|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
週日,基於以太坊的 ZK-rollup 協議路印協議 (Loopring) 遭遇重大安全漏洞。這次事件造成的損失達數百萬美元。
Loopring, an Ethereum-based ZK-rollup protocol, encountered a significant security breach on Sunday, leading to losses in the millions of dollars.
Loopring 是一種基於以太坊的 ZK-rollup 協議,週日遭遇重大安全漏洞,導致數百萬美元的損失。
The attack exploited a vulnerability in Loopring's Guardian wallet recovery service, specifically targeting the two-factor authentication (2FA) process.
該攻擊利用了 Loopring 的 Guardian 錢包恢復服務中的漏洞,特別針對雙重認證 (2FA) 流程。
After the Hack, Loopring Cooperates with Experts and Authorities
駭客入侵後,路印協議與專家和權威機構合作
Loopring's Guardian service enables users to designate trusted wallets for various security tasks, such as locking a compromised wallet or restoring one if the seed phrase is lost. However, the attacker managed to bypass this service, performing unauthorized wallet recoveries with a single guardian.
Loopring 的 Guardian 服務使用戶能夠指定受信任的錢包來執行各種安全任務,例如鎖定受損的錢包或在種子短語遺失時恢復錢包。然而,攻擊者設法繞過此服務,透過單一監護人執行未經授權的錢包恢復。
The vulnerability in Loopring's 2FA service allowed the attacker to impersonate the wallet owner, gaining approval for the recovery process, resetting ownership, and withdrawing assets from the affected wallets. Notably, the exploit primarily affected wallets that did not have multiple or third-party guardians.
Loopring 的 2FA 服務中的漏洞允許攻擊者冒充錢包所有者,獲得恢復過程的批准,重置所有權,並從受影響的錢包中提取資產。值得注意的是,該漏洞主要影響沒有多個或第三方監護人的錢包。
The team has identified two wallet addresses involved in the breach. On-chain data reveals that one wallet drained approximately $5 million from the compromised wallets, which have now been fully swapped to Ethereum (ETH).
該團隊已確定涉及此次洩漏的兩個錢包地址。鏈上數據顯示,一個錢包從受感染的錢包中損失了約 500 萬美元,這些錢包現已完全轉換為以太坊 (ETH)。
Loopring stated that they are working with Mist security experts to uncover the method used by the attacker to compromise their 2FA service. To safeguard users, Guardian-related and 2FA-related operations have been temporarily suspended, which ultimately halted the compromise.
Loopring 表示,他們正在與 Mist 安全專家合作,揭露攻擊者用來破壞其 2FA 服務的方法。為了保護用戶,Guardian 相關和 2FA 相關操作已暫時停止,最終阻止了攻擊。
“Loopring is working with law enforcement and professional security teams to track down the perpetrator. We will continue to provide updates as soon as the investigation progresses,” the team added.
「Loopring 正在與執法部門和專業安全團隊合作追查肇事者。一旦調查取得進展,我們將繼續提供最新資訊。
This incident follows a recent data breach at crypto market data aggregator CoinGecko, which was accessed through its third-party email service provider, GetResponse.
在此事件發生之前,加密貨幣市場資料聚合商 CoinGecko 最近發生了一次資料外洩事件,該事件是透過其第三方電子郵件服務提供者 GetResponse 存取的。
On June 5, the attacker compromised the account of a GetResponse employee and exported nearly 2 million contacts from CoinGecko's account.
6 月 5 日,攻擊者入侵了 GetResponse 員工的帳戶,並從 CoinGecko 的帳戶中匯出了近 200 萬個聯絡人資訊。
Subsequently, the attacker sent 23,723 phishing emails using the account of another GetResponse client. However, it's important to note that the malicious actors did not use CoinGecko's domain to send harmful emails.
隨後,攻擊者使用另一個 GetResponse 用戶端的帳戶發送了 23,723 封釣魚電子郵件。然而,值得注意的是,惡意行為者並未使用 CoinGecko 的網域發送有害電子郵件。
CoinGecko also reassured its users that the breach did not compromise their accounts and passwords. Nevertheless, the leaked data included users' names, email addresses, IP addresses, and the locations where emails were opened.
CoinGecko 也向用戶保證,這次洩漏事件並未損害他們的帳戶和密碼。然而,洩漏的資料包括使用者姓名、電子郵件地址、IP 位址以及開啟電子郵件的位置。
In response to the breach, CoinGecko advised users to remain vigilant, particularly regarding emails offering airdrops. The platform also highlighted the importance of avoiding links or email attachments from unfamiliar senders and adhering to recommended security measures.
針對此外洩事件,CoinGecko 建議用戶保持警惕,特別是提供空投的電子郵件。該平台還強調了避免來自不熟悉的寄件者的連結或電子郵件附件以及遵守建議的安全措施的重要性。
免責聲明:info@kdj.com
所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!
如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。
-
- 哈薩克將於2025年推出數位投資幣項目
- 2024-11-25 06:20:01
- 黃金投資幣將可以隨時隨地在線上購買和銷售。
-
- 山寨幣季節即將到來:在為時已晚之前進行 4 次最後一刻的購買
- 2024-11-25 06:20:01
- 許多愛好者一直在等待比特幣價格穩定下來的山寨幣季節,投資者現在對所有其他貨幣都產生了興趣