這次耗資3.3億美元的攻擊：鮮明的提醒社會工程的力量

一個重大的加密盜竊案已引發了整個行業的衝擊波，價值3.3億美元的比特幣BTCUSD被盜。專家說，這是一次社會工程攻擊，而不是技術攻擊。

A massive crypto theft has seen $330 million stolen in Bitcoin, according to reports. Experts say this was a social engineering attack rather than a technical hack.

據報導，據報導，一次大規模加密盜竊案已有3.3億美元的比特幣被盜。專家說，這是一次社會工程攻擊，而不是技術攻擊。

According to investigations led by blockchain analyst ZachXBT, the victim was an elderly US citizen who was manipulated into granting access to their crypto wallet. On April 28, ZachXBT detected a suspicious transfer of 3,520 BTC, valued at $330.7 million.

根據區塊鏈分析師Zachxbt的調查，受害者是一名老年人公民，被操縱以允許使用加密錢包。 4月28日，Zachxbt檢測到3,520 BTC的可疑轉移，價值3.307億美元。

The stolen BTC was quickly laundered through more than six instant exchanges and converted into the privacy-oriented cryptocurrency Monero (XMR). Onchain analysis shows the victim had held over 3,000 BTC since 2017, with no previous record of substantial transactions.

被盜的BTC通過六個以上的即時交流很快被洗過，並轉換為面向隱私的加密貨幣Monero（XMR）。 OnChain分析表明，自2017年以來，受害人已經持有3,000多個BTC，沒有以前的大量交易記錄。

Unlike typical cyberattacks that exploit software vulnerabilities, this incident relied on psychological manipulation. Scammers posed as trusted entities, slowly building credibility before persuading the victim over the phone to share sensitive credentials. This is the hallmark of social engineering — exploiting human trust rather than system weaknesses.

與利用軟件漏洞的典型網絡攻擊不同，這一事件依賴於心理操縱。詐騙者偽裝成可信賴的實體，在說服受害者通過電話分享敏感證書之前慢慢建立信譽。這是社會工程學的標誌 - 利用人類信任而不是系統弱點。

After the Bitcoin theft, the attacker swiftly began laundering the funds using a peel chain method, splitting the stolen amount into smaller, harder-to-trace portions. The funds were routed through hundreds of wallets and scores of exchanges or payment services, including Binance.

盜竊比特幣後，攻擊者迅速開始使用果皮鏈方法洗錢，將被盜的數量分為較小，難以訓練的部分。這些資金通過數百個錢包和數十個交易所或支付服務（包括binance）進行了路線。

A significant amount was laundered via instant exchanges and mixers, further obscuring its trail. A large portion of BTC was quickly converted into XMR, a privacy coin with untraceable architecture, causing its price to briefly surge 50% to $339.

通過即時交換和混合器洗錢，進一步掩蓋了它的步道。 BTC的很大一部分被迅速轉換為XMR，這是一種具有難以置信的建築的隱私硬幣，導致其價格短暫上漲了50％至339美元。

The attackers used pre-registered accounts across exchanges and OTC desks, which suggests careful planning. Some BTC was even bridged to Ethereum and deposited into various DeFi platforms, making forensic tracing more difficult. Investigators have since notified exchanges in hopes of freezing any accessible funds.

攻擊者使用跨交易所和OTC書桌的預註冊帳戶，這表明仔細計劃。一些BTC甚至被橋接到以太坊，並沉積在各種Defi平台中，從而使法醫追踪更加困難。此後，調查人員已通知交流，希望凍結任何可訪問的資金。

While attribution remains unclear, analysts like ZachXBT ruled out North Korean Lazarus Group involvement, pointing instead to skilled independent hackers. Hacken traced $284 million of BTC, now diluted to $60 million after extensive peeling and redistribution through obscure platforms.

雖然歸因尚不清楚，但像Zachxbt這樣的分析師排除了朝鮮拉撒路集團的參與，而是指出熟練的獨立黑客。 Hacken追溯了2.84億美元的BTC，通過晦澀的平台進行了大量剝離和重新分配後，現在被稀釋至6000萬美元。

Binance and ZachXBT were able to freeze about $7 million of the stolen funds. However, the bulk of the stolen Bitcoin remains missing. The suspects include an individual using the alias “X,” allegedly operating from the UK and believed to be of Somali origin, and another accomplice known as “W0rk.” Both have reportedly scrubbed their digital footprints since the theft.

