https://online2.tingclass.net/2024/tingli/20240520733.mp3
https://image.tingclass.net/statics/js/2012
Overview of Crypto Drainers
加密貨幣消耗器的概述
As the cryptocurrency market continues to evolve, so do the tactics employed by malicious actors to steal user funds. The latest threat, crypto drainers, has been gaining prevalence in recent years. In contrast to more conventional methods such as private key theft and smart contract exploitation, drainers pose as web3 projects to trick victims into granting them control of their crypto wallets. These scams have affected a wide range of users, with even high-profile figures like Mark Cuban and Seth Green falling prey. The amounts stolen can be staggering, with some drainers reportedly siphoning off several million dollars from their victims. Recently, Chainalysis shared insights into details of Crypto Drainers.
隨著加密貨幣市場的不斷發(fā)展,惡意行為者竊取用戶資金的策略也在不斷發(fā)展。最新的威脅——加密貨幣消耗器——近年來越來越流行。與私鑰盜竊和智能合約利用等更傳統(tǒng)的方法相比,消耗器偽裝成web3項目來欺騙受害者,讓他們獲得對加密錢包的控制權(quán)。這些騙局影響了廣泛的用戶,甚至馬克·庫班和塞斯·格林等知名人物也成為受害者。被盜金額可能令人震驚,據(jù)報道,一些詐騙者從受害者那里竊取了數(shù)百萬美元。最近Chainaanalysis分享了對加密貨幣消耗器細節(jié)的見解。
Understanding How Crypto Drainers Operate
了解加密消耗器的運作方式
A crypto drainer is essentially a phishing tool designed for the web3 ecosystem. Instead of stealing usernames and passwords, the operators of these scams masquerade as legitimate web3 projects. They lure victims into connecting their crypto wallets to the drainer and approving transaction proposals, which effectively grant the scammers control of the funds in the victims' wallets. Following a successful attack, the drainers can instantly steal users' funds. The fraudulent web3 sites are often promoted in Discord communities and on compromised social media accounts.
貨幣消耗器本質(zhì)上是一種專為web3生態(tài)系統(tǒng)設計的網(wǎng)絡釣魚工具。這些騙局的運營者不是竊取用戶名和密碼,而是偽裝成合法的web3項目。他們引誘受害者將其加密錢包連接到消耗器并批準交易建議,這實際上使詐騙者能夠控制受害者錢包中的資金。攻擊成功后,消耗器可以立即竊取用戶的資金。欺詐性web3網(wǎng)站經(jīng)常在Discord社區(qū)和受損的社交媒體帳戶上進行推廣。
The Impact of Crypto Drainers on the Crypto Ecosystem
加密貨幣消耗器對加密生態(tài)系統(tǒng)的影響
While it is challenging to ascertain the total amount stolen by crypto drainers due to underreporting, the available data suggests that the scale of these scams is significant. In fact, the quarterly growth rate in value stolen by drainers has outpaced that of ransomware, another fast-growing category of cybercrime. After stealing digital assets, the criminals typically rely on various crypto services to launder the funds or convert them into cash. There has been a noticeable increase in funds sent by drainers to mixing services since 2021, while the funds sent to centralized exchanges have decreased. Some drainers are also using gambling services, albeit on a smaller scale.
雖然由于漏報而很難確定加密貨幣消耗器者竊取的總金額,但現(xiàn)有數(shù)據(jù)表明這些騙局的規(guī)模很大。事實上,消耗器竊取的價值的季度增長率已經(jīng)超過了勒索軟件(另一種快速增長的網(wǎng)絡犯罪類別)。竊取數(shù)字資產(chǎn)后,犯罪分子通常依靠各種加密服務來洗錢或?qū)⑵滢D(zhuǎn)換為現(xiàn)金。自2021年以來,消耗器發(fā)送到混合服務的資金明顯增加,而發(fā)送到中心化交易所的資金卻在減少。一些吸毒者也使用賭博服務,盡管規(guī)模較小。
Bitcoin's Encounter with Crypto Drainers
比特幣與加密貨幣的相遇
While most drainers currently operate within the Ethereum ecosystem, an unusual drainer exploiting the Bitcoin blockchain has been identified. This drainer created a fake web page posing as Magic Eden, the primary NFT platform for Bitcoin Ordinals. As of April 2024, this drainer has allegedly stolen approximately $500,000 in over 1,000 malicious transactions. Despite Bitcoin not being as widely used for web3 services as other assets, several other Bitcoin drainers have already targeted the Ordinals trading community.
雖然大多數(shù)消耗器目前在以太坊生態(tài)系統(tǒng)中運行,但已經(jīng)發(fā)現(xiàn)了一個利用比特幣區(qū)塊鏈的不尋常消耗器。 這個消耗器創(chuàng)建了一個假冒的網(wǎng)頁,冒充Magic Eden,這是比特幣Ordinals的主要NFT平臺。截至2024年4月,該消耗器據(jù)稱已通過1,000多筆惡意交易竊取了約50萬美元。盡管比特幣不像其他資產(chǎn)那樣廣泛用于web3服務,但其他幾個比特幣消耗器已經(jīng)瞄準了Ordinals交易社區(qū)。
Preventing Crypto Drainer Attacks
防止加密貨幣消耗器攻擊
As the operators of crypto drainers become increasingly sophisticated, it is crucial for web3 projects and users to implement various security measures to guard against these scams. Web3 security extensions such as Wallet Guard can identify phishing pages and websites, and assess security risks associated with cryptocurrency wallets. Users can also reduce their exposure to drainers by using an offline wallet to store valuable or large volumes of assets, only transferring funds to a hot wallet when necessary. In addition, they should be wary of links promoted in chat rooms or on social media, which may not be associated with a project's official account. If a user needs to connect to an unfamiliar web3 site, they can create a temporary wallet that doesn't contain any assets and connect it to the site. If a victim's assets are stolen by a drainer, they can cancel incomplete transactions.
隨著加密貨幣消耗器的運營商變得越來越復雜,對于web3項目和用戶來說,實施各種安全措施來防范這些詐騙至關重要。Wallet Guard等Web3安全擴展可以識別網(wǎng)絡釣魚頁面和網(wǎng)站,并評估與加密貨幣錢包相關的安全風險。用戶還可以通過使用離線錢包存儲有價值或大量的資產(chǎn),僅在必要時將資金轉(zhuǎn)移到熱錢包來減少對消耗器的暴露。此外,他們應該警惕聊天室或社交媒體上推廣的鏈接,這些鏈接可能與項目的官方帳戶無關。如果用戶需要連接到一個不熟悉的web3站點,他們可以創(chuàng)建一個不包含任何資產(chǎn)的臨時錢包并將其連接到該站點。 如果受害者的資產(chǎn)被消耗器竊取,他們可以取消不完整的交易。