網路釣魚攻擊在加密貨幣中如何運作

基於加密的網路釣魚攻擊日益增加。網路犯罪分子向加密貨幣投資者發送惡意訊息。該訊息聲稱來自加密貨幣交易所或錢包提供商。

Cryptocurrency is booming, and so are cryptocurrency scams. Cybercriminals are targeting crypto whales with phishing scams, tricking them into revealing the private key of their crypto wallet. These investors have massive amounts of crypto holdings, making them a prime target for scammers.

加密貨幣正在蓬勃發展，加密貨幣騙局也是如此。網路犯罪分子透過網路釣魚詐騙瞄準加密鯨魚，誘騙他們洩漏加密錢包的私鑰。這些投資者持有大量加密貨幣，這使他們成為詐騙者的主要目標。

Tricksters use fake emails and websites to deceive whales into revealing their personal information. In this way, phishing scams are causing significant financial losses in the crypto industry. Currently, various security challenges need to be addressed within the cryptocurrency space.

騙子使用虛假電子郵件和網站來欺騙鯨魚洩露他們的個人資訊。這樣，網路釣魚詐騙正在給加密產業造成重大的經濟損失。目前，加密貨幣領域需要解決各種安全挑戰。

How Phishing Attack Works In Crypto

網路釣魚攻擊在加密貨幣中如何運作

Crypto-based phishing attacks are increasing day by day. A cybercriminal sends a malicious message to a crypto investor. This message claims to be from a crypto exchange or wallet provider.

基於加密的網路釣魚攻擊日益增加。網路犯罪分子向加密貨幣投資者發送惡意訊息。該訊息聲稱來自加密貨幣交易所或錢包提供商。

This message is often urgent, like “Your account has been compromised. Click here to secure it.” The scammer attaches a link to a fake website with the message. This fake site asks the investor to enter private keys or login credentials.

此訊息通常很緊急，例如「您的帳戶已被盜用。點擊此處以確保其安全。詐騙者在訊息中附加了一個虛假網站的連結。該虛假網站要求投資者輸入私鑰或登入憑證。

Once the investor enters information, the attacker gets access to their cryptocurrency wallet. Now, the scammer can easily transfer funds to their wallet.

一旦投資者輸入訊息，攻擊者就可以存取他們的加密貨幣錢包。現在，騙子可以輕鬆地將資金轉移到他們的錢包中。

Phishing attacks target crypto wallets, cryptocurrency exchanges, and initial coin offerings. Mostly, scammers convert the stolen crypto funds into fiat money or other digital assets.

網路釣魚攻擊針對的是加密貨幣錢包、加密貨幣交易所和首次代幣發行。大多數情況下，詐騙者會將被盜的加密貨幣資金轉換為法定貨幣或其他數位資產。

They are proficient in using sophisticated social engineering tactics to deceive victims into revealing their personal information.

他們擅長使用複雜的社會工程策略來欺騙受害者洩露他們的個人資訊。

Notable Phishing Scams in 2024

2024 年值得注意的網路釣魚詐騙

Below, you can check the details for the top phishing scams of 2024 that happened with crypto whales.

您可以在下面查看 2024 年與加密鯨魚相關的頂級網路釣魚詐騙的詳細資訊。

Scam 1: The $24 Million Whale Hack

騙局 1：價值 2400 萬美元的鯨魚駭客攻擊

A prominent crypto whale fell victim to a phishing scam In September 2024. This scam stole $24 Million worth of crypto assets from the whale. The attackers exploited advanced social engineering tactics to deceive investors into revealing sensitive information.

2024 年 9 月，一頭著名的加密鯨魚成為網路釣魚騙局的受害者。攻擊者利用先進的社會工程策略來欺騙投資者洩漏敏感資訊。

The stolen assets included liquid staking derivatives, such as Rocket Pool ETH (rETH) and Lido Staked ETH (stETH). It was valued at $8.5 Million and $15.6 Million, respectively.

被盜資產包括流動性質押衍生品，例如 Rocket Pool ETH (rETH) 和 Lido Staked ETH (stETH)。它的估值分別為 850 萬美元和 1560 萬美元。

The attackers used a fake website claiming to be a legitimate cryptocurrency platform. The attackers sent a phishing email to the investor about securing the account immediately due to a supposed security breach.

攻擊者使用了一個聲稱是合法加密貨幣平台的虛假網站。攻擊者向投資者發送了一封網路釣魚電子郵件，要求由於所謂的安全漏洞而立即保護帳戶。

The email had a malicious link to the fake website. The investor clicked the link and entered their private keys and login credentials. In this way, scammers managed to drain funds from the investor’s wallet.

