巴西技術團隊追回網路攻擊中被偷走的 20 萬美元

包括 Web3 新創公司 Lumx 的 Afonso Dalvi 在內的一組巴西開發者與檢察官 Alexandre Senra 合作，從一名洩露了受害者錢包的剝削者手中追回了 20 萬美元。經過五個多月的不懈努力，他們開發了Flashbot，並利用「三明治攻擊」捕獲了鎖定在DeFi應用程式中的被盜資金，並將其返還給受害者。

Brazilian Developers Recover $200,000 Stolen from Victim in Coordinated Effort

巴西開發商協力追回受害者被盜的 20 萬美元

In a remarkable display of collaboration and technical prowess, a team of Brazilian software engineers, public prosecutors, and white hat hackers have successfully recovered over $200,000 in cryptocurrency stolen from a victim in a sophisticated cyberattack. The intricate operation, which spanned five months and involved a high-stakes race against time, culminated in the restoration of the victim's funds.

由巴西軟體工程師、檢察官和白帽駭客組成的團隊出色地展示了協作和技術實力，成功追回了在一次複雜的網路攻擊中從受害者身上竊取的超過 20 萬美元的加密貨幣。這場錯綜複雜的行動歷時五個月，是一場與時間的高風險賽跑，最終追回了受害者的資金。

The nightmare began when the victim's cryptocurrency wallet was compromised by an exploiter, who swiftly siphoned all available Ether (ETH). Desperate to recoup their losses, the victim reached out to public prosecutor Alexandre Senra for assistance. Recognizing the complexity of the challenge, Senra enlisted the expertise of Afonso Dalvi from Web3 startup Lumx and other developers to form a task force dedicated to recovering the stolen assets.

當受害者的加密貨幣錢包被攻擊者攻破時，惡夢就開始了，攻擊者迅速抽走了所有可用的以太幣（ETH）。受害者迫切希望挽回損失，向檢察官亞歷山大·森拉尋求幫助。在意識到這項挑戰的複雜性後，Senra 聘請了 Web3 新創公司 Lumx 的 Afonso Dalvi 和其他開發人員的專業知識，組成了一個專門負責追回被盜資產的工作小組。

The initial hurdle lay in persuading the victim to surrender their private key, a critical component for accessing the funds. "Convincing someone to hand over the keys to their treasure is a daunting task, and it took two weeks of meticulous negotiation," explained Dalvi.

最初的障礙在於說服受害者交出私鑰，這是獲取資金的關鍵組成部分。達爾維解釋說：“說服某人交出寶藏鑰匙是一項艱鉅的任務，花了兩週時間進行細緻的談判。”

Undeterred by the initial setback, the team devised a comprehensive strategy to retrieve the remaining funds, which were locked in three decentralized finance (DeFi) applications: Pendle, Radiant, and a staking service for the PAAL AI token.

該團隊並沒有被最初的挫折嚇倒，而是製定了一項全面的策略來收回剩餘的資金，這些資金被鎖定在三個去中心化金融（DeFi）應用程式中：Pendle、Radiant 和PAAL AI代幣的質押服務。

Pendle, known for its 54-day lock feature, presented a significant challenge. The exploiter had shrewdly utilized this mechanism to delay the team's access to the funds. However, the developers developed a flashbot, an automated tool designed to execute blockchain transactions swiftly, to capture the funds upon the expiration of the lock period.

Pendle 以其 54 天鎖定功能而聞名，這是一個重大挑戰。剝削者精明地利用了這個機制來拖延團隊取得資金的時間。然而，開發人員開發了一個flashbot，這是一種自動化工具，旨在快速執行區塊鏈交易，以在鎖定期到期時獲取資金。

"We initially attempted the capture manually, underestimating the exploiter's experience. He proved to be a formidable adversary," admitted Dalvi. "We swiftly pivoted our approach and ultimately succeeded in securing the funds during subsequent unlocking events."

「我們最初嘗試手動捕獲，低估了剝削者的經驗。事實證明，他是一個強大的對手，」達爾維承認。 “我們迅速調整了方法，最終在隨後的解鎖活動中成功獲得了資金。”

Meanwhile, the team used a "scavenging bot" to monitor the victim's wallet for incoming transactions, intercepting any funds sent by the exploiter before he could use them to unlock and extract the remaining assets. The scavenging bot proved particularly effective in capturing the daily yield generated by the locked funds, amounting to approximately $130 per day.

同時，該團隊使用「清理機器人」來監控受害者錢包中的傳入交易，攔截攻擊者發送的任何資金，然後再使用它們來解鎖和提取剩餘資產。事實證明，該清理機器人在捕獲鎖定資金產生的每日收益方面特別有效，每天約為 130 美元。

"The exploiter consistently attempted to seize these funds, making the competition within the victim's wallet even more intense," noted Deps.

「剝削者不斷試圖奪取這些資金，使得受害者錢包內的競爭更加激烈，」德普斯指出。

Despite the persistent efforts of the exploiter, the developers' superior technical capabilities and unwavering determination proved decisive. They successfully applied maximum value extraction (MEV) tactics to outmaneuver the exploiter, paying exorbitant gas fees to expedite the recovery process.

儘管開發者堅持不懈地努力，但開發者卓越的技術能力和堅定不移的決心證明了這一點。他們成功地應用了最大價值提取（MEV）策略來智取剝削者，支付高昂的天然氣費用來加快恢復過程。

"We faced a formidable opponent, but we refused to give up," stated Senra. "The successful recovery of the victim's funds is a testament to the resilience and ingenuity of our team."

「我們面臨著強大的對手，但我們拒絕放棄，」森拉說。 “成功追回受害者資金證明了我們團隊的韌性和聰明才智。”

The stolen funds have been progressively returned to the victim, with the exception of approximately $20,000 still stored on Radiant. The team is actively coordinating with the Radiant team to facilitate the complete restoration of the victim's assets.

被盜資金已逐步返還給受害者，但 Radiant 上仍儲存約 2 萬美元。該團隊正在積極與Radiant團隊協調，以促進受害者資產的徹底恢復。

The successful recovery operation highlights the growing sophistication of blockchain security measures and the crucial role played by ethical hackers and developers in safeguarding the digital realm. It also underscores the importance of collaboration and the sharing of expertise to combat the evolving threats posed by cybercriminals.

這次成功的復原行動凸顯了區塊鏈安全措施的日益複雜以及道德駭客和開發人員在保護數位領域中發揮的關鍵作用。它還強調了合作和分享專業知識以應對網路犯罪分子不斷變化的威脅的重要性。