BASE：詐騙者的崛起之地

Trugard Labs 揭示了困擾區塊鏈網路的一系列主要威脅，特別是在像 BASE 這樣的新興和快速成長的鏈中

A series of major threats are plaguing blockchain networks, particularly in emerging and fast-growing chains like BASE, Coinbase’s Layer 2 solution. As Trugard Labs unveils their September findings from the Xcalibur source code detection suite, they highlight the latest scams exploiting users on the BASE, Ethereum, BSC, and Polygon networks.

一系列重大威脅正困擾著區塊鏈網絡，特別是在像 BASE（Coinbase 的第 2 層解決方案）這樣新興且快速成長的鏈中。 Trugard Labs 公佈了 Xcalibur 原始碼檢測套件 9 月的調查結果，重點介紹了利用 BASE、以太坊、BSC 和 Polygon 網路上用戶的最新騙局。

The rise in politically themed meme coin scams, multi-chain vulnerabilities, and BASE’s appeal to scammers indicate a troubling pattern across decentralized finance (DeFi) networks.

政治主題迷因幣詐騙、多鏈漏洞以及 BASE 對詐騙者的吸引力的增加表明，去中心化金融 (DeFi) 網路中存在令人不安的模式。

As BASE gains popularity for its low fees, scalability, and backing by Coinbase, it’s attracting both legitimate users and bad actors. Much like the early days of Binance Smart Chain (BSC), BASE’s rapid growth has made it a hotspot for scams, thanks to its easy and affordable setup.

隨著 BASE 因其低廉的費用、可擴展性和 Coinbase 的支援而受到歡迎，它吸引了合法用戶和不良行為者。就像早期的幣安智能鏈 (BSC) 一樣，BASE 的快速增長使其成為詐騙的熱點，這要歸功於其簡單且經濟實惠的設置。

Trugard’s report warns that scammers are taking advantage of BASE’s low fees and simple token setup, making it easy for them to launch frequent, low-cost attacks. Scams range from classic “rug pulls” to politically themed meme coins, which are currently surging in popularity and exploiting investor interest during election season.

Trugard 的報告警告說，詐騙者正在利用 BASE 的低費用和簡單的代幣設置，使他們很容易發動頻繁的、低成本的攻擊。騙局範圍從經典的「拉地毯」到政治主題的迷因硬幣，這些硬幣目前在選舉季節人氣飆升，並利用了投資者的興趣。

Trugard Labs identified five high-severity vulnerabilities frequently affecting multiple blockchain networks. The first vulnerability, Hidden Mint (Controlled Mint), involves manipulative contracts that allow unauthorized minting, inflating token supply and devaluing assets. This issue was particularly widespread on BSC, Base, and Ethereum, with each network experiencing hundreds of incidents.

Trugard Labs 發現了五個經常影響多個區塊鏈網路的高嚴重性漏洞。第一個漏洞是隱藏鑄幣（受控鑄幣），涉及操縱合約，允許未經授權的鑄幣、誇大代幣供應和資產貶值。這個問題在 BSC、Base 和以太坊上尤其普遍，每個網路都發生了數百起事件。

The second vulnerability, Hidden Balance Update, lets scammers make unauthorized balance adjustments, exposing token holdings to hidden manipulation. This issue hit BSC and Base chains hard, pointing to a clear need for stronger balance update controls.

第二個漏洞是隱藏餘額更新，詐騙者可以進行未經授權的餘額調整，從而使持有的代幣暴露於隱藏的操縱之下。這個問題對 BSC 和 Base 鏈造成了沉重打擊，表明顯然需要更強的平衡更新控制。

Another major risk, Malicious Boolean Checks; a smart contracts flaw that enables scammers to halt token transfers or approvals—was especially common on Ethereum, where unauthorized transactions create a heightened risk for token holders.

