駭客入侵均衡器 DEX，偷偷耗盡用戶資金

5 月 14 日，一名駭客利用去中心化交易所 Equalizer，透過不被注意的小額交易耗盡用戶資金。該駭客的錢包創建於 222 天前，迄今已收到超過 2,353 個 EQUAL 和各種其他代幣。該漏洞始於 2,500 個 SpookySwap 流動性代幣被盜，導致數百萬其他代幣遺失。這次駭客攻擊導致 EQUAL 的市值下降 11%。 Equalizer 團隊正在調查該事件，並建議用戶停止與交易所互動並撤銷批准，以防止進一步損失。

Hacker Exploits Equalizer DEX, Drains User Funds in Stealthy Scheme

駭客利用均衡器 DEX，秘密竊取用戶資金

On May 14, a malicious actor launched an audacious attack against the decentralized exchange (DEX) Equalizer, siphoning user funds through a series of covert transactions. The theft remained undetected until the Equalizer team issued a public warning urging users to cease interactions with the exchange.

5 月 14 日，一名惡意攻擊者對去中心化交易所（DEX）Equalizer 發起了大膽攻擊，透過一系列隱藏交易吸走了用戶資金。直到 Equalizer 團隊發佈公開警告，敦促用戶停止與交易所互動之前，竊盜事件仍未被發現。

At the time of reporting, the hacker has accrued approximately 2,353 Equalizer (EQUAL) tokens and an assortment of other crypto assets belonging to unsuspecting users. Despite the relatively low value of the stolen tokens, the attacker's cunning approach allowed them to pilfer funds under the radar, evading detection for an extended period.

截至報告發佈時，駭客已累積了約 2,353 個 Equalizer (EQUAL) 代幣以及屬於毫無戒心的用戶的各種其他加密資產。儘管被盜代幣的價值相對較低，但攻擊者的狡猾方法使他們能夠在雷達下竊取資金，從而長時間逃避偵測。

Investigations reveal that the hacker's illicit activities commenced on May 14 at approximately 4:10 am UTC, with the drainage of 2,500 SpookySwap liquidity tokens (spLP). This initial breach paved the way for the subsequent theft of numerous other tokens from unsuspecting users.

調查顯示，駭客的非法活動於世界標準時間 5 月 14 日凌晨 4:10 左右開始，導致 2,500 個 SpookySwap 流動性代幣 (spLP) 被流失。這一最初的違規行為為隨後從毫無戒心的用戶手中竊取大量其他代幣鋪平了道路。

To date, the hacker has amassed a sizable haul, including:

迄今為止，駭客已經累積了大量訊息，包括：

• 2,353 EQUAL across five transactions
• 510,579 FantomStarter (FS)
• 2,500 spLP
• 6 million AnyInu (AI)
• 985,565 ChillPill (CHILL)
• 50,000 WigoSwap (WIGO)
• 25 multiDEUS (DEUS)

The brazen attack has taken its toll on the EQUAL token price, which has plummeted nearly 11% on the day to hover around $8.90. To exacerbate the situation, a scammer seized the opportunity to create a fraudulent Equalizer X account, deceptively advertising a non-existent refund scheme for affected users.

五筆交易中2,353 EQUAL510,579 FantomStarter (FS)2,500 spLP6 百萬AnyInu (AI)985,565 ChillPill (CHILL)50,000 WigoSwap (WIGO)25 multiDEUS (DEUS)50,000 WigoSwap (WIGO)25 multiDEUS (DEUS)50,000 WigoSwap (WIGO)25 multiDEUS (DEUS)50,000 WigoSwap (WIGO)25 multiDEUS (DEUS)這次無恥暴跌近當日漲幅 11%，徘徊在 8.90 美元附近。為了加劇這種情況，詐騙者抓住機會創建了一個欺詐性的 Equalizer X 帳戶，欺騙性地為受影響的用戶宣傳了一個不存在的退款計劃。

While the investigation into the exploit continues, the Equalizer team is actively working to ascertain the scope and nature of the breach. Through the Equalizer Discord channel, the team has issued a stern warning to users, urging them to implement immediate protective measures:

在漏洞的調查仍在繼續的同時，Equalizer 團隊正在積極努力確定漏洞的範圍和性質。透過Equalizer Discord頻道，團隊已向使用者發出嚴厲警告，敦促他們立即實施防護措施：

"If connecting to the dapp [[Connect Wallet]] asks you to Approve something, immediately Stop using that site. If the dapp asks you to interact with a contract you have never interacted with earlier, Stop using that site. If it asks you to approve any contract that is unknown or not in our docs, Stop using that site."

「如果連接到dapp [[Connect Wallet]] 要求您批准某些內容，請立即停止使用網站。如果dapp 要求您與您之前從未互動過的合約進行交互，請停止使用網站。如果它要求您要批准我們文件中未知或未包含的任何合同，請停止使用該網站。

According to Equalizer Discord member "543," users who have refrained from interacting with Equalizer websites within the past six hours are considered safe. However, users who have engaged with the websites during that timeframe are advised to "revoke all your approvals made during this time."

根據 Equalizer Discord 成員「543」的說法，過去六個小時內沒有與 Equalizer 網站互動的用戶被認為是安全的。但是，建議在此期間曾造訪這些網站的使用者「撤銷在此期間所做的所有批准」。

The Discord user "543" emphasized the importance of revoking approvals, citing the potential for ongoing exploitation. Source: Equalizer Discord channel

Discord 用戶「543」強調了撤銷批准的重要性，並指出了持續利用的可能性。來源：Equalizer Discord 頻道

In a proactive response, the Equalizer team is "working on restoring the main website" and has strongly advised users to refrain from accessing it until the necessary updates are implemented. The team continues to monitor the situation closely and will provide further updates as they become available.

在積極回應中，Equalizer 團隊正在“努力恢復主網站”，並強烈建議用戶在實施必要的更新之前不要訪問網站。團隊將繼續密切關注局勢，並將在有進一步更新時提供。

This incident highlights the ongoing threat posed by malicious actors within the cryptocurrency ecosystem. Users are urged to exercise extreme caution when interacting with decentralized exchanges and to thoroughly research any platform before entrusting it with their digital assets.

這事件凸顯了加密貨幣生態系統中惡意行為者所構成的持續威脅。我們敦促用戶在與去中心化交易所互動時要格外小心，並在將數位資產委託給任何平台之前對其進行徹底研究。