|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
硬體錢包提供商 Trezor 澄清稱,其官方 Twitter 帳戶遭到網路釣魚攻擊(而非 SIM 交換)的破壞,導致欺詐性代幣預售公告。儘管採取了強有力的安全措施,攻擊者仍然獲得了該帳戶的存取權限,發布惡意連結並請求資金。 Trezor 強調其硬體錢包的安全性並未受到影響,並已採取措施減輕進一步的損害。
SatoshiLabs Details Trezor X Account Phishing Attack
SatoshiLabs 詳細介紹 Trezor X 帳號網路釣魚攻擊
SatoshiLabs, the manufacturer of Trezor crypto hardware wallets, has provided a comprehensive account of an incident involving fraudulent token presale announcements posted on its official Twitter account.
Trezor 加密硬體錢包製造商 SatoshiLabs 提供了有關在其官方 Twitter 帳戶上發布的欺詐性代幣預售公告的事件的全面說明。
Phishing Attack, Not SIM Swap
網路釣魚攻擊,而非 SIM 交換
The company clarified that the security breach was attributed to a phishing attack, contrary to its initial suspicion of a SIM-swap attack. SatoshiLabs emphasized that it does not employ mobile devices for two-factor authentication, utilizing more secure methods instead.
該公司澄清說,安全漏洞是由網路釣魚攻擊引起的,這與最初對 SIM 卡交換攻擊的懷疑相反。 SatoshiLabs 強調,它不使用行動裝置進行雙重認證,而是使用更安全的方法。
Unauthorized Posts and Harmful Links
未經授權的帖子和有害鏈接
Despite these safeguards, attackers managed to post a series of unauthorized and misleading tweets, soliciting funds from users to an unidentified wallet address. Additionally, harmful links were included, redirecting users to a bogus token presale website.
儘管有這些保護措施,攻擊者還是設法發布了一系列未經授權和誤導性的推文,從用戶那裡籌集資金到一個身份不明的錢包地址。此外,還包含有害鏈接,將用戶重定向到虛假的代幣預售網站。
Blockchain Sleuth's Notification
區塊鏈偵探的通知
Independent blockchain sleuth ZachXBT alerted his 528,000 Twitter followers of Trezor's suspected breach on March 19th.
3 月 19 日,獨立區塊鏈偵探 ZachXBT 向他的 528,000 名 Twitter 粉絲發出了有關 Trezor 涉嫌違規事件的警報。
Unauthorized Access to Twitter Account
未經授權存取 Twitter 帳戶
SatoshiLabs confirmed unauthorized entry into its Twitter account on March 19th. Investigations revealed a sophisticated and premeditated phishing attack orchestrated by hackers over several weeks.
SatoshiLabs 於 3 月 19 日證實其 Twitter 帳戶遭到未經授權的存取。調查顯示,駭客在幾週內精心策劃了一次複雜且有預謀的網路釣魚攻擊。
Prompt Removal of Deceptive Posts
及時刪除欺騙性帖子
Upon discovering the breach, SatoshiLabs swiftly identified and removed the deceptive posts, mitigating potential damage. The company stated: "We want to stress here that the security of all our products remains unaffected. This incident has in no way impacted or compromised the security of Trezor hardware wallets or any of our other products."
發現漏洞後,SatoshiLabs 迅速識別並刪除了欺騙性帖子,減輕了潛在的損害。該公司表示:“我們想在此強調,我們所有產品的安全性均不受影響。這一事件絕不會影響或損害 Trezor 硬體錢包或我們任何其他產品的安全性。”
Attackers' Sophisticated Tactics
攻擊者的複雜策略
Investigations indicated that the attackers posed as reputable entities in the cryptocurrency community starting on February 29th. They maintained a credible social media presence and engaged in seemingly genuine discussions.
調查顯示,攻擊者自 2 月 29 日起冒充加密貨幣社群中信譽良好的實體。他們在社群媒體上保持著可信的存在,並進行了看似真誠的討論。
Impersonation and Malicious Link
冒充和惡意鏈接
Impersonating a well-established Twitter account with thousands of followers, the attacker contacted SatoshiLabs' public relations team, proposing an interview with the CEO. A meeting was subsequently scheduled, during which the impersonator shared a malicious link disguised as a Calendly calendar invitation.
攻擊者冒充擁有數千名粉絲的知名 Twitter 帳戶,聯繫了 SatoshiLabs 的公關團隊,提議採訪執行長。隨後安排了一次會議,期間冒充者分享了一個偽裝成 Calendly 日曆邀請的惡意連結。
Compromised Login Credentials
登入憑證遭到洩漏
Clicking the calendar link prompted a team member to enter their Twitter login credentials, raising suspicion. However, the meeting was rescheduled. In the next session, the attacker, feigning technical difficulties, successfully linked their Calendly account to SatoshiLabs' Twitter account.
點擊日曆連結會提示團隊成員輸入其 Twitter 登入憑證,這引起了懷疑。然而,會議被重新安排。在接下來的會話中,攻擊者假裝技術困難,成功地將他們的 Calendly 帳戶連結到 SatoshiLabs 的 Twitter 帳戶。
Previous Security Breach
以前的安全漏洞
In January, Trezor experienced a security breach that exposed the contact information of approximately 66,000 users. According to the company's website, it has sold over two million hardware wallets since its inception in 2012.
一月份,Trezor 遭遇安全漏洞,洩漏了約 66,000 名用戶的聯絡資訊。據該公司網站稱,自 2012 年成立以來,其硬體錢包銷量已超過 200 萬個。
Conclusion
結論
SatoshiLabs' detailed account of the phishing attack highlights the importance of vigilance in cybersecurity. The company's emphasis on secure authentication methods and prompt response to the breach underscore its commitment to safeguarding its users' assets.
SatoshiLabs 對網路釣魚攻擊的詳細描述凸顯了網路安全保持警覺的重要性。該公司對安全身份驗證方法的重視以及對違規行為的及時回應突顯了其保護用戶資產的承諾。
免責聲明:info@kdj.com
所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!
如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。
-
- 狗狗幣(DOGE)令投資人驚喜,連續三天以兩位數晉升領漲市場
- 2024-10-30 10:55:01
- 馬斯克發表聲明後,SHIB 和 DOGE 股價上漲 10%
-
- 加密貨幣和選舉:揭示看不見的影響和挑戰
- 2024-10-30 10:15:01
- 探討加密貨幣在政治領域中看不見的影響
-
- 比特幣 (BTC) 價格上漲至 7 萬美元以上:歷史新高是否觸手可及?
- 2024-10-30 10:15:01
- 隨著加密貨幣接近歷史高點,比特幣最近的看漲勢頭引發了交易者和投資者的樂觀情緒。
-
- 密西根硬幣經銷商向老虎機投入 500 萬美元,被控詐騙客戶
- 2024-10-30 10:15:01
- 密西根州貝城的一名硬幣、珠寶和貴金屬交易商被指控騙取客戶數十萬美元,並用他們的錢進行賭博。