Changpeng Zhao警告用戶對基於平台的攻擊保持謹慎

該警告發出後，《分類帳》 hack侵犯了對安全弱點的擔憂。

Changpeng Zhao, founder of Binance, issued a stark warning to be cautious of platform-based attacks. His words come as the Ledger Discord hack continues to fuel worries over security weaknesses.

Binance的創始人Changpeng Zhao發出了明顯的警告，以謹慎對待平台的攻擊。隨著分類帳會的黑客攻擊繼續引起對安全弱點的擔憂，他的話來了。

On May 11, Ledger confirmed its Discord server was breached by a hacker who gained a moderator’s account. The attacker used a malicious bot to post scam links on the server. These links led users to a phishing site where they were asked for their 24-word recovery phrases. Entering those words granted attackers direct access to crypto funds.

5月11日，Ledger確認其Discord Server遭到了獲得主持人帳戶的黑客的破壞。攻擊者使用惡意機器人在服務器上發布騙局鏈接。這些鏈接導致用戶到達網絡釣魚站點，在那裡他們被要求提供24個字的恢復短語。輸入那些授予攻擊者的單詞直接訪問加密資金。

How a Compromised Account Escalated the Ledger Hack?

一個折衷的帳戶如何升級分類帳黑客？

According to Ledger, the breach began when attackers took over a contracted moderator’s account. The malicious bot then sent false alerts claiming a serious security flaw had been found and urging users to confirm their recovery phrases through a fake link.

根據萊傑的說法，違規行為始於攻擊者接管合同主持人的帳戶。然後，惡意機器人發送了錯誤的警報，聲稱已經發現了嚴重的安全缺陷，並敦促用戶通過假鏈接確認其恢復短語。

Despite staff removing the bot quickly, some community members were muted or banned for reporting the issue.

儘管工作人員迅速刪除了機器人，但一些社區成員因報告該問題而被靜音或禁止。

Moreover, users received no warning before the fraudulent messages appeared. This delay allowed more users to fall for the scam. The incident itself escalated the harm caused by the Ledger Discord hack.

此外，在出現欺詐性消息之前，用戶沒有收到任何警告。這個延遲使更多的用戶可以落入騙局。該事件本身升級了分類帳會攻擊造成的傷害。

Hardware wallets like Ledger’s are designed with offline protection in mind to safeguard private keys. However, this Discord breach demonstrates how online channels can circumvent that security.

諸如Ledger's之類的硬件錢包的設計考慮到脫機保護，以保護私鑰。但是，這種不和諧違規說明了在線渠道如何規避該安全性。

While the Ledger device itself remained intact, the attackers abused platform permissions and user trust to steal crypto.

雖然分類帳設備本身保持完整，但攻擊者濫用了平台權限和用戶信任竊取加密貨幣。

Zhao shared a brief warning about these risks on X. His post expressed the dangers posed by community platforms and social media, especially in the crypto space.

趙對X上的這些風險分享了一個簡短的警告。他的帖子表達了社區平台和社交媒體所帶來的危險，尤其是在加密貨幣領域。

The Binance founder urged users to stay vigilant against social engineering and phishing attacks. His voice adds urgency to calls for better user education and platform defenses.

Binance創始人敦促用戶對社會工程和網絡釣魚攻擊保持警惕。他的聲音增加了要求更好的用戶教育和平台防禦措施的緊迫性。

Phishing Attacks Against Ledger Users Are Evolving

針對分類帳用戶的網絡釣魚攻擊正在不斷發展

This isn’t the first time this year that Ledger users have faced scams. In April, attackers sent letters that looked like they were from Ledger, complete with the company’s branding and the usual address format.

這不是Ledger用戶今年第一次面臨騙局。 4月，攻擊者發送了看上去像是從萊傑（Ledger）的信件，並配有公司的品牌和通常的地址格式。

These letters asked owners to scan a QR code, which led to a phishing site where recovery phrases were requested. It is unclear if the scammers used customer data leaked in the 2020 breach of over 270,000 accounts.

這些信件要求業主掃描QR碼，該QR碼導致了一個網站，要求恢復短語。目前尚不清楚騙子是否使用了2020年違反270,000多個帳戶的客戶數據。

This series of events shows how crypto scams are becoming more sophisticated and use multiple channels to target victims. Users must remain alert to both digital and physical threats.

