BASE：诈骗者的崛起之地

Trugard Labs 揭示了困扰区块链网络的一系列主要威胁，特别是在像 BASE 这样的新兴和快速增长的链中

A series of major threats are plaguing blockchain networks, particularly in emerging and fast-growing chains like BASE, Coinbase’s Layer 2 solution. As Trugard Labs unveils their September findings from the Xcalibur source code detection suite, they highlight the latest scams exploiting users on the BASE, Ethereum, BSC, and Polygon networks.

一系列重大威胁正在困扰着区块链网络，特别是在像 BASE（Coinbase 的第 2 层解决方案）这样新兴且快速增长的链中。 Trugard Labs 公布了 Xcalibur 源代码检测套件 9 月份的调查结果，重点介绍了利用 BASE、以太坊、BSC 和 Polygon 网络上用户的最新骗局。

The rise in politically themed meme coin scams, multi-chain vulnerabilities, and BASE’s appeal to scammers indicate a troubling pattern across decentralized finance (DeFi) networks.

政治主题模因币诈骗、多链漏洞以及 BASE 对诈骗者的吸引力的增加表明，去中心化金融 (DeFi) 网络中存在令人不安的模式。

As BASE gains popularity for its low fees, scalability, and backing by Coinbase, it’s attracting both legitimate users and bad actors. Much like the early days of Binance Smart Chain (BSC), BASE’s rapid growth has made it a hotspot for scams, thanks to its easy and affordable setup.

随着 BASE 因其低廉的费用、可扩展性和 Coinbase 的支持而受到欢迎，它吸引了合法用户和不良行为者。就像早期的币安智能链 (BSC) 一样，BASE 的快速增长使其成为诈骗的热点，这要归功于其简单且经济实惠的设置。

Trugard’s report warns that scammers are taking advantage of BASE’s low fees and simple token setup, making it easy for them to launch frequent, low-cost attacks. Scams range from classic “rug pulls” to politically themed meme coins, which are currently surging in popularity and exploiting investor interest during election season.

Trugard 的报告警告说，诈骗者正在利用 BASE 的低费用和简单的代币设置，使他们很容易发起频繁的、低成本的攻击。骗局范围从经典的“拉地毯”到政治主题的模因硬币，这些硬币目前在选举季节人气飙升，并利用了投资者的兴趣。

Trugard Labs identified five high-severity vulnerabilities frequently affecting multiple blockchain networks. The first vulnerability, Hidden Mint (Controlled Mint), involves manipulative contracts that allow unauthorized minting, inflating token supply and devaluing assets. This issue was particularly widespread on BSC, Base, and Ethereum, with each network experiencing hundreds of incidents.

Trugard Labs 发现了五个经常影响多个区块链网络的高严重性漏洞。第一个漏洞是隐藏铸币（受控铸币），涉及操纵合约，允许未经授权的铸币、夸大代币供应和资产贬值。这个问题在 BSC、Base 和以太坊上尤其普遍，每个网络都发生了数百起事件。

The second vulnerability, Hidden Balance Update, lets scammers make unauthorized balance adjustments, exposing token holdings to hidden manipulation. This issue hit BSC and Base chains hard, pointing to a clear need for stronger balance update controls.

第二个漏洞是隐藏余额更新，诈骗者可以进行未经授权的余额调整，从而使持有的代币暴露于隐藏的操纵之下。这个问题对 BSC 和 Base 链造成了沉重打击，表明显然需要更强的平衡更新控制。

Another major risk, Malicious Boolean Checks; a smart contracts flaw that enables scammers to halt token transfers or approvals—was especially common on Ethereum, where unauthorized transactions create a heightened risk for token holders.

另一个主要风险是恶意布尔检查；智能合约缺陷使诈骗者能够停止代币转移或批准，这在以太坊上尤其常见，未经授权的交易给代币持有者带来了更高的风险。

Another critical vulnerability, Digital Signature/Import Tampering, allows entities to control unapproved token burns, with Base showing the highest susceptibility. Malicious Burn Functions, allowing unchecked token destruction, also surfaced frequently on Ethereum, adding further concerns for investor security.

另一个严重漏洞是数字签名/导入篡改，允许实体控制未经批准的代币销毁，其中 Base 表现出最高的易受影响性。以太坊上也频繁出现允许不受控制地销毁代币的恶意销毁功能，这进一步增加了对投资者安全的担忧。

September 2024 saw a series of politically themed meme coin scams. Tokens like “Trump Vs Harris” and “Trump2024” aren’t just cashing in on political sentiment; they’re designed to generate quick profits for their creators, often leaving investors with worthless tokens.

2024 年 9 月，发生了一系列以政治为主题的模因币骗局。像“Trump Vs Harris”和“Trump2024”这样的代币不仅仅是在利用政治情绪；它们的目的是为其创造者带来快速利润，但往往会给投资者带来毫无价值的代币。

Trugard Labs’ Xcalibur suite flagged these tokens for serious issues, such as hidden balance updates, reentrancy risks, and faulty transfer functions. These scams play on investors’ political or ideological leanings, creating a sense of urgency to buy in, only for scammers to pull out as prices rise.

Trugard Labs 的 Xcalibur 套件将这些代币标记为存在严重问题，例如隐藏的余额更新、重入风险和错误的传输功能。这些骗局利用了投资者的政治或意识形态倾向，制造了一种买入的紧迫感，但随着价格上涨，骗子们却纷纷退出。

Among the tokens flagged:

在标记的代币中：

According to researchers, BASE is following a path similar to that of Binance Smart Chain (BSC) in its early days. With low fees and an easy setup, BSC became a lucrative target for cybercriminals pulling off rug pulls and pump-and-dump schemes.

研究人员表示，BASE 正在走与币安智能链（BSC）早期类似的道路。凭借低廉的费用和简单的设置，BSC 成为网络犯罪分子实施拉高和拉高转储计划的有利可图的目标。

BASE now faces similar problems, prompted by social media hype and anonymous developers launching unverified projects. Trugard’s report highlights the influx of cloned projects and meme coins on BASE—a tactic scammers use to mislead investors by copying branding from popular projects.

由于社交媒体的炒作和匿名开发商推出未经验证的项目，BASE 现在面临着类似的问题。 Trugard 的报告强调了 BASE 上克隆项目和模因币的涌入——诈骗者利用这种策略通过复制热门项目的品牌来误导投资者。

This increase in scams on BASE and other networks is a reputational threat to Web3 projects. It risks turning away new users and preventing credible developers. However, tools like Trugard Labs’ Xcalibur suite and others can help control these threats by providing early warning signs for malicious contracts.

BASE 和其他网络上诈骗的增加对 Web3 项目的声誉构成威胁。它有可能拒绝新用户并阻止可信的开发人员。然而，Trugard Labs 的 Xcalibur 套件等工具可以通过为恶意合约提供早期预警信号来帮助控制这些威胁。

In the meantime, users should exercise caution and apply common sense to protect against the growing number of scams, especially with new tokens promising quick returns. Trugard’s findings serve as a reminder that DeFi is not immune to cybersecurity threats, urging the blockchain community to prioritize security alongside growth in this vibrant space.

与此同时，用户应谨慎行事并运用常识来防范越来越多的诈骗，尤其是承诺快速回报的新代币。 Trugard 的发现提醒人们，DeFi 无法免受网络安全威胁，敦促区块链社区在这个充满活力的领域将安全性和增长放在首位。