|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Polymarket预测市场应用程序的一些用户抱怨说,他们通过谷歌账户登录后,钱包就神秘地被掏空了。
Several users of the decentralized prediction market app Polymarket have reported their wallets being mysteriously drained after logging in via their Google accounts.
去中心化预测市场应用程序 Polymarket 的几名用户报告称,他们的钱包在通过谷歌账户登录后被神秘地掏空。
After making deposits into their Polymarket accounts, the users discovered that their wallets had been emptied, leaving a balance of zero. Notably, these attacks have only affected users who accessed the platform through Google logins, while those using wallet browser extensions like MetaMask or Trustwallet have not encountered any issues.
在向 Polymarket 账户存款后,用户发现钱包已被清空,余额为零。值得注意的是,这些攻击仅影响通过 Google 登录访问该平台的用户,而使用 MetaMask 或 Trustwallet 等钱包浏览器扩展的用户则没有遇到任何问题。
Cointelegraph spoke to two victims of these attacks, who shared their experiences and provided insights into the events that unfolded.
Cointelegraph 采访了这些攻击的两名受害者,他们分享了他们的经历并提供了对所发生事件的见解。
The first victim, who goes by the Discord username "HHeego," encountered problems while attempting to deposit funds into his Polymarket account. After depositing $1,085.80 in USD Coin (USDC) from Binance on August 5, the transaction did not appear in his account within the Polymarket app despite waiting for several hours.
第一个受害者的 Discord 用户名是“HHeego”,他在尝试将资金存入他的 Polymarket 账户时遇到了问题。 8 月 5 日从币安存入 1,085.80 美元的美元硬币 (USDC) 后,尽管等待了几个小时,但该交易并未出现在他在 Polymarket 应用程序中的账户中。
Believing there might be an issue with his account, HHeego joined the Polymarket Discord server to seek assistance. He discovered that several other users were experiencing similar problems, which appeared to be related to a user interface issue. This eased HHeego's concerns, and he decided to wait for the issue to be resolved.
HHeego 认为自己的帐户可能存在问题,因此加入了 Polymarket Discord 服务器来寻求帮助。他发现其他几个用户也遇到了类似的问题,这似乎与用户界面问题有关。这打消了HHeego的顾虑,他决定等待问题得到解决。
Later that day, the deposit finally appeared on the user interface, but it "vanished almost as quickly as it had come," according to HHeego. He realized that his entire USDC balance of $1,188.72 had disappeared. This balance included $102.92 that had been in the account before the deposit was made, as well as the deposit itself.
当天晚些时候,存款终于出现在用户界面上,但据 HHeego 称,它“几乎像来的时候一样消失了”。他意识到他的 1,188.72 美元 USDC 余额全部消失了。该余额包括存款前账户中的 102.92 美元以及存款本身。
Interestingly, HHeego's $2,000 worth of open trades remained untouched.
有趣的是,HHeego 价值 2,000 美元的未平仓交易仍然没有受到影响。
After inspecting his account history using the Polygonscan block explorer, HHeego discovered that his USDC balance had been transferred to an account labeled "Fake_Phishing399064." He then promptly submitted a ticket to Polymarket's customer support team to report the incident.
在使用 Polygonscan 区块浏览器检查他的账户历史记录后,HHeego 发现他的 USDC 余额已转移到标记为“Fake_Phishing399064”的账户。随后,他立即向 Polymarket 的客户支持团队提交了一张罚单,报告了这一事件。
When the customer support agent heard HHeego's story, he expressed disbelief and asked, "Haven't you withdrawn that amount?" To which HHeego replied, "No I haven't." The agent then inquired, "Are you sure it wasn't you then?" and HHeego responded, "I am 100% sure."
客服听到HHeego的故事后,表示难以置信,问道:“你不是已经提取了那么多钱吗?” HHeego 回答说:“不,我没有。”经纪人接着问道:“你确定当时不是你吗?” HHeego 回答说:“我百分百确定。”
In the image below, Cointelegraph has redacted the agent's screen name to protect his privacy.