Binance和Zachxbt能夠凍結大約700萬美元的被盜資金。但是，大部分被盜的比特幣仍然缺失。犯罪嫌疑人包括一個使用別名“ X”的人，據稱是從英國運營的，被認為是索馬里的起源，還有另一個稱為“ W0rk”的同夥。據報導，兩人自盜竊以來都擦洗了數字足跡。

This case underscores that crypto security isn’t just about strong passwords and hardware wallets but also recognizing psychological threats. As the investigation continues, the community is reminded that even the most secure technologies are vulnerable to human fallibility.

這種案例強調了加密安全性不僅僅是密碼和硬件錢包，而且還認識到心理威脅。隨著調查的繼續，提醒社區，即使是最安全的技術也容易受到人類犯錯性的影響。

Social engineering is a manipulative technique used by cybercriminals to exploit human psychology. They trick you into revealing confidential information to access your wallets and perform actions that compromise security.

社會工程是網絡犯罪分子用於利用人類心理學的一種操縱技術。他們欺騙您揭示機密信息以訪問您的錢包並執行損害安全性的操作。

Unlike traditional hacking, which targets system vulnerabilities, social engineering thrives on human weaknesses such as trust, fear, urgency and curiosity. It leverages psychological tactics to manipulate victims.

與傳統的黑客攻擊，它針對系統脆弱性，社會工程在人類的弱點上繁衍生息，例如信任，恐懼，緊迫性和好奇心。它利用心理策略來操縱受害者。

Here are common tactics used by criminals to convince their victims and execute their plans:

以下是罪犯說服受害者並執行他們的計劃的常見策略：

These psychological strategies are a major threat to users in the crypto space, where irreversible transactions and often decentralized platforms make it very difficult for the victims to regain the lost funds.

這些心理策略是對加密貨幣領域中用戶的主要威脅，在該空間中，不可逆轉的交易和經常分散的平台使受害者很難恢復損失的資金。

Did you know? Crypto drainers-as-a-service (DaaS) offers complete social engineering toolkits, including fake DEX websites, wallet prompts and Telegram support bots for anyone to run phishing campaigns, no coding required.

你可知道？加密流失者-As-a-Service（DAAS）提供完整的社會工程工具包，包括偽造的DEX網站，錢包提示和電報支持機器人，任何人都可以運行網絡釣魚活動，不需要編碼。

Crypto users are particularly susceptible to social engineering attacks due to a combination of technological and behavioral issues. These include irreversibility of transactions, lack of recourse, high-value targets and overreliance on trust.

由於技術和行為問題的結合，加密使用者特別容易受到社會工程攻擊的影響。這些包括交易的不可逆性，缺乏追索權，高價值目標和對信任的過度依賴。

Together, these factors make crypto users highly susceptible to human-centric attacks, more than users of traditional finance.

這些因素在一起，使加密使用者高度容易受到以人為中心的攻擊，而不是傳統金融的使用者。

Did you know? Unlike traditional hacks, social engineering doesn’t target code; it targets people. It is low-tech but high-reward, exploiting trust, emotion and routine to steal assets in seconds.

你可知道？與傳統黑客不同，社會工程不是針對代碼。它針對人。這是低技術，但很高的回報，利用信任，情感和常規，可以在幾秒鐘內竊取資產。

Fraudsters use customized social engineering strategies to trick and exploit unsuspecting crypto users. To protect yourself from these scamsters, you must be well aware of their various tactics.

欺詐者使用定制的社會工程策略來欺騙和利用毫無戒心的加密用戶。為了保護自己免受這些騙子的侵害，您必須非常了解他們的各種策略。

You need to have a broad idea of how these methods work, including phishing scams, impersonation attacks and malicious downloads.

您需要廣泛了解這些方法的工作方式，包括網絡釣魚騙局，模仿攻擊和惡意下載。

Here are some prevalent tactics that fraudsters use:

以下是一些欺詐者使用的普遍策略：

Understanding these tactics is crucial for crypto users to safeguard their assets. Vigilance, verification of sources and skepticism toward unsolicited offers can mitigate the risks posed by social engineering attacks.

了解這些策略對於加密用戶保護其資產至關重要。警惕，對來源的驗證和對主動提議的懷疑可以減輕社會工程攻擊帶來的風險。

There have been several scams in the crypto domain exploiting human weaknesses. Fraudsters used clever tactics like phishing and impersonation to steal digital assets.

加密型領域中有幾個騙局，利用人類的弱點。欺詐者使用網絡釣魚和模仿等聰明的策略來竊取數字資產。

These case studies provide key insights to boost awareness and prevent losses.

這些案例研究提供了關鍵的見解，以提高意識並防止損失。

Ronin Network attack

羅寧網絡攻擊

In March

在三月