在签署与网络钓鱼攻击相关的恶意交易后，一名加密货币交易者损失了超过 128 万美元的各种数字资产

10 月 14 日，区块链安全公司 PeckShieldAlert 报告称，一名交易员被骗后损失了大量 PEPE、APU 和 MSTR 代币

A cryptocurrency trader has lost over $1.28 million in various digital assets after signing a malicious transaction linked to a phishing attack.

一名加密货币交易员在签署与网络钓鱼攻击相关的恶意交易后，损失了超过 128 万美元的各种数字资产。

On Oct. 14, blockchain security firm PeckShieldAlert reported that a trader lost significant amounts of PEPE, APU, and MSTR tokens after being tricked into signing a phishing permit signature. Specifically, the victim’s wallet, identified by “0xb0b..40c7,” lost 108 billion PEPE, 73.8 million APU, and 165,000 MSTR tokens.

10 月 14 日，区块链安全公司 PeckShieldAlert 报告称，一名交易员在被诱骗签署网络钓鱼许可证签名后丢失了大量 PEPE、APU 和 MSTR 代币。具体来说，受害者的钱包（标识为“0xb0b..40c7”）丢失了 1080 亿个 PEPE、7380 万个 APU 和 165,000 个 MSTR 代币。

The permit signature granted attackers control over the victim’s wallet, enabling them to drain the funds in six quick transactions.

许可证签名授予攻击者对受害者钱包的控制权，使他们能够通过六次快速交易耗尽资金。

#PeckShieldAlert The address 0xb0b8…40c7 has been drained of ~$1.28M worth of cryptos, including 108B $PEPE, 73.8M $APU, and 165K $MSTR, after signing a #phishing permit signature.

#PeckShieldAlert 在签署 #phishing 许可证签名后，地址 0xb0b8…40c7 已耗尽价值约 128 万美元的加密货币，其中包括 108B $PEPE、7380 万美元 APU 和 165K $MSTR。

The #phishing address #Fake_Phishing442846 is linked to the scammers who drained $32M worth of… pic.twitter.com/fq3a4DD0tD

#phishing 地址 #Fake_Phishing442846 与骗子有联系，他们损失了价值 3200 万美元的…… pic.twitter.com/fq3a4DD0tD

— PeckShieldAlert (@PeckShieldAlert) October 14, 2024

- PeckShieldAlert (@PeckShieldAlert) 2024 年 10 月 14 日

This method of attack, known as an approval phishing attack, is gaining steam in the crypto space. In this attack, users unknowingly grant permission to malicious actors to transfer their assets.

这种攻击方法被称为批准网络钓鱼攻击，正在加密货币领域日益流行。在这次攻击中，用户在不知情的情况下授予恶意行为者转移其资产的权限。

Once they capture a signature, attackers swiftly transfer assets from the victim’s wallet to their controlled addresses. The attackers then proceed to distribute the stolen cryptos across multiple wallets.

一旦捕获签名，攻击者就会迅速将资产从受害者的钱包转移到他们控制的地址。然后，攻击者将窃取的加密货币分发到多个钱包中。

One of the wallets involved (“Fake_Phishing442846”) was previously linked to an attack two weeks ago, where over $32 million in spWETH tokens were drained. These incidents point to a growing trend of phishing attacks on cryptocurrency traders and investors.

其中一个涉及的钱包（“Fake_Phishing442846”）此前曾与两周前的一次攻击有关，当时超过 3200 万美元的 spWETH 代币被耗尽。这些事件表明，针对加密货币交易者和投资者的网络钓鱼攻击呈增长趋势。

According to reports from blockchain intelligence firm Arkham, the previous $32 million theft and the recent attack were linked to Inferno Drainer, a well-known phishing-as-a-service provider in the crypto space. Inferno Drainer offers criminals a platform to launch phishing websites and other tools to trick users into signing over control of their wallets.

根据区块链情报公司 Arkham 的报告，之前的 3200 万美元盗窃案和最近的攻击与加密货币领域著名的网络钓鱼即服务提供商 Inferno Drainer 有关。 Inferno Drainer 为犯罪分子提供了一个启动网络钓鱼网站和其他工具的平台，以诱骗用户签署并接管其钱包的控制权。

The service, which resurfaced in May 2024 after briefly ceasing operations, charges scammers 30% for phishing websites and 20% for successful attacks. Since 2021, Inferno Drainer has been linked to numerous cryptocurrency phishing attacks.

该服务在短暂停止运营后于 2024 年 5 月重新出现，针对网络钓鱼网站向诈骗者收取 30% 的费用，针对成功攻击收取 20% 的费用。自 2021 年以来，Inferno Drainer 与众多加密货币网络钓鱼攻击有关。

Data from Dune Analytics showed that the service has stolen $237.7 million from over 200,000 victims. Despite being temporarily taken down in late 2023, demand from cybercriminals drove its resurgence, with the app continuing to be a major threat in 2024.

Dune Analytics 的数据显示，该服务已从超过 20 万受害者那里窃取了 2.377 亿美元。尽管该应用程序在 2023 年底被暂时下架，但网络犯罪分子的需求推动了其死灰复燃，该应用程序在 2024 年仍然是一个主要威胁。

Phishing attacks have become a major source of losses for crypto investors. A recent Chainalysis report estimated that phishing scams have siphoned off $2.7 billion in multiple virtual assets since 2021.

网络钓鱼攻击已成为加密货币投资者损失的主要来源。 Chainaanalysis 最近的一份报告估计，自 2021 年以来，网络钓鱼诈骗已从多种虚拟资产中窃取了 27 亿美元的资金。

The approval phishing attack continues to wreak havoc, as unsuspecting users are often unaware of the permissions they are granting to attackers. Last week, Cryptomode reported another high-profile incident involving a wallet linked to a venture capital fund losing $35 million in fwDETH tokens using this same technique.

批准网络钓鱼攻击继续造成严重破坏，因为毫无戒心的用户通常不知道他们授予攻击者的权限。上周，Cryptomode 报道了另一起备受瞩目的事件，涉及与一家风险投资基金相关的钱包使用相同的技术损失了 3500 万美元的 fwDETH 代币。

This exploit led to a significant dip in the token’s value, with a 90% decrease observed after the incident. Notably, blockchain security firm CertiK’s Q3 report identified phishing as the most damaging form of attack in 2024. The report estimated losses from phishing attacks at $343.1 million across 65 incidents in Q3 alone.

此漏洞导致代币价值大幅下跌，事件发生后下降了 90%。值得注意的是，区块链安全公司 CertiK 的第三季度报告将网络钓鱼视为 2024 年最具破坏性的攻击形式。该报告估计，仅第三季度的 65 起事件中，网络钓鱼攻击造成的损失就达 3.431 亿美元。