随着恶意行为者利用智能合约中的漏洞,区块链网络面临着日益严峻的安全挑战,而 Coinbase 的 Base 网络在高风险检测方面处于领先地位。
Analysis of smart contract vulnerabilities by Trugard Labs reveals Coinbase’s Base network had the highest detections in August, with over 34,000 high-risk vulnerabilities identified.
Trugard Labs 对智能合约漏洞的分析显示,Coinbase 的 Base 网络在 8 月份的检测量最高,发现了超过 34,000 个高风险漏洞。
Key Takeaways:
要点:
Coinbase's Base network was found to have the highest number of high-risk smart contract vulnerabilities in August, according to data from Trugard Labs.
根据 Trugard Labs 的数据,Coinbase 的 Base 网络在 8 月份被发现存在最多的高风险智能合约漏洞。
Base network's vulnerability to Digital Signature issues was highlighted, with nearly 22,000 detections related to tampering in standard libraries.
基础网络在数字签名问题上的脆弱性被凸显出来,有近 22,000 次检测与标准库中的篡改相关。
Malicious boolean checks on token transfers were also identified as a major risk on Base, with over 6,300 instances detected.
对代币传输的恶意布尔检查也被确定为 Base 上的主要风险,已检测到 6,300 多个实例。
The analysis suggests that web2 hackers are shifting focus to web3, with cybercriminal groups adapting their tactics to exploit vulnerabilities in decentralized finance protocols.
分析表明,web2 黑客正在将注意力转向 web3,网络犯罪团伙调整策略以利用去中心化金融协议中的漏洞。
Analysis by Trugard Labs has identified Coinbase’s Base network with the highest detections of smart contract vulnerabilities in August, with over 34,000 high-risk vulnerabilities. The analysis, which utilized Trugard's Xcalibur tool to assess risks in smart contracts on multiple blockchain networks, aimed to highlight the vulnerability of protocols deployed on various networks to exploitation.
Trugard Labs 的分析发现,Coinbase 的 Base 网络在 8 月份智能合约漏洞检测量最高,有超过 34,000 个高风险漏洞。该分析利用 Trugard 的 Xcalibur 工具评估多个区块链网络上智能合约的风险,旨在强调部署在各种网络上的协议容易被利用的漏洞。
According to the data, Base network was found to be particularly susceptible to Digital Signature issues, with nearly 22,000 detections. These detections were primarily related to tampering in standard libraries, such as SafeMath, which is designed to prevent overflows in arithmetic operations. The analysis also identified malicious boolean checks on token transfers as a major risk on Base, with over 6,300 instances detected. These checks could potentially block or manipulate token transfers, presenting a key vulnerability.
数据显示,Base 网络被发现特别容易受到数字签名问题的影响,检测次数接近 22,000 次。这些检测主要与标准库中的篡改有关,例如 SafeMath,旨在防止算术运算中的溢出。分析还发现,对代币传输的恶意布尔检查是 Base 上的主要风险,已检测到 6,300 多个实例。这些检查可能会阻止或操纵代币传输,从而出现一个关键漏洞。
The analysis further revealed several other major threats across the Base network, including unauthorized token burns, balance updates, and controlled minting attacks. Hidden balance updates and minting manipulations were also detected across Ethereum and BNB Chain (formerly Binance Smart Chain, BSC), albeit in smaller numbers.
该分析进一步揭示了 Base 网络中的其他几个主要威胁,包括未经授权的代币销毁、余额更新和受控铸币攻击。以太坊和 BNB 链(前身为币安智能链,BSC)也检测到了隐藏的余额更新和铸币操纵,尽管数量较少。
The findings suggest a shift in focus by cybercriminal groups, which were once primarily active in web2 and are now turning their attention to the rapidly expanding web3 ecosystem. As the decentralized finance (DeFi) sector grows, so does its appeal to threat actors. In the past, web2 criminals specialized in phishing, ransomware, and exploiting vulnerabilities in centralized systems. However, Trugard's analysis indicates that those same tactics are now being adapted to exploit vulnerabilities in smart contracts, decentralized finance protocols, and blockchain networks.
研究结果表明,网络犯罪团伙的注意力发生了转变,这些团伙曾经主要活跃在 web2 领域,现在正在将注意力转向快速扩张的 web3 生态系统。随着去中心化金融(DeFi)领域的发展,它对威胁行为者的吸引力也随之增加。过去,web2 犯罪分子专门从事网络钓鱼、勒索软件和利用集中式系统中的漏洞。然而,Trugard 的分析表明,这些相同的策略现在正在被用来利用智能合约、去中心化金融协议和区块链网络中的漏洞。