网络钓鱼攻击在加密货币中如何运作

基于加密的网络钓鱼攻击日益增加。网络犯罪分子向加密货币投资者发送恶意消息。该消息声称来自加密货币交易所或钱包提供商。

Cryptocurrency is booming, and so are cryptocurrency scams. Cybercriminals are targeting crypto whales with phishing scams, tricking them into revealing the private key of their crypto wallet. These investors have massive amounts of crypto holdings, making them a prime target for scammers.

加密货币正在蓬勃发展，加密货币骗局也是如此。网络犯罪分子通过网络钓鱼诈骗瞄准加密鲸鱼，诱骗他们泄露加密钱包的私钥。这些投资者持有大量加密货币，这使他们成为诈骗者的主要目标。

Tricksters use fake emails and websites to deceive whales into revealing their personal information. In this way, phishing scams are causing significant financial losses in the crypto industry. Currently, various security challenges need to be addressed within the cryptocurrency space.

骗子使用虚假电子邮件和网站来欺骗鲸鱼泄露他们的个人信息。这样，网络钓鱼诈骗正在给加密行业造成重大的经济损失。目前，加密货币领域需要解决各种安全挑战。

How Phishing Attack Works In Crypto

网络钓鱼攻击在加密货币中如何运作

Crypto-based phishing attacks are increasing day by day. A cybercriminal sends a malicious message to a crypto investor. This message claims to be from a crypto exchange or wallet provider.

基于加密的网络钓鱼攻击日益增加。网络犯罪分子向加密货币投资者发送恶意消息。该消息声称来自加密货币交易所或钱包提供商。

This message is often urgent, like “Your account has been compromised. Click here to secure it.” The scammer attaches a link to a fake website with the message. This fake site asks the investor to enter private keys or login credentials.

此消息通常很紧急，例如“您的帐户已被盗用。单击此处以确保其安全。”诈骗者在消息中附加了一个虚假网站的链接。该虚假网站要求投资者输入私钥或登录凭据。

Once the investor enters information, the attacker gets access to their cryptocurrency wallet. Now, the scammer can easily transfer funds to their wallet.

一旦投资者输入信息，攻击者就可以访问他们的加密货币钱包。现在，骗子可以轻松地将资金转移到他们的钱包中。

Phishing attacks target crypto wallets, cryptocurrency exchanges, and initial coin offerings. Mostly, scammers convert the stolen crypto funds into fiat money or other digital assets.

网络钓鱼攻击针对的是加密货币钱包、加密货币交易所和首次代币发行。大多数情况下，诈骗者会将被盗的加密货币资金转换为法定货币或其他数字资产。

They are proficient in using sophisticated social engineering tactics to deceive victims into revealing their personal information.

他们擅长使用复杂的社会工程策略来欺骗受害者泄露他们的个人信息。

Notable Phishing Scams in 2024

2024 年值得注意的网络钓鱼诈骗

Below, you can check the details for the top phishing scams of 2024 that happened with crypto whales.

您可以在下面查看 2024 年与加密鲸鱼相关的顶级网络钓鱼诈骗的详细信息。

Scam 1: The $24 Million Whale Hack

骗局 1：价值 2400 万美元的鲸鱼黑客攻击

A prominent crypto whale fell victim to a phishing scam In September 2024. This scam stole $24 Million worth of crypto assets from the whale. The attackers exploited advanced social engineering tactics to deceive investors into revealing sensitive information.

2024 年 9 月，一头著名的加密鲸鱼成为网络钓鱼骗局的受害者。该骗局从鲸鱼身上窃取了价值 2400 万美元的加密资产。攻击者利用先进的社会工程策略来欺骗投资者泄露敏感信息。

The stolen assets included liquid staking derivatives, such as Rocket Pool ETH (rETH) and Lido Staked ETH (stETH). It was valued at $8.5 Million and $15.6 Million, respectively.

被盗资产包括流动性质押衍生品，例如 Rocket Pool ETH (rETH) 和 Lido Staked ETH (stETH)。它的估值分别为 850 万美元和 1560 万美元。

The attackers used a fake website claiming to be a legitimate cryptocurrency platform. The attackers sent a phishing email to the investor about securing the account immediately due to a supposed security breach.

攻击者使用了一个声称是合法加密货币平台的虚假网站。攻击者向投资者发送了一封网络钓鱼电子邮件，要求由于所谓的安全漏洞而立即保护帐户。

The email had a malicious link to the fake website. The investor clicked the link and entered their private keys and login credentials. In this way, scammers managed to drain funds from the investor’s wallet.

