|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Polymarket預測市場應用程式的一些用戶抱怨說,他們透過Google帳號登入後,錢包就神祕地被掏空了。
Several users of the decentralized prediction market app Polymarket have reported their wallets being mysteriously drained after logging in via their Google accounts.
去中心化預測市場應用程式 Polymarket 的幾名用戶報告稱,他們的錢包在透過Google帳號登入後被神秘地掏空。
After making deposits into their Polymarket accounts, the users discovered that their wallets had been emptied, leaving a balance of zero. Notably, these attacks have only affected users who accessed the platform through Google logins, while those using wallet browser extensions like MetaMask or Trustwallet have not encountered any issues.
在向 Polymarket 帳戶存款後,用戶發現錢包已被清空,餘額為零。值得注意的是,這些攻擊僅影響透過 Google 登入存取該平台的用戶,而使用 MetaMask 或 Trustwallet 等錢包瀏覽器擴充功能的用戶則沒有遇到任何問題。
Cointelegraph spoke to two victims of these attacks, who shared their experiences and provided insights into the events that unfolded.
Cointelegraph 採訪了這些攻擊的兩名受害者,他們分享了他們的經歷並提供了對所發生事件的見解。
The first victim, who goes by the Discord username "HHeego," encountered problems while attempting to deposit funds into his Polymarket account. After depositing $1,085.80 in USD Coin (USDC) from Binance on August 5, the transaction did not appear in his account within the Polymarket app despite waiting for several hours.
第一個受害者的 Discord 用戶名是“HHeego”,他在嘗試將資金存入他的 Polymarket 帳戶時遇到了問題。 8 月 5 日從幣安存入 1,085.80 美元的美元硬幣 (USDC) 後,儘管等待了幾個小時,但該交易並未出現在他在 Polymarket 應用程式中的帳戶中。
Believing there might be an issue with his account, HHeego joined the Polymarket Discord server to seek assistance. He discovered that several other users were experiencing similar problems, which appeared to be related to a user interface issue. This eased HHeego's concerns, and he decided to wait for the issue to be resolved.
HHeego 認為自己的帳戶可能有問題,因此加入了 Polymarket Discord 伺服器來尋求協助。他發現其他幾個用戶也遇到了類似的問題,這似乎與用戶介面問題有關。這打消了HHeego的顧慮,他決定等待問題解決。
Later that day, the deposit finally appeared on the user interface, but it "vanished almost as quickly as it had come," according to HHeego. He realized that his entire USDC balance of $1,188.72 had disappeared. This balance included $102.92 that had been in the account before the deposit was made, as well as the deposit itself.
當天晚些時候,存款終於出現在用戶界面上,但據 HHeego 稱,它「幾乎像來的時候一樣消失了」。他意識到他的 1,188.72 美元 USDC 餘額全部消失了。該餘額包括存款前帳戶中的 102.92 美元以及存款本身。
Interestingly, HHeego's $2,000 worth of open trades remained untouched.
有趣的是,HHeego 價值 2,000 美元的未平倉交易仍然沒有受到影響。
After inspecting his account history using the Polygonscan block explorer, HHeego discovered that his USDC balance had been transferred to an account labeled "Fake_Phishing399064." He then promptly submitted a ticket to Polymarket's customer support team to report the incident.
在使用 Polygonscan 區塊瀏覽器檢查他的帳戶歷史記錄後,HHeego 發現他的 USDC 餘額已轉移到標記為「Fake_Phishing399064」的帳戶。隨後,他立即向 Polymarket 的客戶支援團隊提交了一張罰單,報告了這起事件。
When the customer support agent heard HHeego's story, he expressed disbelief and asked, "Haven't you withdrawn that amount?" To which HHeego replied, "No I haven't." The agent then inquired, "Are you sure it wasn't you then?" and HHeego responded, "I am 100% sure."
客服聽到HHeego的故事後,表示難以置信,問道:“你不是已經提取了那麼多錢嗎?” HHeego 回答說:“不,我沒有。”經紀人接著問道:“你確定當時不是你嗎?” HHeego 回答說:“我百分百確定。”
In the image below, Cointelegraph has redacted the agent's screen name to protect his privacy.
