Cryptohack Roundup：610万美元的Wemix盗窃

每周，信息安全媒体集团都会在数字资产中解决网络安全事件。本周，610万美元的Wemix盗窃，OKX暂停服务，佛蒙特州删除了Coinbase Case

Cryptohack Roundup: $6.1M Wemix Theft

Cryptohack Roundup：610万美元的Wemix盗窃

Every week, Information Security Media Group is rounding up cybersecurity incidents in digital assets. This week, Wemix was hit by a major crypto theft, siphoners targeted web3 users on Bybit and an old Trezor bug was disclosed.

每周，信息安全媒体集团都在汇总数字资产中的网络安全事件。本周，Wemix被一次重大加密盗窃袭击，Siphoners针对Bybit上的Web3用户，并披露了旧的Trezor错误。

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

另请参阅：ondemand | NSM-8 2022年7月截止日期：抗量子算法实施的钥匙

Wemix Hit by $6.1M Crypto Theft

Wemix受到610万美元的加密盗窃的打击

Hackers stole crypto tokens valued at around $6.1 million from blockchain gaming platform Wemix, Wemix CEO Kim Seok-Hwan said. The attackers targeted Wemix by exploiting stolen authentication keys used for monitoring the non-fungible token platform Nile, which were likely accessed from a compromised shared repository, according to a report by Yonhap News.

Wemix首席执行官Kim Seok-Hwan说，黑客偷了加密代币，价值约为610万美元。根据Yonhap News的一份报告，攻击者通过利用用于监视不可杀死的令牌平台尼罗河的被盗身份验证密钥来针对Wemix，根据Yonhap News的报告，该密码可能是从折衷的共享存储库中访问的。

Over a period of more than two months, the hackers systematically executed a series of 15 withdrawal attempts, ultimately succeeding in 13, and laundered the funds through multiple exchanges.

在一个多个月的时间内，黑客系统地执行了一系列15次撤回尝试，最终在13次取得了成功，并通过多次交流为资金洗钱。

Wemix, developed by South Korea’s Wemade, is used to integrate blockchain technology into games such as Mir4. The company had to suspend operations after the attack to migrate its infrastructure to a more secure environment. It aims to resume service by March 21.

由韩国Wemade开发的Wemix用于将区块链技术集成到Mir4之类的游戏中。攻击后，该公司必须暂停操作，以将其基础设施迁移到更安全的环境。它旨在在3月21日之前恢复服务。

OKX Suspends Web3 Services After Lazarus Attempt

OKX尝试Lazarus之后的Web3服务

OKX is temporarily suspending its decentralized exchange aggregator services to implement security upgrades, following reports that North Korea’s Lazarus Group attempted to launder $100 million worth of stolen cryptocurrency on the platform.

OKX暂时暂停其去中心化的交换汇总服务以实施安全升级，此前有报道称，朝鲜的Lazarus Group试图在该平台上洗钱价值1亿美元的被盗加密货币。

The move comes after a record-breaking $1.5 million heist from Bybit. Despite reports by Blockworks saying that EU regulators are investigating OKX for unregistered activity and potential breaches of European Union’s anti-money laundering regulations, a spokesperson for the exchange told The Block that they are not aware of any such probe.

此举是在从拜比特（Bybit）获得了创纪录的150万美元抢劫案之后。尽管Blockworks的报道说，欧盟监管机构正在调查OKX是否有未注册的活动和潜在的欧盟反洗钱法规的违反，但该交易所的发言人告诉该街区，他们不知道任何此类调查。

The exchange said it detected "coordinated misuse" of its services and is taking several steps to prevent further abuse.

该交易所表示，它发现了对服务的“协调滥用”，并正在采取几个步骤来防止进一步的虐待。

Planned security measures include a system to identify and track hacker-linked addresses on its DEX aggregator, alongside the ability to immediately block these addresses on its centralized exchange.

计划的安全措施包括一个系统，可以在其DEX聚合器上识别和跟踪黑客链接的地址，并能够在其集中式交易所中立即阻止这些地址。

It is also collaborating with blockchain explorers to enhance transparency and introduce clear labels for highlighting suspicious transactions.

它还与区块链探险家合作，以提高透明度并引入清晰的标签，以突出可疑交易。

Vermont Drops Coinbase Lawsuit After SEC Case Dropped

佛蒙特州在SEC案件下降后撤销了Coinbase诉讼

Vermont’s Department of Financial Regulation has dropped its lawsuit against Coinbase, following the U.S. Securities and Exchange Commission’s decision to dismiss its own case against the crypto exchange.

