即使是高级加密货币投资者也成为网络钓鱼攻击的受害者，因为（又一次）损失了数百万美元

这是用户中常见的错误，如果使用促进这些攻击的加密货币，即使是具有先进知识的投资者也会受到影响。

Someone lost (yet another) millions of dollars’ worth of funds to a phishing attack while using decentralized finance (DeFi). This is a common mistake among users, affecting even investors with advanced knowledge if using cryptocurrencies that facilitate these attacks.

有人在使用去中心化金融（DeFi）时因网络钓鱼攻击而损失了（又）数百万美元的资金。这是用户中常见的错误，如果使用促进这些攻击的加密货币，即使是具有先进知识的投资者也会受到影响。

In this most recent event, the Ethereum address ‘0xAA1582084c4f588eF9BE86F5eA1a919F86A3eE57‘ lost 12,083.6 spEWTH, valued at $32.33 million. Ethereum’s blockchain registered the transaction to two addresses labeled “Fake Phishing” on September 28 at 6:15 a.m. UTC.

在最近的这次事件中，以太坊地址“0xAA1582084c4f588eF9BE86F5eA1a919F86A3eE57”损失了 12,083.6 spEWTH，价值 3233 万美元。以太坊区块链于世界标准时间 9 月 28 日上午 6:15 将交易记录到两个标有“假网络钓鱼”的地址。

Finbold consulted the Arkham Intelligence database, which suggests the address belongs to Shixing Mao, also known as DiscusFish on X. Right now, it still holds $8.25 million worth of tokens, of which $2.85 million are in DAI stablecoin.

Finbold 查阅了 Arkham Intelligence 数据库，显示该地址属于 Shixing Mao（X 上的 DiscusFish）。目前，该地址仍持有价值 825 万美元的代币，其中 285 万美元是 DAI 稳定币。

Notably, Shixing Mao is an experienced crypto executive and co-founder of F2Pool and Cobo. If this address truly belongs to Mao, it is yet another cautionary tale about how even experts can fall victim to such attacks – urging the need to find universal solutions to avoid similar events.

值得注意的是，毛世兴是一位经验丰富的加密货币高管，也是 F2Pool 和 Cobo 的联合创始人。如果这个讲话确实属于毛泽东，那么这又是一个警示故事，说明即使是专家也可能成为此类攻击的受害者——敦促需要找到通用解决方案以避免类似事件。

1 in 7 crypto investors were victims of Phishing

七分之一的加密货币投资者是网络钓鱼的受害者

A survey from WalletConnect shows that nearly one in every seven cryptocurrency users has fallen victim to a phishing attack. According to WalletConnect, 14.4% of respondents said, “Yes, I have lost crypto due to a phishing attack or scam.”

WalletConnect 的一项调查显示，近七分之一的加密货币用户成为网络钓鱼攻击的受害者。据 WalletConnect 称，14.4% 的受访者表示，“是的，我由于网络钓鱼攻击或诈骗而丢失了加密货币。”

Accounts on X have reported some of the big numbers crypto investors lost while interacting with malicious contracts or addresses. A recent example involves Scam Sniffer‘s report on July 23 of a $4.69 million loss of Pendle (PENDLE) re-staking tokens.

X 上的账户报告了一些加密货币投资者在与恶意合约或地址交互时损失的大量资金。最近的一个例子是 Scam Sniffer 于 7 月 23 日报告的 Pendle (PENDLE) 重新质押代币损失 469 万美元。

Also, the $55 million DAI loss to a phishing attack Lookonchain reported on August 21, urging users to double-check transactions. In the first half of 2024, Scam Sniffer identified over $314 million stolen across Ethereum Virtual Machine (EVM) chains.

此外，Lookonchain 于 8 月 21 日报道称，DAI 因网络钓鱼攻击而损失了 5500 万美元，敦促用户仔细检查交易。 2024 年上半年，Scam Sniffer 发现以太坊虚拟机 (EVM) 链上的价值超过 3.14 亿美元被盗。

On Finbold, we have reported plenty of these cases. Namely related to the TON ecosystem, Tether freezing suspicious activity, and the attacker who returned stolen wBTC.