該電子郵件包含指向虛假網站的惡意連結。投資者點擊該連結並輸入其私鑰和登入憑證。透過這種方式，騙子成功地從投資人的錢包中抽走資金。

Scam 2: The $55 Million DAI Phishing Attack

騙局 2：價值 5500 萬美元的 DAI 網路釣魚攻擊

The second high-profile phishing case is about a whale who lost $55 million worth of DAI stablecoin. The attackers used a combination of fake emails and social engineering tactics to gain control over the whale’s wallet.

第二起備受矚目的網路釣魚案件涉及一頭鯨魚失去了價值 5,500 萬美元的 DAI 穩定幣。攻擊者結合使用虛假電子郵件和社會工程策略來控制鯨魚的錢包。

Like the first case, the crypto whale clicked on a link from a malicious email. The email was about warning the investor of suspicious activity on their account.

與第一個案例一樣，加密鯨點擊了惡意電子郵件中的連結。該電子郵件旨在警告投資者其帳戶上存在可疑活動。

The investor entered their login credentials by clicking on the link. After that, attackers accessed the wallet and quickly transferred the $55 million worth of DAI to their accounts.

投資者透過點擊連結輸入登入憑證。此後，攻擊者訪問了錢包並迅速將價值 5500 萬美元的 DAI 轉入他們的帳戶。

Scam 3: The Blast Network Scam

騙局 3：爆炸性網路騙局

The Blast Network experienced a significant phishing scam in October 2024. The scam resulted in the loss of approximately $35 million worth of Few Wrapped Duo ETH (fwDETH) tokens.

Blast Network 在 2024 年 10 月經歷了一次重大網路釣魚詐騙。

Attackers used sophisticated social engineering tactics to deceive the investor. They sent emails posing as customer support from a well-known DeFi platform. The emails claimed the investor’s account needed immediate verification after a security breach.

攻擊者使用複雜的社會工程策略來欺騙投資者。他們發送電子郵件，冒充知名 DeFi 平台的客戶支援。這些電子郵件聲稱，投資者的帳戶在出現安全漏洞後需要立即進行驗證。

The investor entered their private keys and login credentials on the fake site. It allowed the attackers to access and transfer the fwDETH tokens. The victim also signed a fraudulent “permit” signature to enable the attackers to drain funds from the wallet.

投資者在虛假網站上輸入了私鑰和登入憑證。它允許攻擊者存取和轉移 fwDETH 代幣。受害者還簽署了欺詐性的「許可」簽名，使攻擊者能夠從錢包中抽走資金。

Best Ways To Protect Against Phishing Scams

防範網路釣魚詐騙的最佳方法

Crypto investors need to follow below practices to protect against phishing scams:

加密貨幣投資者需要遵循以下做法來防範網路釣魚詐騙：

Be wary of any unsolicited emails or messages claiming to be from a cryptocurrency exchange, wallet provider, or other crypto-related entity.

警惕任何聲稱來自加密貨幣交易所、錢包提供者或其他加密相關實體的未經請求的電子郵件或訊息。

Inspect the sender’s email address and domain name carefully. Official emails will typically come from a domain that matches the organization’s website address.

仔細檢查寄件者的電子郵件地址和網域。官方電子郵件通常來自與組織網站位址相符的網域。

Hover over any links in the email or message without clicking on them. This will usually display the true destination of the link in your browser’s status bar.

將滑鼠懸停在電子郵件或訊息中的任何連結上，而不點擊它們。這通常會在瀏覽器的狀態列中顯示連結的真實目的地。

Never enter your private keys, login credentials, or other sensitive information on any website or form that you access through a link in an email or message.

切勿在透過電子郵件或訊息中的連結造訪的任何網站或表單上輸入您的私鑰、登入憑證或其他敏感資訊。

If you’re unsure whether an email or message is legitimate, contact the organization directly through their official website or customer support channels.

如果您不確定電子郵件或訊息是否合法，請直接透過該組織的官方網站或客戶支援管道聯絡該組織。

Use a hardware cryptocurrency wallet to store your digital assets securely. Hardware wallets are not connected to the internet, making them immune to phishing attacks.

使用硬體加密貨幣錢包安全地儲存您的數位資產。硬體錢包不連接到互聯網，因此不會受到網路釣魚攻擊。

Phishing scams are still targeting crypto whales. The scammers are developing unique techniques to steal crypto funds from people. It shows the increased need for tight security for crypto investors.

網路釣魚詐騙仍然針對加密鯨魚。詐騙者正在開發獨特的技術來竊取人們的加密貨幣資金。這顯示加密貨幣投資者對嚴格安全的需求不斷增加。

Investors should protect themselves from falling victim to these scams after understanding the techniques used by attackers. Start following best practices

在了解攻擊者使用的技術後，投資者應該保護自己免受這些騙局的影響。開始遵循最佳實踐