在美国证券交易委员会决定驳回对加密货币交易所的案件之后，佛蒙特州的金融监管部已对Coinbase诉讼。

The state regulator was preparing to sue the exchange again in response to the SEC’s move. Vermont had accused Coinbase of offering unregistered securities through its staking service, aiming to enjoin the exchange from offering the service in the state.

国家监管机构正准备根据SEC的举动再次起诉交流。佛蒙特州曾指责Coinbase通过其积分服务提供未注册的证券，旨在禁止交易所提供该州的服务。

The regulator cited the SEC’s recent plans to form a task force for crypto regulation as a key factor in their decision to withdraw their show cause order without prejudice.

监管机构列举了SEC最近的计划，该计划是组成加密货币法规的工作组，是他们决定在不偏见的情况下撤回其表演命令的关键因素。

Coinbase Chief Legal Officer Paul Grewal said in a statement that they are pleased to see the case being dropped and that they continue to be engaged with the SEC on forging a clear path forward for the industry.

Coinbase首席法律官Paul Grewal在一份声明中说，他们很高兴看到此案被撤销，并且他们继续与SEC订婚，为行业开辟了一条清晰的道路。

The lawsuit, filed in June 2023, was part of a broader crackdown by several U.S. states on crypto firms operating without proper registration.

该诉讼于2023年6月提起，是美国几个州在没有适当注册的情况下进行的加密货币公司更广泛镇压的一部分。

Now, with several cases being dropped or dismissed and the resignation of SEC Chair Gary Gensler, crypto firms appear to be gaining some legal ground.

现在，由于有几起案件被撤销或驳回，而SEC主席Gary Gensler的辞职似乎正在获得一定的法律基础。

Earlier this year, Grewal also filed a Freedom of Information Act request to obtain details on the SEC’s crypto enforcement actions and internal deliberations under Gensler’s leadership.

今年早些时候，格雷瓦尔（Grewal）还提出了《信息自由法》的要求，以获取有关SEC的加密执法行动和在Gensler领导下的内部审议的详细信息。

New Remote Access Trojan Targets Crypto Wallet Extensions

新的远程访问Trojan目标加密钱包扩展

Microsoft has identified a new remote access Trojan called StilachiRAT which targets 20 cryptocurrency wallet extensions on Google Chrome.

微软已经确定了一个名为Stilachirat的新的远程访问特洛伊木马，该木马针对Google Chrome上的20个加密货币钱包扩展。

The malware is capable of stealing sensitive data, installing programs, performing system administration tasks and more. It can also extract saved credentials from Chrome, monitor clipboard activity for sensitive information and tracks active applications.

恶意软件能够窃取敏感数据，安装程序，执行系统管理任务等等。它还可以从Chrome中提取保存的凭据，监视剪贴板活动以获取敏感信息并跟踪活动应用程序。

StilachiRAT is detected by Microsoft Defender Virus Protection as Trojan:Win32/Stilachi and Variant:Trojan/Stilachi. It uses techniques like deleting system logs (e.g., c:/windows/temp) and manipulating Windows registry settings (e.g., "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") to achieve persistence on the infected system.

Microsoft Defender病毒保护被Trojan检测到Stilachirat：Win32/Stilachi and Variant：Trojan/Stilachi。它使用删除系统日志（例如，C：/Windows/Temp）和操纵Windows注册表设置（例如，“ HKCU \ Software \ Microsoft \ Microsoft \ Windows \ CurrentVersion \ run”）等技术来实现受感染系统的持久性。

The Trojan can receive commands and report back to a remote command-and-control server, which allows attackers to perform actions like rebooting the system, stealing files, manipulating applications and more.

特洛伊木马可以接收命令并将其报告回远程命令和控制服务器，该服务器允许攻击者执行诸如重新启动系统，窃取文件，操纵应用程序等的操作。

It is programmed to connect to a specific IP address and port, with a timeout of 30 seconds for establishing the connection.

它被编程为连接到特定的IP地址和端口，以建立连接的30秒暂停。

The targeted crypto wallet extensions include:

有针对性的加密钱包扩展名包括：

MetaMask

metamask

Coinbase Wallet

Coinbase钱包

Trust Wallet

信任钱包

TronLink

Tronlink

CCVault

CCVAULT

TokenPocket

tokenpocket

IX Swap

ix交换

Guarda

警卫

Atomic

原子

Coin98

COIN98

Bitpie

CoinBurp

Coinburp

Easy

简单的