defibank.online：地毯扣的案例研究

最近，品牌名稱“ defibank.online”在加密論壇和電報小組上的頻率越來越高，作為“新的分散銀行”，能夠通過$銀行代幣提供三位數的回報。

Recently, the brand name ‘DefiBank.online’ has been appearing with increasing frequency on crypto forums and Telegram groups, presented as a ‘new decentralised bank’ capable of offering triple-digit returns via the $BANK token. A preliminary analysis, however, reveals a number of inconsistencies: a domain registered only a few weeks ago, a front-end lacking white-papers and audits, references to a DAO LLC that do not appear in official records, social profiles with minimal engagement, and an immediate invitation to connect the wallet by granting unlimited authorisations.

最近，品牌名稱“ defibank.online”在加密論壇和電報小組上的頻率越來越高，作為“新的分散銀行”，能夠通過$銀行代幣提供三位數的回報。然而，初步分析揭示了許多不一致之處：僅幾週前才註冊的域名，缺乏白色副本和審計的前端，指的是未出現在官方記錄中的DAO LLC，具有最低限度參與的社交配置文件，以及通過授予無限制授權來連接錢包的邀請。

The following reconstructs, point by point, the anatomy of the DefiBank.online case-from the WHOIS data to the source code to the on-chain clues suggesting its potentially fraudulent nature-and provides an operational checklist to help recognise similar schemes in the DeFi landscape.

以下重建defibank的解剖結構。在線案例中，WHOIS數據到源代碼到鍊鍊線索，表明其潛在的欺詐性質，並提供了一份操作清單，以幫助識別Defi景觀中的類似方案。

Decripto offers a support and advisory service via on-chain analysis and forensic reports to claim the recovery of funds lost in cryptocurrency scams. For more information CLICK HERE. For the official Telegram group link below (LINK).

Nectipto通過鏈分析和法醫報告提供了支持和諮詢服務，以聲稱在加密貨幣騙局中損失的資金的收回。有關更多信息，請單擊此處。對於下面的官方電報組鏈接（鏈接）。

The domain defibank.online

域defibank.online

The domain defibank.online was only registered on 11 November 2024 and extended for only one year, with the only update on 20 December 2024. The choice of a one-year horizon – combined with a mass registrar such as Go Daddy – suggests a hit-and-run strategy: it is unlikely that an entity aspiring to operate as a decentralised bank would establish such a short life window from the outset.

域defibank.online僅在2024年11月11日進行註冊，僅延長了一年，並在2024年12月20日進行了更新。選擇為期一年的地平線 - 加上像Go Daddy這樣的大眾註冊服務商 - 暗示了一種命中式策略：不可能實現一個勢在不足的銀行來建立一個短暫的終身窗口，這是不可能的，這是不可能的。

The infrastructure rests entirely on DigitalOcean name-servers. It is a perfectly legitimate cloud but designed for quick and inexpensive deployments, and thus easily dismantled or moved elsewhere should the project become problematic. It also lacks minimal DNS hardening components: DNSSEC has not been activated, nor are there any SPF or DMARC records, indications of very little attention to domain reputation and integrity.

基礎架構完全取決於Digitalocean名稱服務器。這是一條完全合法的雲，但設計用於快速且廉價的部署，因此如果項目變得有問題，則很容易拆除或移動到其他地方。它還缺乏最小的DNS硬化組件：DNSSEC尚未激活，也沒有任何SPF或DMARC記錄，很少關注域名聲譽和完整性。

The picture is complicated by looking at the homepage markup: the code delivered to the browser is a React shell devoid of static content, which only downloads obfuscated JavaScript bundles after loading. Even the URL app.ray.sx, remnant of a template reused by another application, appears within the meta-tags. This structure prevents crawlers and anti-phishing tools from inspecting the site without executing code – a recurring pattern in front-ends used as bait for wallet-drain operations.

通過查看主頁標記，圖片很複雜：傳遞到瀏覽器的代碼是一個沒有靜態內容的React shell，它僅在加載後僅下載了混淆的JavaScript捆綁包。甚至url app.ray.sx（由另一個應用程序重複使用的模板的殘留）也出現在元標記中。該結構可防止爬行者和反向釣魚工具在不執行代碼的情況下檢查站點 - 在前端中的反復出現的模式，用作錢包插入操作的誘餌。

The VirusTotal analysis returns an even more compromising picture. Two reputation engines – alphaMountain.ai and Forcepoint ThreatSeeker – classify defibank.online as ‘Suspicious’ and even ‘hacking’ respectively.