在芬博尔德，我们已经报告了很多这样的案例。即与 TON 生态系统、Tether 冻结可疑活动以及归还被盗 wBTC 的攻击者有关。

Yet, these are only part of a broader issue that costs users worldwide millions of dollars. Surprisingly, newer but less popular technologies and crypto protocols are already partially mitigating this issue.

然而，这些只是一个更广泛问题的一部分，该问题使全球用户损失了数百万美元。令人惊讶的是，较新但不太流行的技术和加密协议已经部分缓解了这个问题。

How to avoid phishing attacks and wallet drains on DeFi?

如何避免 DeFi 上的钓鱼攻击和钱包流失？

Essentially, most of these attacks are due to human error, exploited in different ways. For example, connecting a wallet to a malicious application or signing a malicious permission or transaction.

从本质上讲，大多数这些攻击都是由于人为错误造成的，并以不同的方式被利用。例如，将钱包连接到恶意应用程序或签署恶意许可或交易。

The most natural way to avoid falling victim to a phishing attack or wallet drain is to double-check websites and understand what you are signing up for, literally. For that, users can prioritize wallets and protocols with easily readable transaction signing, disclosing the action in detail.

避免成为网络钓鱼攻击或钱包流失受害者的最自然的方法是仔细检查网站并从字面上理解您正在注册的内容。为此，用户可以通过易于阅读的交易签名来优先考虑钱包和协议，并详细披露操作。

However, more advanced technologies have already developed built-in solutions for crypto protocols that help prevent human errors, focusing on security.

然而，更先进的技术已经开发了加密协议的内置解决方案，有助于防止人为错误，重点关注安全性。

Native assets prevent phishing and wallet drains

原生资产可防止网络钓鱼和钱包流失

Popular blockchains like Ethereum (ETH), BNB Chain (BNB), Solana (SOL), Tron (TRX), Avalanche (AVAX), Algorand (ALGO), and Near (NEAR) all use a model where tokens work differently from their native assets, functioning through smart contract calls that require a previous special permission to move the funds.

以太坊 (ETH)、BNB Chain (BNB)、Solana (SOL)、Tron (TRX)、Avalanche (AVAX)、Algorand (ALGO) 和 Near (NEAR) 等流行区块链都使用代币与原生代币工作方式不同的模型资产，通过智能合约调用运行，需要事先获得特殊许可才能转移资金。

Dave, also known as DBCrypto, commented about this model with Finbold.

Dave（也称为 DBCrypto）与 Finbold 评论了该模型。

“The smart contract-based token model found on Ethereum, L2’s, and EVM chains is not only inefficient but also insecure, delaying Web3 adoption.”

“以太坊、L2 和 EVM 链上基于智能合约的代币模型不仅效率低下，而且不安全，延迟了 Web3 的采用。”

On the other hand, chains like Cardano (ADA), Sui (SUI), MultiversX (EGLD), and Radix (XRD) use a native-asset token model. In this model, all tokens behave as native assets within the protocol, not requiring database permissions that can be exploited. Users need to sign every transaction to move tokens in their ownership, creating another layer of security.

另一方面，Cardano (ADA)、Sui (SUI)、MultiversX (EGLD) 和 Radix (XRD) 等链使用原生资产代币模型。在此模型中，所有代币都充当协议内的本机资产，不需要可利用的数据库权限。用户需要签署每笔交易才能转移其所有权中的代币，从而创建另一层安全性。

Interestingly, users can now benefit as developers take a more careful look toward security concerns, phishing attacks, and token models. At one point, investors will inevitably need to choose whether they accept the old standards or migrate to the newer ones in the competitive and innovative free market that is crypto.

有趣的是，随着开发人员更加仔细地关注安全问题、网络钓鱼攻击和令牌模型，用户现在可以受益。在某一时刻，投资者将不可避免地需要选择是接​​受旧标准还是在竞争性和创新性的加密货币自由市场中迁移到新标准。