Cryptohack Roundup：610萬美元的Wemix盜竊

每週，信息安全媒體集團都會在數字資產中解決網絡安全事件。本週，610萬美元的Wemix盜竊，OKX暫停服務，佛蒙特州刪除了Coinbase Case

Cryptohack Roundup: $6.1M Wemix Theft

Cryptohack Roundup：610萬美元的Wemix盜竊

Every week, Information Security Media Group is rounding up cybersecurity incidents in digital assets. This week, Wemix was hit by a major crypto theft, siphoners targeted web3 users on Bybit and an old Trezor bug was disclosed.

每週，信息安全媒體集團都在匯總數字資產中的網絡安全事件。本週，Wemix被一次重大加密盜竊襲擊，Siphoners針對Bybit上的Web3用戶，並披露了舊的Trezor錯誤。

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

另請參閱：ondemand | NSM-8 2022年7月截止日期：抗量子算法實施的鑰匙

Wemix Hit by $6.1M Crypto Theft

Wemix受到610萬美元的加密盜竊的打擊

Hackers stole crypto tokens valued at around $6.1 million from blockchain gaming platform Wemix, Wemix CEO Kim Seok-Hwan said. The attackers targeted Wemix by exploiting stolen authentication keys used for monitoring the non-fungible token platform Nile, which were likely accessed from a compromised shared repository, according to a report by Yonhap News.

Wemix首席執行官Kim Seok-Hwan說，黑客偷了加密代幣，價值約為610萬美元。根據Yonhap News的一份報告，攻擊者通過利用用於監視不可殺死的令牌平台尼羅河的被盜身份驗證密鑰來針對Wemix，根據Yonhap News的報告，該密碼可能是從折衷的共享存儲庫中訪問的。

Over a period of more than two months, the hackers systematically executed a series of 15 withdrawal attempts, ultimately succeeding in 13, and laundered the funds through multiple exchanges.

在一個多個月的時間內，黑客系統地執行了一系列15次撤回嘗試，最終在13次取得了成功，並通過多次交流為資金洗錢。

Wemix, developed by South Korea’s Wemade, is used to integrate blockchain technology into games such as Mir4. The company had to suspend operations after the attack to migrate its infrastructure to a more secure environment. It aims to resume service by March 21.

由韓國Wemade開發的Wemix用於將區塊鏈技術集成到Mir4之類的遊戲中。攻擊後，該公司必須暫停操作，以將其基礎設施遷移到更安全的環境。它旨在在3月21日之前恢復服務。

OKX Suspends Web3 Services After Lazarus Attempt

OKX嘗試Lazarus之後的Web3服務

OKX is temporarily suspending its decentralized exchange aggregator services to implement security upgrades, following reports that North Korea’s Lazarus Group attempted to launder $100 million worth of stolen cryptocurrency on the platform.

OKX暫時暫停其去中心化的交換匯總服務以實施安全升級，此前有報導稱，朝鮮的Lazarus Group試圖在該平台上洗錢價值1億美元的被盜加密貨幣。

The move comes after a record-breaking $1.5 million heist from Bybit. Despite reports by Blockworks saying that EU regulators are investigating OKX for unregistered activity and potential breaches of European Union’s anti-money laundering regulations, a spokesperson for the exchange told The Block that they are not aware of any such probe.

此舉是在從拜比特（Bybit）獲得了創紀錄的150萬美元搶劫案之後。儘管Blockworks的報導說，歐盟監管機構正在調查OKX是否有未註冊的活動和潛在的歐盟反洗錢法規的違反，但該交易所的發言人告訴該街區，他們不知道任何此類調查。

The exchange said it detected "coordinated misuse" of its services and is taking several steps to prevent further abuse.

該交易所表示，它發現了對服務的“協調濫用”，並正在採取幾個步驟來防止進一步的虐待。

Planned security measures include a system to identify and track hacker-linked addresses on its DEX aggregator, alongside the ability to immediately block these addresses on its centralized exchange.

計劃的安全措施包括一個系統，可以在其DEX聚合器上識別和跟踪黑客鏈接的地址，並能夠在其集中式交易所中立即阻止這些地址。

It is also collaborating with blockchain explorers to enhance transparency and introduce clear labels for highlighting suspicious transactions.

它還與區塊鏈探險家合作，以提高透明度並引入清晰的標籤，以突出可疑交易。

Vermont Drops Coinbase Lawsuit After SEC Case Dropped

佛蒙特州在SEC案件下降後撤銷了Coinbase訴訟

Vermont’s Department of Financial Regulation has dropped its lawsuit against Coinbase, following the U.S. Securities and Exchange Commission’s decision to dismiss its own case against the crypto exchange.