Virustotal Analysis返回的情況更加妥協。兩個聲譽引擎 - Alphamountain.ai和Forcepoint theakeeker - 將Defibank.online分別為“可疑”甚至“黑客攻擊”。

alphaMountain.ai: Suspicious – Forcepoint: Hacking/tool

Alphamountain.ai：可疑 - 力點：黑客/工具

These are not isolated false positives: the site was first sent to VirusTotal on 8 March 2024 and re-examined until 19 March 2025, a sign that the domain or IP had been on the blacklist radar for a long time.

這些不是孤立的誤報：該地點於2024年3月8日首次發送到Virustotal，並重新檢查到2025年3月19日，這表明該域或IP已經在黑名單雷達上很長時間了。

The HTTP response confirms that the host (65.109.173.253) serves a simple Nginx on Ubuntu; the body of the home page weighs a mere 9 KB, a further indication of a front-end reduced to the bone that refers all logic to external JavaScript bundles. Most striking is the Open Graph section: the og:url tag points to app.ray.sx, a domain unrelated to the alleged banking project and already identified in the site’s markup. The preview image, the title (‘Buy $BANK…’) and the bombastic description confirm the purely promotional nature of the landing page, in stark contrast to the claim of institutional seriousness.

HTTP響應確認主機（65.109.173.253）在Ubuntu上提供了簡單的NGINX。主頁的主體僅重達9 kb，進一步指示前端還原為骨頭，將所有邏輯都引用到外部JavaScript束。最引人注目的是開放圖部分：OG：URL標籤指向App.Ray.sx，這是與所謂的銀行項目無關的域名，並且已經在網站的標記中確定。預覽圖像，標題（“購買$ bank…”）和誇張的描述證實了著陸頁的純粹促銷性質，與機構認真的主張形成了鮮明的對比。

Finally, five tracking platforms emerge in the traffic – Google Analytics, Google Tag Manager, Facebook Pixel, Yandex Metrica and Facebook Custom Audience – an abnormal density for a product that proclaims itself ‘decentralised’ and attentive to user privacy. In summary, VirusTotal does not detect executable malware, but it does gather a number of risk signals (hacking classification, inconsistent meta-tags, massive tracking) that reinforce what has already been observed at the domain and site structure level: DefiBank.online acts more like an advertising funnel than a reliable financial platform.

最後，流量中出現了五個跟踪平台 - Google Analytics（Google Analytics），Google標籤管理器，Facebook Pixel，Yandex Metrica和Facebook自定義受眾 - 一種異常的密度，該產品宣稱自己是“分散的”，並專注於用戶隱私。總而言之，Virustotal並未檢測到可執行的惡意軟件，但是它確實收集了許多風險信號（黑客分類，不一致的元標記，大量跟踪），從而增強了在域和站點結構級別上已經觀察到的東西：defibank.nline的行為比可靠的金融平台更像是廣告渠道。

The rebus of the $BANK token

$銀行代幣的重組

Once past the front of the site, one discovers that the entire project revolves around a utility token called $BANK. It is here that the inconsistencies become macroscopic.

一旦經過網站的前部，人們發現整個項目都圍繞一個稱為$ bank的公用事業令牌。在這裡，不一致成為宏觀的。

The token is presented with a pre-mining phase, then an Angel fund-raising round (with a price of $0.04), followed by a Pre-Seed round at $0.07 and a Seed round at $0.1. According to the project’s statements, the token will be launched on two chains (ETH and BNB) and will be listed on tier-one exchanges by the third quarter of 2025. In total, $BANK will have a supply of 1 billion units, to be released over a period of 18

令牌呈現前期階段，然後是一個天使籌款的回合（價格為0.04美元），然後是預付的回合，為0.07美元，種子回合為0.1美元。根據該項目的聲明，代幣將以兩個連鎖店（ETH和BNB）啟動，並將在2025年第三季度之前在一級交易所上列出。總共，$銀行將在18個單位中供應10億個單位，將在18個期間發布。