加密货币骗局链接到新铸造的“ $ ramaphosa”代币，利用了南非议会的官方X，Facebook和YouTube帐户

与新近铸造的“ $ ramaphosa”代币相关的加密货币骗局利用了南非议会的官方X，Facebook和YouTube帐户

A cryptocurrency scam has hit South African Parliament, with hackers exploiting the institution’s official X, Facebook, and YouTube accounts on Saturday, March 15, 2025, to promote a fraudulent token.

一个加密货币骗局袭击了南非议会，黑客在2025年3月15日（星期六）剥削了该机构的官方X，Facebook和YouTube帐户，以宣传欺诈性的令牌。

The scam, which saw the creation of a new cryptocurrency and subsequent presale promotion via hacked government channels, was part of a broader cyberattack.

该骗局是建立了新的加密货币，随后通过黑客政府渠道进行了预售，这是一个更广泛的网络攻击的一部分。

A review of the blockchain activity shows the token was created less than 24 hours before the hack, according to on-chain data from Solscan, Birdeye, and GeckoTerminal.

根据Solscan，Birdeye和Geckoterminal的链数据，对区块链活动的综述表明，该令牌是在黑客攻击前不到24小时创建的。

Analysis of the Solana blockchain reveals that the creator of the $Ramaphosa token is the Solana wallet 73V5WCNqQRuLj2V1ryH1zNrxgthGu7HrGPDViTn1GpxK, which is explicitly tagged as the Token Creator and associated with Pump.fun, confirming that the token was launched using its smart contract system. The same wallet is linked to the @GouvofRSA account, which falsely claimed to be the “official crypto feed of Parliament of the Republic of South Africa” and was used to create at least two tokens, including $Ramaphosa and ParliamentofRSA (RSATOKEN).

对Solana区块链的分析表明，$ ramaphosa代币的创建者是Solana Wallet 73V5WCNQRULJ2V1RYH1ZNRXGTHGU7HRGPDVITN1GPXK，它被明确标记为Token Creator并与Pump.Fun prock.fun systry prosport.fun systry poster.fun systry the token prosport.fun the token the token token token token tosken token token tosken with token with token with token tosken。同一钱包与@gouvofrsa帐户有关，该帐户错误地声称是“南非共和国议会的官方加密饲料”，并被用来创建至少两个令牌，包括$ ramaphosa和ramaphosa和parliamementofrsa（rsatoken）。

This is further confirmed by blockchain expert and Head of FinTech and Digital Assets at Forvis Mazars in South Africa, Wiehann Olivier.

南非的Forvis Mazars，Wiehann Olivier的区块链专家和金融科技和数字资产负责人进一步证实了这一点。

“It once again points back to some of the advantages that blockchain technology has in terms of the immutability of it… any activity or transaction executed on the blockchain is traceable and open”.

“它再次指出了区块链技术在它的不变性方面具有的一些优势……在区块链上执行的任何活动或交易都是可追溯且开放的”。

A screenshot showing the confirmed creator of the $Ramaphosa token @GouvofRSA. Picture: Yeshiel Panchia

屏幕截图显示了$ ramaphosa token @gouvofrsa的确认创建者。图片：Yeshiel Panchia

Reviewing this wallet’s transaction history shows multiple interactions with the smart contract “splbot -> launch-your-own-memecoin.sol,” a known tool for rapidly generating Solana-based tokens. This suggests a premeditated scam, with fraudsters rapidly generating tokens and exploiting social media to attract investors.

审查该钱包的交易历史记录显示了与智能合约“ Splbot - >启动 - 自己全能的memecoin.sol”的多次互动，这是一种快速生成基于Solana的代币的已知工具。这表明有预谋的骗局，欺诈者迅速产生令牌并利用社交媒体来吸引投资者。

The first transactions in this wallet occurred approximately seven to nine hours before the time of the hack, aligning with the timeframe and suggesting a likely connection between the two events.

该钱包中的第一笔交易发生在黑客攻击时间之前约七到九个小时，与时间表保持一致，并提出两个事件之间的可能连接。

A screenshot from analysis tool GeckoTerminal showing the transaction history of the $Ramaphosa token. Picture: Yeshiel Panchia

分析工具的屏幕截图，显示了$ ramaphosa代币的交易历史记录。图片：Yeshiel Panchia

Shortly after the hack, the wallet moved funds, suggesting an attempt to withdraw stolen liquidity before detection. An outgoing transaction of 0.8299 SOL, valued at approximately $110, matches a common pattern in crypto scams, where scammers extract as much as possible before abandoning the project. The wallet has also conducted multiple transactions with “[email protected],” a Solana-based crypto gambling site, a known method for obfuscating financial trails in cryptocurrency-related fraud.

