Coindcx首席执行官Sumit Gupta批评Wazirx和Phemex缺乏对最近的安全漏洞的透明度

意见：Coindcx首席执行官Sumit Gupta批评了两次主要交易所Wazirx和Phemex，因为他们对最近的安全马裤缺乏透明度。

Sumit Gupta, the CEO of CoinDCX, has expressed his view on X about two major exchanges, WazirX and Phemex, lacking transparency regarding recent security breaches. In his opinion, this lack of transparency has had a huge impact on the crypto community with two exchanges having to deal with⁷ huge sums stolen.

Coindcx首席执行官Sumit Gupta对X表示了关于两个主要交易所的观点，即Wazirx和Phemex，对最近的安全违规缺乏透明度。在他看来，这种缺乏透明度对加密货币社区产生了巨大影响，两次交流必须应对盗窃巨额赚钱。

Gupta feels that if both exchanges had disclosed their breaches like Bybit, the Safe vulnerability could have been caught earlier, potentially preventing Bybit’s hack.

古普塔（Gupta）认为，如果两种交流都透露了像拜比特（Bybit）这样的违规行为，那么安全的脆弱性可能会早些时候被抓住，并有可能阻止拜比特（Bybit）的黑客攻击。

Unpopular Opinion: If WazirX and Phemex had disclosed all of their security breach details openly and transparently as Bybit did, the Safe{wallet} infra vulnerability could have been caught, and the Bybit hack could have been prevented. @benbybitOne thing common in these 3…— Sumit Gupta (CoinDCX) (@smtgpt) February 26, 2025

不受欢迎的意见：如果Wazirx和Phemex像Bybit一样公开，透明地透露了所有安全漏洞，那么可以抓住安全的{Wallet} Infra脆弱性，并且本来可以阻止Bybit Hack。 @benbybitone在这3…中常见的东西 - Sumit Gupta（Coindcx）（@smtgpt）2025年2月26日

Bybit recently suffered a $1.4 billion security breach where hackers exploited Gnosis Safe multisig wallet vulnerabilities using delegatecall to modify transactions and steal cash.

拜比特（Bybit）最近遭受了14亿美元的安全漏洞，黑客使用授权的gnosis安全多西格钱包脆弱性，以修改交易并窃取现金。

Bybit disclosed the attack specifics enabling other platforms to strengthen their security. Meanwhile, Safe (formerly Gnosis Safe) acknowledged the issue, began an investigation, and is working on security enhancements while urging users to follow best practices.

Bybit透露了攻击细节，使其他平台能够加强其安全性。同时，安全（以前是GNOSIS安全）承认了这个问题，开始了调查，并正在努力提高安全性，同时敦促用户遵循最佳实践。

In July 2024, WazirX encountered a vulnerability amounting to $230 million when hackers exploited flaws in its Gnosis Safe multisig wallet for illegal payment transfers.

2024年7月，Wazirx遇到了一个脆弱性，当时黑客在其Gnosis Safe Multisig Wallet中利用缺陷进行非法付款转移时，遇到了2.3亿美元。

In April 2024, Phemex was hacked leading to losses of over $100 million. The assault followed a similar pattern with hackers using rogue smart contracts to alter transactions and steal cash.

2024年4月，Phemex被黑客入侵，导致损失超过1亿美元。突击遵循类似的模式，黑客使用Rogue Smart合同来改变交易并窃取现金。

Gupta observed that the three incidents in this hack had a common factor being the involvement of Gnosis Safe multisig wallets. Hackers exploited delegatecall vulnerabilities in these wallets to modify contract storage and steal funds.

古普塔（Gupta）观察到，该黑客中的三起事件具有一个共同的因素，是gnosis安全的多西格钱包的参与。黑客在这些钱包中利用了授权漏洞来修改合同存储并窃取资金。

He explained, “The attack deployed malicious smart contracts in advance to do a masked upgrade, containing hidden backdoors and the ability to manipulate contract storage and steal funds by executing unauthorized transfers by setting the ‘operation’ field to 1 (delegatecall) instead of 0 (call).”

他解释说：“袭击事先部署了恶意的智能合约，以进行掩盖的升级，包含隐藏的后门以及通过将“操作”字段设置为1（delegatecall）而不是0（呼叫）来执行未经授权的转移来操纵合同存储并窃取资金。”

CoinDCX has implemented strong security measures to prevent such attacks as assured by Gupta. The exchange does not use Gnosis Safe wallets, reducing the risk of similar exploits.

CoindCX采取了强有力的安全措施，以防止Gupta保证的攻击。该交换不使用GNOSIS安全钱包，从而降低了类似利用的风险。

Additionally, CoinDCX does not use smart contracts for fund transfers, which helps avoid risks like proxy attacks and delegatecall exploits. All transactions require manual approval to enhance security and prevent unauthorized fund movements.

此外，CoindCX不将智能合约用于基金转移，这有助于避免诸如代理攻击和授权攻击之类的风险。所有交易都需要手动批准，以增强安全性并防止未经授权的基金移动。

Lastly, Gupta emphasized, “Hackers are getting quite active these days! We and our security team are always on our toes when it comes to security. Stay safe!”

最后，古普塔强调：“这些天黑客变得非常活跃！在安全方面，我们和我们的安全团队始终处于我们的脚趾上。保持安全！”