BE86F5eA1a919F86A3eE57‘ lost 12,083.6 spEWTH, valued at $32.33 million. Ethereum’s blockchain registered the transaction to two addresses labeled “Fake Phishing” on September 28 at 6:15 a.m. UTC.

在最近的這次事件中，以太坊地址「0xAA1582084c4f588eF9BE86F5eA1a919F86A3eE57」損失了 12,083.6 spEWTH，價值 3,233 萬美元。以太坊區塊鏈於世界標準時間 9 月 28 日上午 6:15 將交易記錄到兩個標有「假網路釣魚」的地址。

Finbold consulted the Arkham Intelligence database, which suggests the address belongs to Shixing Mao, also known as DiscusFish on X. Right now, it still holds $8.25 million worth of tokens, of which $2.85 million are in DAI stablecoin.

Finbold 查閱了 Arkham Intelligence 資料庫，顯示該地址屬於 Shixing Mao（X 上的 DiscusFish）。

Notably, Shixing Mao is an experienced crypto executive and co-founder of F2Pool and Cobo. If this address truly belongs to Mao, it is yet another cautionary tale about how even experts can fall victim to such attacks – urging the need to find universal solutions to avoid similar events.

值得注意的是，毛世興是一位經驗豐富的加密貨幣主管，也是 F2Pool 和 Cobo 的共同創辦人。如果這個演講確實屬於毛澤東，那麼這又是一個警示故事，說明即使是專家也可能成為此類攻擊的受害者——敦促需要找到通用解決方案以避免類似事件。

1 in 7 crypto investors were victims of Phishing

七分之一的加密貨幣投資者是網路釣魚的受害者

A survey from WalletConnect shows that nearly one in every seven cryptocurrency users has fallen victim to a phishing attack. According to WalletConnect, 14.4% of respondents said, “Yes, I have lost crypto due to a phishing attack or scam.”

WalletConnect 的一項調查顯示，近七分之一的加密貨幣用戶成為網路釣魚攻擊的受害者。據 WalletConnect 稱，14.4% 的受訪者表示，“是的，我由於網路釣魚攻擊或詐騙而丟失了加密貨幣。”

Accounts on X have reported some of the big numbers crypto investors lost while interacting with malicious contracts or addresses. A recent example involves Scam Sniffer‘s report on July 23 of a $4.69 million loss of Pendle (PENDLE) re-staking tokens.

X 上的帳戶報告了一些加密貨幣投資者在與惡意合約或地址互動時損失的大量資金。最近的一個例子是 Scam Sniffer 於 7 月 23 日報告的 Pendle (PENDLE) 重新質押代幣損失 469 萬美元。

Also, the $55 million DAI loss to a phishing attack Lookonchain reported on August 21, urging users to double-check transactions. In the first half of 2024, Scam Sniffer identified over $314 million stolen across Ethereum Virtual Machine (EVM) chains.

此外，Lookonchain 於 8 月 21 日報道稱，DAI 因網路釣魚攻擊而損失了 5,500 萬美元，敦促用戶仔細檢查交易。 2024 年上半年，Scam Sniffer 發現以太坊虛擬機器 (EVM) 鏈上的價值超過 3.14 億美元被盜。

On Finbold, we have reported plenty of these cases. Namely related to the TON ecosystem, Tether freezing suspicious activity, and the attacker who returned stolen wBTC.

在芬博爾德，我們已經報告了許多這樣的案例。即與 TON 生態系統、Tether 凍結可疑活動以及歸還被盜 wBTC 的攻擊者有關。

Yet, these are only part of a broader issue that costs users worldwide millions of dollars. Surprisingly, newer but less popular technologies and crypto protocols are already partially mitigating this issue.

然而，這些只是一個更廣泛問題的一部分，使全球用戶損失了數百萬美元。令人驚訝的是，較新但不太流行的技術和加密協議已經部分緩解了這個問題。

How to avoid phishing attacks and wallet drains on DeFi?

如何避免 DeFi 上的釣魚攻擊和錢包流失？

Essentially, most of these attacks are due to human error, exploited in different ways. For example, connecting a wallet to a malicious application or signing a malicious permission or transaction.

從本質上講，大多數這些攻擊都是由於人為錯誤造成的，並以不同的方式被利用。例如，將錢包連接到惡意應用程式或簽署惡意許可或交易。

The most natural way to avoid falling victim to a phishing attack or wallet drain is to double-check websites and understand what you are signing up for, literally. For that, users can prioritize wallets and protocols with easily readable transaction signing, disclosing the action in detail.

避免成為網路釣魚攻擊或錢包流失受害者的最自然方法是仔細檢查網站並從字面上理解您正在註冊的內容。為此，用戶可以透過易於閱讀的交易簽名來優先考慮錢包和協議，並詳細披露操作。

However, more advanced technologies have already developed built-in solutions for crypto protocols that help prevent human errors, focusing on security.

然而，更先進的技術已經開發了加密協定的內建解決方案，有助於防止人為錯誤，並專注於安全性。

Native assets prevent phishing and wallet drains

原生資產可防止網路釣魚和錢包流失

Popular blockchains like Ethereum (ETH), BNB Chain (BNB), Solana (SOL), Tron (TRX), Avalanche (AVAX), Algorand (ALGO), and Near (NEAR) all use a model where tokens work differently from their native assets, functioning through smart contract calls that require a previous special permission to move the funds.

以太坊(ETH)、BNB Chain (BNB)、Solana (SOL)、Tron (TRX)、Avalanche (AVAX)、Algorand (ALGO) 和Near (NEAR) 等流行區塊鏈都使用代幣與原生代幣工作方式不同的模型資產，透過智能合約呼叫運行，需要事先獲得特殊許可才能轉移資金。

Dave, also known as DBCrypto, commented about this model with Finbold.

Dave（也稱為 DBCrypto）與 Finbold 評論了該模型。

“The smart contract-based token model found on Ethereum, L2’s, and EVM chains is not only inefficient but also insecure, delaying Web3 adoption.”

“以太坊、L2 和 EVM 鏈上基於智能合約的代幣模型不僅效率低下，而且不安全，延遲了 Web3 的採用。”

On the other hand, chains like Cardano (ADA), Sui (SUI), MultiversX (EGLD), and Radix (XRD) use a native-asset token model. In this model, all tokens behave as native assets within the protocol, not requiring database permissions that can be exploited. Users need to sign every transaction to move tokens in their ownership, creating another layer of security.

另一方面，Cardano (ADA)、Sui (SUI)、MultiversX (EGLD) 和 Radix (XRD) 等鏈使用原生資產代幣模型。在此模型中，所有代幣都充當協議內的本機資產，不需要可利用的資料庫權限。用戶需要簽署每筆交易才能轉移其所有權中的代幣，從而創建另一層安全性。

Interestingly, users can now benefit as developers take a more careful look toward security concerns, phishing attacks, and token models. At one point, investors will inevitably need to choose whether they accept the old standards or migrate to the newer ones in the competitive and innovative free market that is crypto.

有趣的是，隨著開發人員更加仔細地關注安全問題、網路釣魚攻擊和令牌模型，用戶現在可以受益。在某個時刻，投資者將不可避免地需要選擇是否接受舊標準還是在競爭性和創新的加密貨幣自由市場中遷移到新標準。