朝鮮黑客正在利用分散協議中的網絡安全弱點，以個人和組織為目標。了解如何加強您的防禦能力。

Decentralized Protocols Under Siege: North Korean Hackers and the Cybersecurity Gap

圍困下的分散協議：朝鮮黑客和網絡安全差距

The world of decentralized protocols, once hailed as the epitome of security and resilience, is facing a rude awakening. North Korean hackers are increasingly targeting this space, exposing critical cybersecurity gaps that threaten the entire ecosystem. The focus is no longer on smart contract vulnerabilities, but on the human element and operational security (OPSEC).

曾經被稱為安全和彈性的縮影的分散協議的世界正面臨著粗魯的覺醒。朝鮮黑客越來越多地針對這個空間，暴露了威脅整個生態系統的關鍵網絡安全差距。重點不再放在智能合同漏洞上，而是人為因素和運營安全（OPSEC）。

The Evolving Threat Landscape

不斷發展的威脅格局

Forget zero-day exploits in Solidity. Nation-state attackers are now exploiting the operational vulnerabilities of decentralized teams. Poor key management, nonexistent onboarding processes, unvetted contributors pushing code from personal laptops, and treasury governance conducted via Discord polls are all prime targets. As Oak Security's experience shows, many protocols are soft targets for serious adversaries, despite heavy investment in smart contract audits.

忘記零日的固定性。民族國家攻擊者現在正在利用分散團隊的運營漏洞。較差的關鍵管理，不存在的入職流程，未見的貢獻者從個人筆記本電腦推出代碼以及通過不和諧民意調查進行的財政部治理都是主要目標。正如Oak Security的經驗所表明的那樣，儘管對智能合同審核進行了大量投資，但許多協議是嚴重對手的軟目標。

In 2025 alone, North Korean-affiliated attackers have been linked to campaigns targeting $1.5 billion in assets at Bybit through credential-harvesting, malware attacks on MetaMask and Trust Wallet users, infiltration attempts on exchanges via fake job applicants, and the creation of shell companies inside the U.S. to target crypto developers.

僅在2025年，僅在2025年，朝鮮附屬的攻擊者就通過證書收穫，對MetAmask和Trust Wallet用戶的惡意軟件攻擊，針對BYBIT的15億美元資產的競選活動，通過偽造求職者進行交流，以及在US中創建目標Crypto開發人員的殼牌公司。

The Smart Contract Illusion

智能合同幻覺

Many DeFi projects operate under the dangerous assumption that a passed smart contract audit equates to overall security. However, smart contract exploits are no longer the preferred method of attack. It’s easier and more effective to target the people running the system. Many DeFi teams lack dedicated security leads, managing enormous treasuries without formal OPSEC accountability.

許多DEFI項目在危險的假設下運行，即通過的智能合同審計等同於整體安全。但是，智能合同利用不再是首選的攻擊方法。針對運行系統的人員更容易，更有效。許多Defi團隊缺乏專用的安全線索，在沒有正式OPSEC問責制的情況下管理巨大的國庫。

Coinbase's May 2025 disclosure of a cybersecurity incident involving a bribed overseas support agent highlights this systemic vulnerability. Binance and Kraken faced similar attacks but successfully fended them off. This wasn't a coding error; it was insider bribery and human failure.

Coinbase於2025年5月披露涉及海外支持代理的網絡安全事件突出了這種系統性脆弱性。 Binance和Kraken面臨著類似的攻擊，但成功地將其擊退。這不是編碼錯誤；這是內部賄賂和人類失敗。

North Korean Hackers Go Phishing

朝鮮黑客去網絡釣魚

A recent campaign by the North Korean hacking group Famous Chollima illustrates the sophistication of these attacks. Disguising Python-based malware (PylangGhost) as part of a fake job application process, they impersonate top crypto firms like Coinbase, Robinhood, and Uniswap through polished fake career sites. The malware steals login credentials, session cookies, and wallet data from over 80 extensions, including MetaMask and 1Password.

北朝鮮黑客小組著名著名的Chollima最近進行的一項運動說明了這些襲擊的複雜性。偽裝總部位於Python的惡意軟件（Pylangghost）作為虛假申請過程的一部分，他們模仿了Coinbase，Robinhood和Uniswap等高級加密公司，並通過拋光的假職業網站。該惡意軟件從80多個擴展程序中竊取登錄憑據，會話cookie和錢包數據，包括metamask和1password。

Learning from TradFi

向Tradfi學習

Traditional financial institutions face similar threats but rarely collapse due to cyberattacks. They operate on the assumption that attacks are inevitable and implement layered defenses, access controls, and structured incident response plans. Web3 needs to adopt similar maturity, adapted to the realities of decentralized teams.

傳統的金融機構面臨類似的威脅，但由於網絡攻擊而很少崩潰。他們基於這樣的假設，即攻擊是不可避免的，並實施了分層的防禦，訪問控制和結構化事件響應計劃。 Web3需要採用類似的成熟度，適應了分散團隊的現實。

This includes enforcing OPSEC playbooks, running red-team simulations, and using multi-signature wallets backed by hardware wallets. Contributor vetting and background checks are essential, even in decentralized teams.

這包括執行OPSEC劇本，運行紅線仿真以及使用由硬件錢包支持的多簽名錢包。貢獻者審核和背景調查至關重要，即使在分散的團隊中也是如此。

Decentralization Is No Excuse

權力下放不是藉口

The difficulty of implementing operational security in decentralized organizations is no excuse for negligence. Nation-state adversaries are already inside the gates, and the global economy is increasingly reliant on on-chain infrastructure. Web3 platforms must employ disciplined cybersecurity practices to avoid becoming a permanent funding source for malicious actors.

在分散組織中實施運營安全的困難不是疏忽的藉口。民族國家的對手已經在大門內部，全球經濟越來越依賴鏈上的基礎設施。 Web3平台必須採用紀律嚴明的網絡安全實踐，以避免成為惡意演員的永久資金來源。

Code alone won't defend us; a robust security culture will.

僅代碼不會捍衛我們；強大的安全文化將。

The Last Word

最後一句話

So, Web3, let's get our act together! Time to ditch the

因此，Web3，讓我們一起做我們的行為！是時候拋棄了