加密貨幣騙局鏈接到新鑄造的“ $ ramaphosa”代幣，利用了南非議會的官方X，Facebook和YouTube帳戶

與新近鑄造的“ $ ramaphosa”代幣相關的加密貨幣騙局利用了南非議會的官方X，Facebook和YouTube帳戶

A cryptocurrency scam has hit South African Parliament, with hackers exploiting the institution’s official X, Facebook, and YouTube accounts on Saturday, March 15, 2025, to promote a fraudulent token.

一個加密貨幣騙局襲擊了南非議會，黑客在2025年3月15日（星期六）剝削了該機構的官方X，Facebook和YouTube帳戶，以宣傳欺詐性的令牌。

The scam, which saw the creation of a new cryptocurrency and subsequent presale promotion via hacked government channels, was part of a broader cyberattack.

該騙局是建立了新的加密貨幣，隨後通過黑客政府渠道進行了預售，這是一個更廣泛的網絡攻擊的一部分。

A review of the blockchain activity shows the token was created less than 24 hours before the hack, according to on-chain data from Solscan, Birdeye, and GeckoTerminal.

根據Solscan，Birdeye和Geckoterminal的鏈數據，對區塊鏈活動的綜述表明，該令牌是在黑客攻擊前不到24小時創建的。

Analysis of the Solana blockchain reveals that the creator of the $Ramaphosa token is the Solana wallet 73V5WCNqQRuLj2V1ryH1zNrxgthGu7HrGPDViTn1GpxK, which is explicitly tagged as the Token Creator and associated with Pump.fun, confirming that the token was launched using its smart contract system. The same wallet is linked to the @GouvofRSA account, which falsely claimed to be the “official crypto feed of Parliament of the Republic of South Africa” and was used to create at least two tokens, including $Ramaphosa and ParliamentofRSA (RSATOKEN).

對Solana區塊鏈的分析表明，$ ramaphosa代幣的創建者是Solana Wallet 73V5WCNQRULJ2V1RYH1ZNRXGTHGU7HRGPDVITN1GPXK，它被明確標記為Token Creator並與Pump.Fun prock.fun systry prosport.fun systry poster.fun systry the token prosport.fun the token the token token token token tosken token token tosken with token with token with token tosken。同一錢包與@gouvofrsa帳戶有關，該帳戶錯誤地聲稱是“南非共和國議會的官方加密飼料”，並被用來創建至少兩個令牌，包括$ ramaphosa和ramaphosa和parliamementofrsa（rsatoken）。

This is further confirmed by blockchain expert and Head of FinTech and Digital Assets at Forvis Mazars in South Africa, Wiehann Olivier.

南非的Forvis Mazars，Wiehann Olivier的區塊鏈專家和金融科技和數字資產負責人進一步證實了這一點。

“It once again points back to some of the advantages that blockchain technology has in terms of the immutability of it… any activity or transaction executed on the blockchain is traceable and open”.

“它再次指出了區塊鏈技術在它的不變性方面具有的一些優勢……在區塊鏈上執行的任何活動或交易都是可追溯且開放的”。

A screenshot showing the confirmed creator of the $Ramaphosa token @GouvofRSA. Picture: Yeshiel Panchia

屏幕截圖顯示了$ ramaphosa token @gouvofrsa的確認創建者。圖片：Yeshiel Panchia

Reviewing this wallet’s transaction history shows multiple interactions with the smart contract “splbot -> launch-your-own-memecoin.sol,” a known tool for rapidly generating Solana-based tokens. This suggests a premeditated scam, with fraudsters rapidly generating tokens and exploiting social media to attract investors.

審查該錢包的交易歷史記錄顯示了與智能合約“ Splbot - >啟動 - 自己全能的memecoin.sol”的多次互動，這是一種快速生成基於Solana的代幣的已知工具。這表明有預謀的騙局，欺詐者迅速產生令牌並利用社交媒體來吸引投資者。

The first transactions in this wallet occurred approximately seven to nine hours before the time of the hack, aligning with the timeframe and suggesting a likely connection between the two events.

該錢包中的第一筆交易發生在黑客攻擊時間之前約七到九個小時，與時間表保持一致，並提出兩個事件之間的可能連接。

A screenshot from analysis tool GeckoTerminal showing the transaction history of the $Ramaphosa token. Picture: Yeshiel Panchia

分析工具的屏幕截圖，顯示了$ ramaphosa代幣的交易歷史記錄。圖片：Yeshiel Panchia

Shortly after the hack, the wallet moved funds, suggesting an attempt to withdraw stolen liquidity before detection. An outgoing transaction of 0.8299 SOL, valued at approximately $110, matches a common pattern in crypto scams, where scammers extract as much as possible before abandoning the project. The wallet has also conducted multiple transactions with “[email protected],” a Solana-based crypto gambling site, a known method for obfuscating financial trails in cryptocurrency-related fraud.