另一個主要風險是惡意布林檢查；智慧合約缺陷使詐騙者能夠停止代幣轉移或批准，這在以太坊上尤其常見，未經授權的交易給代幣持有者帶來了更高的風險。

Another critical vulnerability, Digital Signature/Import Tampering, allows entities to control unapproved token burns, with Base showing the highest susceptibility. Malicious Burn Functions, allowing unchecked token destruction, also surfaced frequently on Ethereum, adding further concerns for investor security.

另一個嚴重漏洞是數位簽章/匯入篡改，允許實體控制未經批准的代幣銷毀，其中 Base 表現出最高的易受影響性。以太坊上也頻繁出現允許不受控制地銷毀代幣的惡意銷毀功能，進一步增加了對投資者安全的擔憂。

September 2024 saw a series of politically themed meme coin scams. Tokens like “Trump Vs Harris” and “Trump2024” aren’t just cashing in on political sentiment; they’re designed to generate quick profits for their creators, often leaving investors with worthless tokens.

2024 年 9 月，發生了一系列以政治為主題的迷因幣騙局。像是「Trump Vs Harris」和「Trump2024」這樣的代幣不僅僅是在利用政治情緒；它們的目的是為其創造者帶來快速利潤，但通常會為投資者帶來毫無價值的代幣。

Trugard Labs’ Xcalibur suite flagged these tokens for serious issues, such as hidden balance updates, reentrancy risks, and faulty transfer functions. These scams play on investors’ political or ideological leanings, creating a sense of urgency to buy in, only for scammers to pull out as prices rise.

Trugard Labs 的 Xcalibur 套件將這些代幣標記為存在嚴重問題，例如隱藏的餘額更新、重入風險和錯誤的傳輸功能。這些騙局利用了投資者的政治或意識形態傾向，製造了一種買入的緊迫感，但隨著價格上漲，騙子們卻紛紛退出。

Among the tokens flagged:

在標記的代幣中：

According to researchers, BASE is following a path similar to that of Binance Smart Chain (BSC) in its early days. With low fees and an easy setup, BSC became a lucrative target for cybercriminals pulling off rug pulls and pump-and-dump schemes.

研究人員表示，BASE 正在走與幣安智能鏈（BSC）早期類似的道路。憑藉低廉的費用和簡單的設置，BSC 成為網路犯罪分子實施拉高和拉高轉儲計劃的有利可圖的目標。

BASE now faces similar problems, prompted by social media hype and anonymous developers launching unverified projects. Trugard’s report highlights the influx of cloned projects and meme coins on BASE—a tactic scammers use to mislead investors by copying branding from popular projects.

由於社群媒體的炒作和匿名開發商推出未經驗證的項目，BASE 現在面臨類似的問題。 Trugard 的報告強調了 BASE 上克隆項目和模因幣的湧入——詐騙者利用這種策略通過複製熱門項目的品牌來誤導投資者。

This increase in scams on BASE and other networks is a reputational threat to Web3 projects. It risks turning away new users and preventing credible developers. However, tools like Trugard Labs’ Xcalibur suite and others can help control these threats by providing early warning signs for malicious contracts.

BASE 和其他網路上詐騙的增加對 Web3 專案的聲譽構成威脅。它有可能拒絕新用戶並阻止可信任的開發人員。然而，Trugard Labs 的 Xcalibur 套件等工具可以透過為惡意合約提供早期預警訊號來幫助控制這些威脅。

In the meantime, users should exercise caution and apply common sense to protect against the growing number of scams, especially with new tokens promising quick returns. Trugard’s findings serve as a reminder that DeFi is not immune to cybersecurity threats, urging the blockchain community to prioritize security alongside growth in this vibrant space.

同時，用戶應謹慎行事並運用常識來防範越來越多的詐騙，尤其是承諾快速回報的新代幣。 Trugard 的發現提醒人們，DeFi 無法免受網路安全威脅，敦促區塊鏈社群在這個充滿活力的領域將安全性和成長放在首位。