存取控制違規事件呈指數級增長，敲響了加密安全警報

2024 年第一季度，存取控制違規行為在駭客攻擊中占主導地位，在 8.24 億美元的被盜金額中，損失達 6.82 億美元（83%）。值得注意的事件包括 Playdapp 洩漏（2.9 億美元）、Chris Larsen 錢包駭客攻擊（1.12 億美元）和 Orbit 鏈橋駭客攻擊（8,000 萬美元）。儘管有這些損失，但由於駭客返還資金、白帽駭客擾亂攻擊以及專案團隊採取主動安全措施，約 4.44 億美元 (54%) 被追回或凍結。

Exponential Rise in Access Control Breaches: A Wake-Up Call for Crypto Security

存取控制違規事件呈指數級增長：加密安全的警鐘

The first quarter of 2024 has witnessed a surge in cyberattacks targeting the cryptocurrency industry, with access control breaches emerging as the most prevalent and financially damaging exploit type. According to the latest report by Hacken, a leading blockchain security firm, over $824 million was stolen across 67 hacks, with breaches in access control accounting for a staggering 83% of the total funds lost, estimated at $682 million.

2024 年第一季度，針對加密貨幣產業的網路攻擊激增，存取控制漏洞成為最普遍且最具經濟破壞性的利用類型。根據領先的區塊鏈安全公司 Hacken 的最新報告，在 67 次駭客攻擊中，超過 8.24 億美元被盜，其中存取控制漏洞佔總資金損失的 83%，估計為 6.82 億美元。

Access Control Breaches Dominate the Threat Landscape

存取控制違規主導威脅格局

Access control breaches, characterized by unauthorized access to critical system components, have surpassed other exploit types as the primary means of infiltrating crypto platforms and stealing digital assets. This vulnerability has been exploited in several high-profile incidents during the first quarter of 2024, leading to massive financial losses.

以未經授權存取關鍵系統組件為特徵的存取控制漏洞已超越其他漏洞類型，成為滲透加密平台和竊取數位資產的主要手段。該漏洞已在 2024 年第一季發生的多起備受矚目的事件中被利用，導致巨額財務損失。

Four major breaches alone accounted for 66% of the total stolen funds. These include the $290 million hack of Playdapp, a blockchain gaming platform; the $112 million theft from Ripple co-founder Chris Larsen's wallet; the $80 million hack of Orbit, a cross-chain bridge; and the $63 million exploit of Munchables, a Web3 gaming protocol on Blast.

僅四起重大違規事件就佔被盜資金總額的 66%。其中包括區塊鏈遊戲平台 Playdapp 被駭客攻擊價值 2.9 億美元； Ripple 共同創辦人 Chris Larsen 的錢包被偷走 1.12 億美元；跨鏈橋 Orbit 被駭客攻擊價值 8,000 萬美元；以及 Blast 上的 Web3 遊戲協議 Munchables 的價值 6300 萬美元的漏洞。

Token Projects Bear the Brunt

代幣項目首當其衝

Token projects have become a primary target for hackers, with 19 reported incidents in Q1 2024. Other projects, including decentralized autonomous organizations (DAOs) and lending protocols, have also faced significant attacks. Gaming platforms, led by Playdapp's substantial losses, and Web3 gaming protocols like Munchables have suffered the most severe financial impacts.

代幣項目已成為駭客的主要目標，2024 年第一季報告了 19 起事件。以 Playdapp 大幅虧損為首的遊戲平台和 Munchables 等 Web3 遊戲協議遭受了最嚴重的財務影響。

Notable Individuals and Platforms Compromised

著名個人和平台受到損害

Breached wallets belonging to prominent individuals, DAOs, tokens, bridges, and centralized finance (CeFi) platforms constitute the second-largest category of losses. High-profile incidents involving figures such as Chris Larsen, Jeffrey Zirlin, and AirDAO have highlighted the vulnerability of crypto assets held in private wallets.

知名人士、DAO、代幣、橋接器和中心化金融（CeFi）平台的錢包被洩露構成了第二大損失類別。涉及 Chris Larsen、Jeffrey Zirlin 和 AirDAO 等人物的備受矚目的事件凸顯了私人錢包中持有的加密資產的脆弱性。

A Ray of Hope Amidst the Losses

損失中的一線希望

Despite the staggering losses, Hacken's report provides a glimmer of hope, revealing that approximately $444 million (54%) of the stolen funds has been successfully recovered or frozen through various measures. This includes cases where hackers have returned funds in exchange for bounties, such as in the Seneca Protocol and Dolomite hacks.

儘管損失慘重，哈肯的報告還是帶來了一線希望，顯示約 4.44 億美元（54%）的被盜資金已透過各種措施成功追回或凍結。這包括駭客返還資金以換取賞金的情況，例如塞內卡協議和白雲石黑客事件。

White Hat Hackers and Proactive Responses

白帽駭客和主動回應

White hat hackers and ethical security researchers have played a crucial role in recovering stolen funds and mitigating the impact of hacks. Their proactive actions, such as @coffeebabe_eth's intervention in the Blueberry protocol hack, have disrupted attacks and enabled the return of funds to their rightful owners.

白帽駭客和道德安全研究人員在追回被盜資金和減輕駭客影響方面發揮了至關重要的作用。他們的主動行動，例如 @coffeebabe_eth 對 Blueberry 協議駭客的干預，已經阻止了攻擊並使資金返還給合法所有者。

The concerted efforts of project teams, white hat hackers, and law enforcement agencies have significantly improved the industry's response to cyberattacks, resulting in a remarkable recovery rate of over half of the stolen funds.

專案團隊、白帽駭客和執法機構的共同努力，顯著提高了業界對網路攻擊的回應能力，被盜資金的追回率顯著超過一半。

Industry Resilience and Continued Progress

產業韌性與持續進步

Edgar Pavlovski, Hacken's Senior Blockchain Researcher, emphasized that while the total amount hacked in the first quarter of 2024 was substantial, the recovery of more than half of the stolen funds represents a significant positive development for the security and resilience of the crypto industry.

Hacken 的高級區塊鏈研究員 Edgar Pavlovski 強調，雖然2024 年第一季被駭客攻擊的總金額相當可觀，但追回一半以上被盜資金代表加密產業的安全性和彈性的重大正面發展。

"The beginning of this year spawned more of the same – losing control of one’s private key remains the largest vector of attack, accounting for 83% of all funds lost," said Pavlovski. "On the bright side, more than half of all stolen funds were either returned or frozen. This represents big advancement compared to previous years, and we expect this dynamic to continue improving over time."

Pavlovski 表示：“今年年初又出現了更多類似情況——失去私鑰控制仍然是最大的攻擊媒介，佔所有資金損失的 83%。” 「好的一面是，超過一半的被盜資金要么被退回，要么被凍結。與前幾年相比，這代表了巨大的進步，我們預計這種動態將隨著時間的推移而繼續改善。”

The industry's commitment to enhancing security measures, fostering collaboration between stakeholders, and promoting ethical hacking practices is crucial to mitigating the evolving threat landscape. By adopting proactive measures, crypto platforms and individuals can protect their assets and ensure the long-term growth and sustainability of the decentralized financial ecosystem.

該行業致力於加強安全措施、促進利益相關者之間的合作以及促進道德駭客行為，這對於緩解不斷變化的威脅情況至關重要。透過採取積極主動的措施，加密貨幣平台和個人可以保護自己的資產，並確保去中心化金融生態系統的長期成長和永續性。