在美國證券交易委員會決定駁回對加密貨幣交易所的案件之後，佛蒙特州的金融監管部已對Coinbase訴訟。

The state regulator was preparing to sue the exchange again in response to the SEC’s move. Vermont had accused Coinbase of offering unregistered securities through its staking service, aiming to enjoin the exchange from offering the service in the state.

國家監管機構正準備根據SEC的舉動再次起訴交流。佛蒙特州曾指責Coinbase通過其積分服務提供未註冊的證券，旨在禁止交易所提供該州的服務。

The regulator cited the SEC’s recent plans to form a task force for crypto regulation as a key factor in their decision to withdraw their show cause order without prejudice.

監管機構列舉了SEC最近的計劃，該計劃是組成加密貨幣法規的工作組，是他們決定在不偏見的情況下撤回其表演命令的關鍵因素。

Coinbase Chief Legal Officer Paul Grewal said in a statement that they are pleased to see the case being dropped and that they continue to be engaged with the SEC on forging a clear path forward for the industry.

Coinbase首席法律官Paul Grewal在一份聲明中說，他們很高興看到此案被撤銷，並且他們繼續與SEC訂婚，為行業開闢了一條清晰的道路。

The lawsuit, filed in June 2023, was part of a broader crackdown by several U.S. states on crypto firms operating without proper registration.

該訴訟於2023年6月提起，是美國幾個州在沒有適當註冊的情況下進行的加密貨幣公司更廣泛鎮壓的一部分。

Now, with several cases being dropped or dismissed and the resignation of SEC Chair Gary Gensler, crypto firms appear to be gaining some legal ground.

現在，由於有幾起案件被撤銷或駁回，而SEC主席Gary Gensler的辭職似乎正在獲得一定的法律基礎。

Earlier this year, Grewal also filed a Freedom of Information Act request to obtain details on the SEC’s crypto enforcement actions and internal deliberations under Gensler’s leadership.

今年早些時候，格雷瓦爾（Grewal）還提出了《信息自由法》的要求，以獲取有關SEC的加密執法行動和在Gensler領導下的內部審議的詳細信息。

New Remote Access Trojan Targets Crypto Wallet Extensions

新的遠程訪問Trojan目標加密錢包擴展

Microsoft has identified a new remote access Trojan called StilachiRAT which targets 20 cryptocurrency wallet extensions on Google Chrome.

微軟已經確定了一個名為Stilachirat的新的遠程訪問特洛伊木馬，該木馬針對Google Chrome上的20個加密貨幣錢包擴展。

The malware is capable of stealing sensitive data, installing programs, performing system administration tasks and more. It can also extract saved credentials from Chrome, monitor clipboard activity for sensitive information and tracks active applications.

惡意軟件能夠竊取敏感數據，安裝程序，執行系統管理任務等等。它還可以從Chrome中提取保存的憑據，監視剪貼板活動以獲取敏感信息並跟踪活動應用程序。

StilachiRAT is detected by Microsoft Defender Virus Protection as Trojan:Win32/Stilachi and Variant:Trojan/Stilachi. It uses techniques like deleting system logs (e.g., c:/windows/temp) and manipulating Windows registry settings (e.g., "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") to achieve persistence on the infected system.

Microsoft Defender病毒保護被Trojan檢測到Stilachirat：Win32/Stilachi and Variant：Trojan/Stilachi。它使用刪除系統日誌（例如，C：/Windows/Temp）和操縱Windows註冊表設置（例如，“ HKCU \ Software \ Microsoft \ Microsoft \ Windows \ CurrentVersion \ run”）等技術來實現受感染系統的持久性。

The Trojan can receive commands and report back to a remote command-and-control server, which allows attackers to perform actions like rebooting the system, stealing files, manipulating applications and more.

特洛伊木馬可以接收命令並將其報告回遠程命令和控制服務器，該服務器允許攻擊者執行諸如重新啟動系統，竊取文件，操縱應用程序等的操作。

It is programmed to connect to a specific IP address and port, with a timeout of 30 seconds for establishing the connection.

它被編程為連接到特定的IP地址和端口，以建立連接的30秒暫停。

The targeted crypto wallet extensions include:

有針對性的加密錢包擴展名包括：

MetaMask

metamask

Coinbase Wallet

Coinbase錢包

Trust Wallet

信任錢包

TronLink

Tronlink

CCVault

CCVAULT

TokenPocket

tokenpocket

IX Swap

ix交換

Guarda

警衛

Atomic

原子

Coin98

COIN98

Bitpie

CoinBurp

Coinburp

Easy

簡單的