发布: 2024/05/18 20:24 阅读: 389
Binance's Security Experts Develop "Antidote" to Address Poisoning Scams
币安安全专家开发“解毒剂”来应对中毒诈骗
Binance's security experts have developed an "antidote" to combat the rising threat of address poisoning scams, which deceive investors into sending funds to fraudulent addresses.
币安的安全专家开发了一种“解药”,以应对日益严重的地址中毒诈骗威胁,这种诈骗会欺骗投资者将资金发送到欺诈地址。
The security team at the world's largest cryptocurrency exchange has created an algorithm that has identified millions of compromised crypto addresses, as reported to Cointelegraph:
据 Cointelegraph 报道,全球最大的加密货币交易所的安全团队创建了一种算法,该算法已识别出数百万个受损的加密地址:
"We have developed a unique method of identifying poisoned addresses, which helps us to alert users before they send money to criminals and was instrumental in identifying and flagging more than 13.4 million spoofed addresses on BNB Smart Chain and 1.68 million on Ethereum."
“我们开发了一种识别中毒地址的独特方法,这有助于我们在用户向犯罪分子汇款之前向他们发出警报,并有助于识别和标记 BNB 智能链上的超过 1340 万个欺骗地址和以太坊上的 168 万个欺骗地址。”
Understanding Address Poisoning
了解地址中毒
Address poisoning, also known as address spoofing, involves scammers sending a small amount of digital assets to a wallet that closely resembles the victim's address. This transaction becomes part of the wallet's history, leading the victim to accidentally copy and send funds to the scammer's address.
地址中毒,也称为地址欺骗,涉及诈骗者将少量数字资产发送到与受害者地址非常相似的钱包。该交易成为钱包历史记录的一部分,导致受害者意外复制资金并将其发送到诈骗者的地址。
Binance's Algorithm
币安的算法
Binance's algorithm detects these spoofed addresses by identifying suspicious transfers—typically those with near-zero value or unknown tokens—linking them to potential victim addresses, and timestamping malicious transactions to pinpoint the time of poisoning.
币安的算法通过识别可疑传输(通常是那些价值接近零或未知代币的传输)来检测这些欺骗地址,将它们链接到潜在的受害者地址,并对恶意交易添加时间戳以查明中毒时间。
These compromised addresses are logged in the database of Web3 security firm HashDit, Binance's security partner, enhancing the protection of the broader crypto industry from such scams. According to Binance's report:
这些被盗的地址被记录在币安安全合作伙伴 Web3 安全公司 HashDit 的数据库中,从而增强了对更广泛的加密行业免受此类诈骗的保护。根据币安的报告:
"Many cryptocurrency service providers use HashDit's API to boost their defenses against a variety of scams.
“许多加密货币服务提供商使用 HashDit 的 API 来增强对各种诈骗的防御能力。
READ MORE: Unknown Trader Nets $46 Million from Pepe Memecoin Amidst Resurgent GameStop Hype
阅读更多:在 GameStop 的热潮中,未知交易者从 Pepe Memecoin 中获利 4600 万美元
"One of them, for example, is Trust Wallet, which uses the database of poisoned addresses to alert users when they are about to transfer funds to a spoofed recipient."
“例如,Trust Wallet 就是其中之一,它使用中毒地址数据库来提醒用户何时将资金转移给欺骗性的收件人。”
The algorithm also flags spoofed addresses on HashDit's user-facing products, web browser extensions, and MetaMask Snaps.
该算法还标记 HashDit 面向用户的产品、网络浏览器扩展和 MetaMask Snap 上的欺骗地址。
The Need for Prevention
预防的必要性
The necessity for this preventive algorithm became evident two weeks ago after an unknown trader lost $68 million to an address-poisoning scam. On May 3, they accidentally sent $68 million worth of Wrapped Bitcoin (wBTC) to a spoofed address.
两周前,一名身份不明的交易者因地址中毒骗局损失了 6800 万美元,因此这种预防性算法的必要性变得显而易见。 5 月 3 日,他们意外地将价值 6800 万美元的 Wrapped Bitcoin (wBTC) 发送到一个欺骗地址。
Remarkably, the thief returned the $68 million on May 13, after on-chain investigators traced his potential Hong Kong-based IP addresses. This incident suggests that the scammer panicked due to the public attention following the scam.
值得注意的是,在链上调查人员追踪到窃贼可能位于香港的 IP 地址后,窃贼于 5 月 13 日归还了 6800 万美元。这起事件表明,诈骗者因诈骗事件引起公众关注而感到恐慌。
Avoiding Address Poisoning
避免地址中毒
Address poisoning scams might seem avoidable, but most traders only verify the first and last digits of the wallet's 42 alphanumeric characters. Scammers exploit this by using vanity address generators to create addresses that look similar. As Binance explains:
地址中毒诈骗看似可以避免,但大多数交易者仅验证钱包 42 个字母数字字符的第一位和最后一位数字。诈骗者通过使用虚荣地址生成器来创建看起来相似的地址来利用这一点。正如币安所解释的:
"An authentic Ethereum address like 0x19x30f…62657 could be spoofed using a similar-looking 0x19x30t…72657, which can be totally different in the middle while maintaining the first and last few characters."
“像 0x19x30f…62657 这样的真实以太坊地址可以使用看起来相似的 0x19x30t…72657 进行欺骗,中间可能完全不同,同时保留第一个和最后几个字符。”
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.
要提交加密新闻稿 (PR),请发送电子邮件至 sales@cryptointelligence.co.uk。