该电子邮件包含指向虚假网站的恶意链接。投资者单击该链接并输入其私钥和登录凭据。通过这种方式，骗子成功地从投资者的钱包中抽走资金。

Scam 2: The $55 Million DAI Phishing Attack

骗局 2：价值 5500 万美元的 DAI 网络钓鱼攻击

The second high-profile phishing case is about a whale who lost $55 million worth of DAI stablecoin. The attackers used a combination of fake emails and social engineering tactics to gain control over the whale’s wallet.

第二起备受瞩目的网络钓鱼案件涉及一头鲸鱼丢失了价值 5500 万美元的 DAI 稳定币。攻击者结合使用虚假电子邮件和社会工程策略来控制鲸鱼的钱包。

Like the first case, the crypto whale clicked on a link from a malicious email. The email was about warning the investor of suspicious activity on their account.

与第一个案例一样，加密鲸点击了恶意电子邮件中的链接。该电子邮件旨在警告投资者其账户上存在可疑活动。

The investor entered their login credentials by clicking on the link. After that, attackers accessed the wallet and quickly transferred the $55 million worth of DAI to their accounts.

投资者通过单击链接输入登录凭据。此后，攻击者访问了钱包并迅速将价值 5500 万美元的 DAI 转入他们的账户。

Scam 3: The Blast Network Scam

骗局 3：爆炸网络骗局

The Blast Network experienced a significant phishing scam in October 2024. The scam resulted in the loss of approximately $35 million worth of Few Wrapped Duo ETH (fwDETH) tokens.

Blast Network 在 2024 年 10 月经历了一次重大网络钓鱼诈骗。该诈骗导致价值约 3500 万美元的 Few Wrapped Duo ETH (fwDETH) 代币丢失。

Attackers used sophisticated social engineering tactics to deceive the investor. They sent emails posing as customer support from a well-known DeFi platform. The emails claimed the investor’s account needed immediate verification after a security breach.

攻击者使用复杂的社会工程策略来欺骗投资者。他们发送电子邮件，冒充知名 DeFi 平台的客户支持。这些电子邮件声称，投资者的账户在出现安全漏洞后需要立即进行验证。

The investor entered their private keys and login credentials on the fake site. It allowed the attackers to access and transfer the fwDETH tokens. The victim also signed a fraudulent “permit” signature to enable the attackers to drain funds from the wallet.

投资者在虚假网站上输入了私钥和登录凭据。它允许攻击者访问和转移 fwDETH 代币。受害者还签署了欺诈性的“许可”签名，使攻击者能够从钱包中抽走资金。

Best Ways To Protect Against Phishing Scams

防范网络钓鱼诈骗的最佳方法

Crypto investors need to follow below practices to protect against phishing scams:

加密货币投资者需要遵循以下做法来防范网络钓鱼诈骗：

Be wary of any unsolicited emails or messages claiming to be from a cryptocurrency exchange, wallet provider, or other crypto-related entity.

警惕任何声称来自加密货币交易所、钱包提供商或其他加密相关实体的未经请求的电子邮件或消息。

Inspect the sender’s email address and domain name carefully. Official emails will typically come from a domain that matches the organization’s website address.

仔细检查发件人的电子邮件地址和域名。官方电子邮件通常来自与组织网站地址匹配的域。

Hover over any links in the email or message without clicking on them. This will usually display the true destination of the link in your browser’s status bar.

将鼠标悬停在电子邮件或消息中的任何链接上，而不单击它们。这通常会在浏览器的状态栏中显示链接的真实目的地。

Never enter your private keys, login credentials, or other sensitive information on any website or form that you access through a link in an email or message.

切勿在通过电子邮件或消息中的链接访问的任何网站或表单上输入您的私钥、登录凭据或其他敏感信息。

If you’re unsure whether an email or message is legitimate, contact the organization directly through their official website or customer support channels.

如果您不确定电子邮件或消息是否合法，请直接通过该组织的官方网站或客户支持渠道联系该组织。

Use a hardware cryptocurrency wallet to store your digital assets securely. Hardware wallets are not connected to the internet, making them immune to phishing attacks.

使用硬件加密货币钱包安全地存储您的数字资产。硬件钱包不连接到互联网，因此不会受到网络钓鱼攻击。

Phishing scams are still targeting crypto whales. The scammers are developing unique techniques to steal crypto funds from people. It shows the increased need for tight security for crypto investors.

网络钓鱼诈骗仍然针对加密鲸鱼。诈骗者正在开发独特的技术来窃取人们的加密货币资金。这表明加密货币投资者对严格安全的需求不断增加。

Investors should protect themselves from falling victim to these scams after understanding the techniques used by attackers. Start following best practices

在了解攻击者使用的技术后，投资者应该保护自己免受这些骗局的影响。开始遵循最佳实践