黑客攻擊後不久，錢包搬了資金，建議試圖在發現前撤離流動性。即將發出的0.8299 SOL的交易價值約為110美元，與加密騙局中的共同模式相匹配，在放棄項目之前，騙子盡可能多地提取。該錢包還使用“ [電子郵件保護]”（一個基於Solana的加密賭博網站）進行了多項交易，這是一種已知的方法，用於使與加密貨幣相關的欺詐中的財務踪跡混淆。

Heating up the burner

加熱燃燒器

Heating up the burner further, analysis shows the same wallet has interacted with multiple other scam-like tokens, suggesting it may be part of a broader network of coordinated crypto frauds.

進一步加熱燃燒器，分析表明，相同的錢包與其他多個類似騙局的標記相互作用，這表明它可能是更廣泛的協調加密欺詐網絡的一部分。

The timing of the token creation, immediate promotion via a compromised government account, and subsequent liquidity movements indicate a deliberate attempt to exploit the credibility of Parliament’s social media presence to facilitate financial fraud.

代幣創建的時機，通過受損的政府帳戶即時促進以及隨後的流動性運動表明，有意試圖利用議會社交媒體存在的信譽，以促進金融欺詐。

Olivier did note that while the open nature of blockchain technology is useful in tracing such indicants, it’s not without obstacles; “Of course there are challenges in terms of the pseudo-anonymity of it [blockchain], in that you can’t necessarily see who executed a transaction.”

奧利維爾（Olivier）確實指出，雖然區塊鏈技術的開放性質可用於追踪這種跡象，但並非沒有障礙。 “當然，就偽匿名性而言，​​存在挑戰[區塊鏈]，因為您不一定看到誰執行了交易。”

From a security risks perspective, the $Ramaphosa token exhibits multiple high-risk indicators. The top ten wallets control a total of 99.99999999999999 percent of the token’s supply, a strong indication of centralised control and a high likelihood of a rug pull.

從安全風險的角度來看，$ ramaphosa代幣顯示了多個高風險指標。前十個錢包控制著代幣供應量的99.9999999999999％，這是集中控制的強烈跡象，並且很可能會吸引地毯。

The token is not listed on Jupiter’s Strict List, indicating a lack of credibility within Solana’s trading ecosystem. Its market cap of $3,722 and liquidity of $3,780 make it highly susceptible to price manipulation.

木星的嚴格列表中未列出該令牌，這表明在Solana的交易生態系統中缺乏信譽。它的市值為3,722美元，流動性為3,780美元，使其非常容易受到價格操縱的影響。

Most crucially, given how it was advertised, and that the price spiked and crashed within hours, matches the typical pattern of fraudulent trading schemes.

鑑於它的廣告方式，最關鍵的是，價格在數小時內飆升和崩潰，與欺詐性交易計劃的典型模式相匹配。

Tracking transactions on Raydium DEX reveals that liquidity was quickly removed shortly after trading began, another hallmark of crypto scams. This suggests the coin’s creators deliberately extracted funds before abandoning the project.

跟踪Raydium Dex的交易表明，交易開始後不久，流動性很快就被撤離，這是加密騙局的另一個標誌。這表明硬幣的創作者在放棄項目之前故意提取了資金。

The close proximity in timing between the creation of the $Ramaphosa token and the hacking of Parliament’s social media accounts suggests a well-planned financial fraud operation.

在創建$ ramaphosa代幣與議會社交媒體帳戶的黑客攻擊之間的時間緊密相鄰的時間表明，計劃經過精心計劃。

The fact that the token was rapidly generated less than 24 hours before the hack, and that the hackers immediately focused on promoting it in posts designed to deceive unsuspecting investors, aligns closely with the actions of a coordinated scam.

代幣在黑客攻擊前不到24小時就迅速產生，而黑客立即專注於在旨在欺騙毫無戒心的投資者的職位中推廣它，這一事實與協調騙局的行為緊密相符。

The timing of the token’s creation and the hacking of Parliament’s social media accounts suggests a deliberate connection. Hackers gained access to the institution’s platforms to promote the $Ramaphosa token, exploiting its credibility to deceive investors.

代幣創建的時機和議會社交媒體帳戶的黑客攻擊表明是有意的聯繫。黑客獲得了該機構平台的訪問權，以促進$ ramaphosa代幣，從而利用其欺騙投資者的信譽。