這一系列事件表明了加密騙局如何變得更加複雜，並使用多個渠道來針對受害者。用戶必須對數字和物理威脅保持警惕。

Messaging Apps Are the Weak Link in Blockchain Security

消息傳遞應用程序是區塊鏈安全中的薄弱鏈接

According to Ledger, the Discord hack was an isolated event. But many still worry about future breaches.

根據萊傑（Ledger）的說法，Discord Hack是一個孤立的事件。但是許多人仍然擔心未來的違規行為。

Many blockchain projects rely heavily on messaging platforms like Discord to communicate with their community and provide support. However, these channels usually lack the same degree of security governance as core exchange or wallet services.

許多區塊鏈項目在很大程度上依賴於像Discord這樣的消息傳遞平台來與他們的社區進行交流並提供支持。但是，這些渠道通常缺乏與核心交換或錢包服務相同的安全治理。

Hackers gaining moderator or administrative access, as seen in the Ledger Discord hack, can pose serious problems. As self-custody gains popularity, educating users about phishing scams and social engineering is becoming increasingly vital.

如《分類帳》（Ledger Discord Hack）中看到的，涉及主持人或管理訪問的黑客可能會構成嚴重的問題。隨著自我觀察的受歡迎程度，對用戶進行網絡釣魚騙局和社會工程的教育變得越來越重要。

Simple technical security cannot stop every human-based attack. Projects must strengthen both platform controls and user awareness to decrease risk further.

簡單的技術安全不能阻止所有基於人類的攻擊。項目必須加強平台控制和用戶意識，以進一步降低風險。

The phishing messages looked convincingly official. Screenshots show the hacker posing as a Ledger community manager, warning of a “recently discovered vulnerability.” That fake manager urged users to "quickly confirm" their recovery phrase on a special webpage. The scam website mimicked a real Ledger verification page, asking the user to input their 24-word seed phrase "to ensure optimal protection of your Ledger Nano S/X." Users who entered their recovery phrases were told they had granted "complete access" to the attacker's device and should close the window.

網絡釣魚消息看上去令人信服。屏幕截圖顯示黑客擺姿勢是分類帳社區經理，警告“最近發現的脆弱性”。該假管理器敦促用戶在特殊網頁上“快速確認”其恢復短語。騙局網站模仿了一個真正的分類帳驗證頁面，要求用戶輸入其24字的種子短語“以確保對分類帳Nano S/X的最佳保護”。輸入恢復短語的用戶被告知他們已授予攻擊者設備的“完全訪問”，並應關閉窗口。

This combination of technical tricks and psychological pressure was designed to deceive victims. Unpaid volunteer moderators were among those who fell for the scam, highlighting how quickly the scheme could spread.

技術技巧和心理壓力的這種結合旨在欺騙受害者。無薪志願者主持人是那些因騙局而倒下的人，強調了該計劃的傳播速度。

Victims often do not suspect such well-crafted scams until it is too late. This blend of deception makes modern crypto scams more dangerous and harder to spot than simple typos in a URL.

受害者通常不會懷疑這種精心製作的騙局，直到為時已晚。這種欺騙的融合使現代加密騙局比URL中的簡單錯別字更危險和難以發現。

The Ledger Hack Highlights the Need for Better Communication

分類帳hack強調了需要更好的溝通的需求

It is unclear if any users lost funds in this hack. But the fact that attackers invest time in these schemes means they often get results.

目前尚不清楚任何用戶是否在此黑客中損失了資金。但是，攻擊者在這些方案上投入時間的事實意味著他們經常獲得結果。

This instance of the Ledger Discord Hack shows that companies may need to move from offering reactive fixes, like quickly removing a malicious bot, to having proactive communication plans in place.

Ledger Discord Hack的這一實例表明，公司可能需要從提供反應性修復程序（例如快速刪除惡意機器人）轉變為製定主動的溝通計劃。

In the meantime, users should take several precautions. Never share your recovery phrase with anyone or enter it on any website unless you are sure of the source. Be wary of any urgent messages or claims of flaws. If you see a link in chat or a letter, double-check it carefully before clicking.

同時，用戶應採取一些預防措施。除非您確定來源，否則切勿與任何人共享您的恢復短語或在任何網站上輸入。警惕任何緊急信息或缺陷的主張。如果您在聊天或字母中看到鏈接，請在單擊之前仔細檢查它。

Crypto asset security is a shared responsibility that begins with companies but continues with users. Staying informed and cautious is now as vital as holding your private key.

加密資產安全性是從公司開始的共同責任，但持續到用戶。現在，保持知情和謹慎的態度與持有私鑰一樣至關重要。