在簽署與網路釣魚攻擊相關的惡意交易後，一名加密貨幣交易者損失了超過 128 萬美元的各種數位資產

10 月 14 日，區塊鏈安全公司 PeckShieldAlert 報告稱，一名交易員被騙後損失了大量 PEPE、APU 和 MSTR 代幣

A cryptocurrency trader has lost over $1.28 million in various digital assets after signing a malicious transaction linked to a phishing attack.

一名加密貨幣交易員在簽署與網路釣魚攻擊相關的惡意交易後，損失了超過 128 萬美元的各種數位資產。

On Oct. 14, blockchain security firm PeckShieldAlert reported that a trader lost significant amounts of PEPE, APU, and MSTR tokens after being tricked into signing a phishing permit signature. Specifically, the victim’s wallet, identified by “0xb0b..40c7,” lost 108 billion PEPE, 73.8 million APU, and 165,000 MSTR tokens.

10 月 14 日，區塊鏈安全公司 PeckShieldAlert 報告稱，一名交易員在被誘騙簽署網路釣魚許可證簽名後丟失了大量 PEPE、APU 和 MSTR 代幣。具體來說，受害者的錢包（標識為“0xb0b..40c7”）丟失了 1080 億個 PEPE、7380 萬個 APU 和 165,000 個 MSTR 代幣。

The permit signature granted attackers control over the victim’s wallet, enabling them to drain the funds in six quick transactions.

許可證簽名授予攻擊者對受害者錢包的控制權，使他們能夠透過六次快速交易耗盡資金。

#PeckShieldAlert The address 0xb0b8…40c7 has been drained of ~$1.28M worth of cryptos, including 108B $PEPE, 73.8M $APU, and 165K $MSTR, after signing a #phishing permit signature.

#PeckShieldAlert 在簽署 #phishing 許可證簽名後，地址 0xb0b8…40c7 已耗盡價值約 128 萬美元的加密貨幣，其中包括 108B $PEPE、7380 萬美元 APU 和 165K $MSTR。

The #phishing address #Fake_Phishing442846 is linked to the scammers who drained $32M worth of… pic.twitter.com/fq3a4DD0tD

#phishing 地址 #Fake_Phishing442846 與騙子有聯繫，他們損失了價值 3200 萬美元的… pic.twitter.com/fq3a4DD0tD

— PeckShieldAlert (@PeckShieldAlert) October 14, 2024

- PeckShieldAlert (@PeckShieldAlert) 2024 年 10 月 14 日

This method of attack, known as an approval phishing attack, is gaining steam in the crypto space. In this attack, users unknowingly grant permission to malicious actors to transfer their assets.

這種攻擊方法被稱為批准網路釣魚攻擊，正在加密貨幣領域日益流行。在這次攻擊中，使用者在不知情的情況下授予惡意行為者轉移其資產的權限。

Once they capture a signature, attackers swiftly transfer assets from the victim’s wallet to their controlled addresses. The attackers then proceed to distribute the stolen cryptos across multiple wallets.

一旦捕獲簽名，攻擊者就會迅速將資產從受害者的錢包轉移到他們控制的地址。然後，攻擊者將竊取的加密貨幣分發到多個錢包中。

One of the wallets involved (“Fake_Phishing442846”) was previously linked to an attack two weeks ago, where over $32 million in spWETH tokens were drained. These incidents point to a growing trend of phishing attacks on cryptocurrency traders and investors.

其中一個涉及的錢包（“Fake_Phishing442846”）此前曾與兩週前的攻擊有關，當時超過 3200 萬美元的 spWETH 代幣被耗盡。這些事件表明，針對加密貨幣交易者和投資者的網路釣魚攻擊呈成長趨勢。

According to reports from blockchain intelligence firm Arkham, the previous $32 million theft and the recent attack were linked to Inferno Drainer, a well-known phishing-as-a-service provider in the crypto space. Inferno Drainer offers criminals a platform to launch phishing websites and other tools to trick users into signing over control of their wallets.

根據區塊鏈情報公司 Arkham 的報告，先前 3,200 萬美元的盜竊案和最近的攻擊與加密貨幣領域著名的網路釣魚即服務提供商 Inferno Drainer 有關。 Inferno Drainer 為犯罪分子提供了一個啟動網路釣魚網站和其他工具的平台，以誘騙用戶簽署並接管其錢包的控制權。

The service, which resurfaced in May 2024 after briefly ceasing operations, charges scammers 30% for phishing websites and 20% for successful attacks. Since 2021, Inferno Drainer has been linked to numerous cryptocurrency phishing attacks.

該服務在短暫停止營運後於 2024 年 5 月重新出現，針對網路釣魚網站向詐騙者收取 30% 的費用，針對成功攻擊收取 20% 的費用。自 2021 年以來，Inferno Drainer 與眾多加密貨幣網路釣魚攻擊有關。

Data from Dune Analytics showed that the service has stolen $237.7 million from over 200,000 victims. Despite being temporarily taken down in late 2023, demand from cybercriminals drove its resurgence, with the app continuing to be a major threat in 2024.

Dune Analytics 的數據顯示，該服務已從超過 20 萬名受害者那裡竊取了 2.377 億美元。儘管該應用程式在 2023 年底被暫時下架，但網路犯罪分子的需求推動了其死灰復燃，該應用程式在 2024 年仍然是一個主要威脅。

Phishing attacks have become a major source of losses for crypto investors. A recent Chainalysis report estimated that phishing scams have siphoned off $2.7 billion in multiple virtual assets since 2021.

網路釣魚攻擊已成為加密貨幣投資者損失的主要來源。 Chainaanalysis 最近的一份報告估計，自 2021 年以來，網路釣魚詐騙已從多種虛擬資產中竊取了 27 億美元的資金。

The approval phishing attack continues to wreak havoc, as unsuspecting users are often unaware of the permissions they are granting to attackers. Last week, Cryptomode reported another high-profile incident involving a wallet linked to a venture capital fund losing $35 million in fwDETH tokens using this same technique.

批准網路釣魚攻擊繼續造成嚴重破壞，因為毫無戒心的用戶通常不知道他們授予攻擊者的權限。上週，Cryptomode 報告了另一起備受矚目的事件，涉及與一家風險投資基金相關的錢包使用相同的技術損失了 3500 萬美元的 fwDETH 代幣。

This exploit led to a significant dip in the token’s value, with a 90% decrease observed after the incident. Notably, blockchain security firm CertiK’s Q3 report identified phishing as the most damaging form of attack in 2024. The report estimated losses from phishing attacks at $343.1 million across 65 incidents in Q3 alone.

此漏洞導致代幣價值大幅下跌，事件發生後下降了 90%。值得注意的是，區塊鏈安全公司CertiK 的第三季報告將網路釣魚視為2024 年最具破壞性的攻擊形式。損失就達3.431 億美元。