黑客攻击后不久，钱包搬了资金，建议试图在发现前撤离流动性。即将发出的0.8299 SOL的交易价值约为110美元，与加密骗局中的共同模式相匹配，在放弃项目之前，骗子尽可能多地提取。该钱包还使用“ [电子邮件保护]”（一个基于Solana的加密赌博网站）进行了多项交易，这是一种已知的方法，用于使与加密货币相关的欺诈中的财务踪迹混淆。

Heating up the burner

加热燃烧器

Heating up the burner further, analysis shows the same wallet has interacted with multiple other scam-like tokens, suggesting it may be part of a broader network of coordinated crypto frauds.

进一步加热燃烧器，分析表明，相同的钱包与其他多个类似骗局的标记相互作用，这表明它可能是更广泛的协调加密欺诈网络的一部分。

The timing of the token creation, immediate promotion via a compromised government account, and subsequent liquidity movements indicate a deliberate attempt to exploit the credibility of Parliament’s social media presence to facilitate financial fraud.

代币创建的时机，通过受损的政府帐户即时促进以及随后的流动性运动表明，有意试图利用议会社交媒体存在的信誉，以促进金融欺诈。

Olivier did note that while the open nature of blockchain technology is useful in tracing such indicants, it’s not without obstacles; “Of course there are challenges in terms of the pseudo-anonymity of it [blockchain], in that you can’t necessarily see who executed a transaction.”

奥利维尔（Olivier）确实指出，虽然区块链技术的开放性质可用于追踪这种迹象，但并非没有障碍。 “当然，就伪匿名性而言，​​存在挑战[区块链]，因为您不一定看到谁执行了交易。”

From a security risks perspective, the $Ramaphosa token exhibits multiple high-risk indicators. The top ten wallets control a total of 99.99999999999999 percent of the token’s supply, a strong indication of centralised control and a high likelihood of a rug pull.

从安全风险的角度来看，$ ramaphosa代币显示了多个高风险指标。前十个钱包控制着代币供应量的99.9999999999999％，这是集中控制的强烈迹象，并且很可能会吸引地毯。

The token is not listed on Jupiter’s Strict List, indicating a lack of credibility within Solana’s trading ecosystem. Its market cap of $3,722 and liquidity of $3,780 make it highly susceptible to price manipulation.

木星的严格列表中未列出该令牌，这表明在Solana的交易生态系统中缺乏信誉。它的市值为3,722美元，流动性为3,780美元，使其非常容易受到价格操纵的影响。

Most crucially, given how it was advertised, and that the price spiked and crashed within hours, matches the typical pattern of fraudulent trading schemes.

鉴于它的广告方式，最关键的是，价格在数小时内飙升和崩溃，与欺诈性交易计划的典型模式相匹配。

Tracking transactions on Raydium DEX reveals that liquidity was quickly removed shortly after trading began, another hallmark of crypto scams. This suggests the coin’s creators deliberately extracted funds before abandoning the project.

跟踪Raydium Dex的交易表明，交易开始后不久，流动性很快就被撤离，这是加密骗局的另一个标志。这表明硬币的创作者在放弃项目之前故意提取了资金。

The close proximity in timing between the creation of the $Ramaphosa token and the hacking of Parliament’s social media accounts suggests a well-planned financial fraud operation.

在创建$ ramaphosa代币与议会社交媒体帐户的黑客攻击之间的时间紧密相邻的时间表明，计划经过精心计划。

The fact that the token was rapidly generated less than 24 hours before the hack, and that the hackers immediately focused on promoting it in posts designed to deceive unsuspecting investors, aligns closely with the actions of a coordinated scam.

代币在黑客攻击前不到24小时就迅速产生，而黑客立即专注于在旨在欺骗毫无戒心的投资者的职位中推广它，这一事实与协调骗局的行为紧密相符。

The timing of the token’s creation and the hacking of Parliament’s social media accounts suggests a deliberate connection. Hackers gained access to the institution’s platforms to promote the $Ramaphosa token, exploiting its credibility to deceive investors.

代币创建的时机和议会社交媒体帐户的黑客攻击表明是有意的联系。黑客获得了该机构平台的访问权，以促进$ ramaphosa代币，从而利用其欺骗投资者的信誉。