在下圖中,Cointelegraph 已經修改了特工的螢幕名稱以保護他的隱私。
A conversation between HHeego and a customer service agent. Source: HHeego
HHeego 和客戶服務代理之間的對話。來源:HHeego
The agent proceeded to ask HHeego if "your PK got leaked or you got phished somehow." However, the user, who claims to be new to the crypto world, initially didn't understand what the agent meant by a "PK leak." He also stated that he has never used a browser extension wallet and has only ever used a Google login to access Polymarket.
特工繼續詢問 HHeego 是否「你的 PK 被洩露或你被釣了」。然而,這位自稱剛接觸加密世界的用戶最初並不明白特工所說的「PK洩漏」是什麼意思。他還表示,他從未使用過瀏覽器擴充錢包,僅使用Google登入造訪過Polymarket。
After asking a few more questions, the agent informed HHeego that the team was investigating the anomaly and would contact him once they had more information.
在又問了幾個問題後,特工告訴 HHeego,團隊正在調查這個異常現象,一旦獲得更多資訊就會與他聯繫。
Another $4K gets swiped
又被刷了 4K 美元
Convinced that the wallet drain was some kind of "glitch" that would eventually be worked out, HHeego went on to deposit an additional $4,111.31 on August 11. As before, the "fake phishing" account drained all of the funds, bringing the user's total losses to $5,197.11.
HHeego 確信錢包流失是某種“故障”,最終會得到解決,於是在8 月11 日又存入了4,111.31 美元。被竊。
At this point, the user became convinced that his Polymarket account was hacked. He closed all of his trades, amounting to nearly $1,000 in funds, and withdrew his balance to his Binance account. The proceeds from these trades were not touched by the attacker, and the withdrawal was successful.
此時,該用戶確信他的 Polymarket 帳戶已被駭客入侵。他關閉了所有交易,資金總額接近 1,000 美元,並將餘額提取到他的幣安帳戶。這些交易的收益沒有被攻擊者觸及,提現成功。
After retrieving his funds, HHeego contacted customer service again. This time, the customer service agent told him that his account was compromised and he should stop using it. According to the user, the agent also told him "they are close to understanding 100% what has happened."
取回款項後,HHeego再次聯絡了客服。這次,客服代表告訴他,他的帳戶已被盜用,他應該停止使用該帳戶。據該用戶稱,經紀人還告訴他“他們已經接近 100% 了解發生了什麼。”
He received one last message from customer service on August 15. In this message, the agent stated that the attack was "a complex situation" and that the team wanted to have all of the details before communicating its next steps. The agent then referred HHeego to another team member.
8 月 15 日,他收到了客戶服務部的最後一條訊息。然後,特工將 HHeego 轉介給另一位團隊成員。
Reported last customer service message from Polymarket. Source: HHeego
報告了來自 Polymarket 的最新客戶服務消息。來源:HHeego
HHeego claimed that he did not receive any further information from the Polymarket team after August 15.
HHeego 聲稱,8 月 15 日之後他沒有收到 Polymarket 團隊的任何進一步資訊。
Blockchain data confirms many aspects of HHeego's story. The account was drained of $1,188.72 USDC through a "proxy" function call on August 5. On August 11, an additional $4,111.31 was removed from the account. In both cases, the function was called by
區塊鏈數據證實了 HHeego 故事的許多方面。 8 月 5 日,該帳戶透過「代理」函數呼叫被抽走 1,188.72 美元 USDC。在這兩種情況下,該函數都被調用
免責聲明:info@kdj.com
所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!
如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。
-
- DOGEN:永遠獲勝的真正阿爾法的終極 Memetoken
- 2024-09-30 02:20:01
- 想像一下夢想中的生活——豪華汽車、大筆現金和引人注目的女人。這就是DOGEN的生活方式!
-
- 發現可能與比特幣一起崛起並大幅提高利潤的山寨幣
- 2024-09-30 02:15:02
- 本指南揭示了準備成長的頂級競爭者。 CYBRO 預售超過 250 萬美元:百萬分之一的下一代 DeFi 投資機會