Coindcx首席執行官Sumit Gupta批評Wazirx和Phemex缺乏對最近的安全漏洞的透明度

意見：Coindcx首席執行官Sumit Gupta批評了兩次主要交易所Wazirx和Phemex，因為他們對最近的安全馬褲缺乏透明度。

Sumit Gupta, the CEO of CoinDCX, has expressed his view on X about two major exchanges, WazirX and Phemex, lacking transparency regarding recent security breaches. In his opinion, this lack of transparency has had a huge impact on the crypto community with two exchanges having to deal with⁷ huge sums stolen.

Coindcx首席執行官Sumit Gupta對X表示了關於兩個主要交易所的觀點，即Wazirx和Phemex，對最近的安全違規缺乏透明度。在他看來，這種缺乏透明度對加密貨幣社區產生了巨大影響，兩次交流必須應對盜竊巨額賺錢。

Gupta feels that if both exchanges had disclosed their breaches like Bybit, the Safe vulnerability could have been caught earlier, potentially preventing Bybit’s hack.

古普塔（Gupta）認為，如果兩種交流都透露了像拜比特（Bybit）這樣的違規行為，那麼安全的脆弱性可能會早些時候被抓住，並有可能阻止拜比特（Bybit）的黑客攻擊。

Unpopular Opinion: If WazirX and Phemex had disclosed all of their security breach details openly and transparently as Bybit did, the Safe{wallet} infra vulnerability could have been caught, and the Bybit hack could have been prevented. @benbybitOne thing common in these 3…— Sumit Gupta (CoinDCX) (@smtgpt) February 26, 2025

不受歡迎的意見：如果Wazirx和Phemex像Bybit一樣公開，透明地透露了所有安全漏洞，那麼可以抓住安全的{Wallet} Infra脆弱性，並且本來可以阻止Bybit Hack。 @benbybitone在這3…中常見的東西 - Sumit Gupta（Coindcx）（@smtgpt）2025年2月26日

Bybit recently suffered a $1.4 billion security breach where hackers exploited Gnosis Safe multisig wallet vulnerabilities using delegatecall to modify transactions and steal cash.

拜比特（Bybit）最近遭受了14億美元的安全漏洞，黑客使用授權的gnosis安全多西格錢包脆弱性，以修改交易並竊取現金。

Bybit disclosed the attack specifics enabling other platforms to strengthen their security. Meanwhile, Safe (formerly Gnosis Safe) acknowledged the issue, began an investigation, and is working on security enhancements while urging users to follow best practices.

Bybit透露了攻擊細節，使其他平台能夠加強其安全性。同時，安全（以前是GNOSIS安全）承認了這個問題，開始了調查，並正在努力提高安全性，同時敦促用戶遵循最佳實踐。

In July 2024, WazirX encountered a vulnerability amounting to $230 million when hackers exploited flaws in its Gnosis Safe multisig wallet for illegal payment transfers.

2024年7月，Wazirx遇到了一個脆弱性，當時黑客在其Gnosis Safe Multisig Wallet中利用缺陷進行非法付款轉移時，遇到了2.3億美元。

In April 2024, Phemex was hacked leading to losses of over $100 million. The assault followed a similar pattern with hackers using rogue smart contracts to alter transactions and steal cash.

2024年4月，Phemex被黑客入侵，導致損失超過1億美元。突擊遵循類似的模式，黑客使用Rogue Smart合同來改變交易並竊取現金。

Gupta observed that the three incidents in this hack had a common factor being the involvement of Gnosis Safe multisig wallets. Hackers exploited delegatecall vulnerabilities in these wallets to modify contract storage and steal funds.

古普塔（Gupta）觀察到，該黑客中的三起事件具有一個共同的因素，是gnosis安全的多西格錢包的參與。黑客在這些錢包中利用了授權漏洞來修改合同存儲並竊取資金。

He explained, “The attack deployed malicious smart contracts in advance to do a masked upgrade, containing hidden backdoors and the ability to manipulate contract storage and steal funds by executing unauthorized transfers by setting the ‘operation’ field to 1 (delegatecall) instead of 0 (call).”

他解釋說：“襲擊事先部署了惡意的智能合約，以進行蒙面升級，包含隱藏的後門以及通過將“操作”字段設置為1（delegatecall）而不是0來操縱合同存儲和竊取資金的能力，而不是0 （稱呼）。”

CoinDCX has implemented strong security measures to prevent such attacks as assured by Gupta. The exchange does not use Gnosis Safe wallets, reducing the risk of similar exploits.

CoindCX採取了強有力的安全措施，以防止Gupta保證的攻擊。該交換不使用GNOSIS安全錢包，從而降低了類似利用的風險。

Additionally, CoinDCX does not use smart contracts for fund transfers, which helps avoid risks like proxy attacks and delegatecall exploits. All transactions require manual approval to enhance security and prevent unauthorized fund movements.

此外，CoindCX不將智能合約用於基金轉移，這有助於避免諸如代理攻擊和授權攻擊之類的風險。所有交易都需要手動批准，以增強安全性並防止未經授權的基金移動。

Lastly, Gupta emphasized, “Hackers are getting quite active these days! We and our security team are always on our toes when it comes to security. Stay safe!”

最後，古普塔強調：“這些天黑客變得非常活躍！在安全方面，我們和我們的安全團隊始終處於我們的腳趾上。保持安全！”