在下图中,Cointelegraph 已经修改了特工的屏幕名称以保护他的隐私。
A conversation between HHeego and a customer service agent. Source: HHeego
HHeego 和客户服务代理之间的对话。来源:HHeego
The agent proceeded to ask HHeego if "your PK got leaked or you got phished somehow." However, the user, who claims to be new to the crypto world, initially didn't understand what the agent meant by a "PK leak." He also stated that he has never used a browser extension wallet and has only ever used a Google login to access Polymarket.
特工继续询问 HHeego 是否“你的 PK 被泄露或者你被钓鱼了”。然而,这位自称刚接触加密世界的用户最初并不明白特工所说的“PK泄露”是什么意思。他还表示,他从未使用过浏览器扩展钱包,仅使用谷歌登录访问过Polymarket。
After asking a few more questions, the agent informed HHeego that the team was investigating the anomaly and would contact him once they had more information.
在又问了几个问题后,特工告诉 HHeego,团队正在调查该异常现象,一旦获得更多信息就会与他联系。
Another $4K gets swiped
又被刷了 4K 美元
Convinced that the wallet drain was some kind of "glitch" that would eventually be worked out, HHeego went on to deposit an additional $4,111.31 on August 11. As before, the "fake phishing" account drained all of the funds, bringing the user's total losses to $5,197.11.
HHeego 确信钱包流失是某种“故障”,最终会得到解决,于是在 8 月 11 日又存入了 4,111.31 美元。和以前一样,“假网络钓鱼”账户耗尽了所有资金,使用户的总资金被盗。亏损至 5,197.11 美元。
At this point, the user became convinced that his Polymarket account was hacked. He closed all of his trades, amounting to nearly $1,000 in funds, and withdrew his balance to his Binance account. The proceeds from these trades were not touched by the attacker, and the withdrawal was successful.
此时,该用户确信他的 Polymarket 帐户已被黑客入侵。他关闭了所有交易,资金总额接近 1,000 美元,并将余额提取到他的币安账户。这些交易的收益没有被攻击者触及,提现成功。
After retrieving his funds, HHeego contacted customer service again. This time, the customer service agent told him that his account was compromised and he should stop using it. According to the user, the agent also told him "they are close to understanding 100% what has happened."
取回资金后,HHeego再次联系了客服。这次,客服代表告诉他,他的帐户已被盗用,他应该停止使用该帐户。据该用户称,经纪人还告诉他“他们已经接近 100% 了解发生了什么。”
He received one last message from customer service on August 15. In this message, the agent stated that the attack was "a complex situation" and that the team wanted to have all of the details before communicating its next steps. The agent then referred HHeego to another team member.
8 月 15 日,他收到了客户服务部的最后一条消息。在这条消息中,代理表示这次攻击是“一个复杂的情况”,团队希望在传达下一步措施之前了解所有详细信息。然后,特工将 HHeego 转介给另一名团队成员。
Reported last customer service message from Polymarket. Source: HHeego
报告了来自 Polymarket 的最新客户服务消息。来源:HHeego
HHeego claimed that he did not receive any further information from the Polymarket team after August 15.
HHeego 声称,8 月 15 日之后他没有收到 Polymarket 团队的任何进一步信息。
Blockchain data confirms many aspects of HHeego's story. The account was drained of $1,188.72 USDC through a "proxy" function call on August 5. On August 11, an additional $4,111.31 was removed from the account. In both cases, the function was called by
区块链数据证实了 HHeego 故事的许多方面。 8 月 5 日,该账户通过“代理”函数调用被抽走 1,188.72 美元 USDC。8 月 11 日,又从该账户中删除了 4,111.31 美元。在这两种情况下,该函数都被调用
免责声明:info@kdj.com
所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!
如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。
-
- DOGEN:永远获胜的真正阿尔法的终极 Memetoken
- 2024-09-30 02:20:01
- 想象一下梦想中的生活——豪华汽车、大笔现金和引人注目的女人。这就是DOGEN的生活方式!
-
- 发现可能与比特币一起崛起并大幅提高利润的山寨币
- 2024-09-30 02:15:02
- 本指南揭示了准备成长的顶级竞争者。 CYBRO 预售超过 250 万美元:百万分之一的下一代 DeFi 投资机会