bitcoin
bitcoin

$72382.29 USD 

1.54%

ethereum
ethereum

$2636.21 USD 

0.80%

tether
tether

$0.999660 USD 

0.05%

bnb
bnb

$601.86 USD 

-0.99%

solana
solana

$180.21 USD 

-0.22%

usd-coin
usd-coin

$0.999943 USD 

0.00%

xrp
xrp

$0.525616 USD 

0.37%

dogecoin
dogecoin

$0.174275 USD 

4.48%

tron
tron

$0.166488 USD 

1.32%

toncoin
toncoin

$5.04 USD 

-0.42%

cardano
cardano

$0.360248 USD 

3.02%

shiba-inu
shiba-inu

$0.000019 USD 

2.82%

avalanche
avalanche

$26.66 USD 

-0.79%

bitcoin-cash
bitcoin-cash

$379.71 USD 

0.10%

chainlink
chainlink

$11.97 USD 

4.58%

加密货币新闻

Trezor X 帐户遭受网络钓鱼攻击,而非 SIM 交换

2024/03/22 19:10

硬件钱包提供商 Trezor 澄清称,其官方 Twitter 帐户遭到网络钓鱼攻击(而非 SIM 交换)的破坏,导致出现欺诈性代币预售公告。尽管采取了强有力的安全措施,攻击者仍然获得了该帐户的访问权限,发布恶意链接并请求资金。 Trezor 强调其硬件钱包的安全性并未受到影响,并已采取措施减轻进一步的损害。

Trezor X 帐户遭受网络钓鱼攻击,而非 SIM 交换

SatoshiLabs Details Trezor X Account Phishing Attack

SatoshiLabs 详细介绍 Trezor X 账户网络钓鱼攻击

SatoshiLabs, the manufacturer of Trezor crypto hardware wallets, has provided a comprehensive account of an incident involving fraudulent token presale announcements posted on its official Twitter account.

Trezor 加密硬件钱包制造商 SatoshiLabs 提供了有关在其官方 Twitter 帐户上发布的欺诈性代币预售公告的事件的全面说明。

Phishing Attack, Not SIM Swap

网络钓鱼攻击,而非 SIM 交换

The company clarified that the security breach was attributed to a phishing attack, contrary to its initial suspicion of a SIM-swap attack. SatoshiLabs emphasized that it does not employ mobile devices for two-factor authentication, utilizing more secure methods instead.

该公司澄清说,安全漏洞是由网络钓鱼攻击引起的,这与最初对 SIM 卡交换攻击的怀疑相反。 SatoshiLabs 强调,它不使用移动设备进行双因素身份验证,而是使用更安全的方法。

Unauthorized Posts and Harmful Links

未经授权的帖子和有害链接

Despite these safeguards, attackers managed to post a series of unauthorized and misleading tweets, soliciting funds from users to an unidentified wallet address. Additionally, harmful links were included, redirecting users to a bogus token presale website.

尽管有这些保护措施,攻击者还是设法发布了一系列未经授权和误导性的推文,从用户那里筹集资金到一个身份不明的钱包地址。此外,还包含有害链接,将用户重定向到虚假的代币预售网站。

Blockchain Sleuth's Notification

区块链侦探的通知

Independent blockchain sleuth ZachXBT alerted his 528,000 Twitter followers of Trezor's suspected breach on March 19th.

3 月 19 日,独立区块链侦探 ZachXBT 向他的 528,000 名 Twitter 粉丝发出了有关 Trezor 涉嫌违规事件的警报。

Unauthorized Access to Twitter Account

未经授权访问 Twitter 帐户

SatoshiLabs confirmed unauthorized entry into its Twitter account on March 19th. Investigations revealed a sophisticated and premeditated phishing attack orchestrated by hackers over several weeks.

SatoshiLabs 于 3 月 19 日证实其 Twitter 帐户遭到未经授权的访问。调查显示,黑客在数周内精心策划了一次复杂且有预谋的网络钓鱼攻击。

Prompt Removal of Deceptive Posts

及时删除欺骗性帖子

Upon discovering the breach, SatoshiLabs swiftly identified and removed the deceptive posts, mitigating potential damage. The company stated: "We want to stress here that the security of all our products remains unaffected. This incident has in no way impacted or compromised the security of Trezor hardware wallets or any of our other products."

发现漏洞后,SatoshiLabs 迅速识别并删除了欺骗性帖子,减轻了潜在的损害。该公司表示:“我们想在此强调,我们所有产品的安全性均不受影响。这一事件绝不会影响或损害 Trezor 硬件钱包或我们任何其他产品的安全性。”

Attackers' Sophisticated Tactics

攻击者的复杂策略

Investigations indicated that the attackers posed as reputable entities in the cryptocurrency community starting on February 29th. They maintained a credible social media presence and engaged in seemingly genuine discussions.

调查显示,攻击者自 2 月 29 日起冒充加密货币社区中信誉良好的实体。他们在社交媒体上保持着可信的存在,并进行了看似真诚的讨论。

Impersonation and Malicious Link

冒充和恶意链接

Impersonating a well-established Twitter account with thousands of followers, the attacker contacted SatoshiLabs' public relations team, proposing an interview with the CEO. A meeting was subsequently scheduled, during which the impersonator shared a malicious link disguised as a Calendly calendar invitation.

攻击者冒充拥有数千名粉丝的知名 Twitter 帐户,联系了 SatoshiLabs 的公共关系团队,提议采访首席执行官。随后安排了一次会议,期间冒充者分享了一个伪装成 Calendly 日历邀请的恶意链接。

Compromised Login Credentials

登录凭证遭到泄露

Clicking the calendar link prompted a team member to enter their Twitter login credentials, raising suspicion. However, the meeting was rescheduled. In the next session, the attacker, feigning technical difficulties, successfully linked their Calendly account to SatoshiLabs' Twitter account.

单击日历链接会提示团队成员输入其 Twitter 登录凭据,这引起了怀疑。然而,会议被重新安排。在接下来的会话中,攻击者假装技术困难,成功地将他们的 Calendly 帐户链接到 SatoshiLabs 的 Twitter 帐户。

Previous Security Breach

以前的安全漏洞

In January, Trezor experienced a security breach that exposed the contact information of approximately 66,000 users. According to the company's website, it has sold over two million hardware wallets since its inception in 2012.

一月份,Trezor 遭遇安全漏洞,泄露了约 66,000 名用户的联系信息。据该公司网站称,自 2012 年成立以来,其硬件钱包销量已超过 200 万个。

Conclusion

结论

SatoshiLabs' detailed account of the phishing attack highlights the importance of vigilance in cybersecurity. The company's emphasis on secure authentication methods and prompt response to the breach underscore its commitment to safeguarding its users' assets.

SatoshiLabs 对网络钓鱼攻击的详细描述凸显了网络安全保持警惕的重要性。该公司对安全身份验证方法的重视以及对违规行为的及时响应突显了其保护用户资产的承诺。

免责声明:info@kdj.com

所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!

如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。

2024年10月30日 发表的其他文章