網絡釣魚Frenzy：CoinMarketCap，Cointelegraph和Crypto信譽危機

加密巨頭CoinMarketCap和Cointelegraph最近受到網絡釣魚攻擊的襲擊，強調了加密貨幣空間中更強大的安全措施的迫切需求。

Hold onto your hats, crypto enthusiasts! It's been a wild ride with 'Phishing attacks, crypto sites, CoinMarketCap' making headlines. Let's dive into the chaos and see what's shaking.

抓住您的帽子，加密愛好者！這是一次瘋狂的旅程，“網絡釣魚攻擊，加密網站，CoinMarketCap”成為頭條新聞。讓我們潛入混亂，看看什麼在發抖。

Double Trouble: CoinMarketCap and CoinTelegraph Under Attack

雙重麻煩：CoinMarketCap和Cointelegraph受到攻擊

First, CoinMarketCap (CMC), the go-to spot for tracking crypto prices, got hit. On June 20, 2025, users were bombarded with a sneaky pop-up urging them to connect their wallets to maintain access. Classic phishing, right?

首先，跟踪加密價格的首選CoinMarketCap（CMC）受到了打擊。 2025年6月20日，用戶被一個偷偷摸摸的彈出式轟炸，敦促他們連接錢包以保持訪問權限。經典的網絡釣魚，對嗎？

Then, just a day later, CoinTelegraph, another major crypto news outlet, suffered a similar breach. Their banner publishing system was compromised, displaying a malicious ad promoting a fake token airdrop.

然後，就在一天后，另一個主要的加密新聞媒體Cointelegraph遭受了類似的違規行為。他們的橫幅出版系統受到了損害，展示了一個惡意廣告，宣傳了偽造的airdrop。

How Did This Happen?

這是怎麼發生的？

In CoinMarketCap's case, attackers messed with the API request that loads a "doodle" image on the homepage. They injected hidden JavaScript code that triggered the malicious pop-up. If users clicked 'Connect Wallet,' the script would attempt to steal wallet credentials or private keys.

在CoinMarketCap的情況下，攻擊者弄亂了API請求，該請求在主頁上加載了“ doodle”圖像。他們注入了觸發惡意彈出的隱藏JavaScript代碼。如果用戶單擊“連接錢包”，則腳本將嘗試竊取錢包憑據或私鑰。

CoinTelegraph's issue involved a compromised banner publishing system, resulting in a malicious advertisement promoting a fake token airdrop on their website.

CoIntelegraph的問題涉及一個被妥協的橫幅出版系統，導致惡意廣告在其網站上宣傳了虛假的Airdrop。

According to Web3 on‑chain security company Blockaid, 76 CoinMarketCap visitors were tricked, leading to a loss of $21,624.47, which CMC promised to reimburse.

根據Web3鍊鍊安全公司的塊，欺騙了76名CoinMarketCap訪問者，導致CMC承諾將賠償21,624.47美元。

The Common Thread: Supply Chain Attacks

共同線程：供應鏈攻擊

Both attacks share a concerning similarity: they were supply chain attacks. Attackers didn't directly breach CMC or CoinTelegraph's servers. Instead, they compromised third-party resources that these platforms trusted.

兩種攻擊都具有有關相似性的共同點：它們是供應鏈攻擊。攻擊者沒有直接違反CMC或Cointelegraph的服務器。相反，他們損害了這些平台信任的第三方資源。

C/side, a US-based startup, explained that this type of client-side attack is particularly dangerous because it bypasses server-side security tools and exploits user trust in familiar platforms.

C/Side是一家基於美國的初創公司，他解釋說，這種類型的客戶端攻擊特別危險，因為它繞過服務器端安全工具並利用用戶對熟悉平台的信任。

Inferno Drainer: The Mastermind?

Inferno Drainer：策劃者？

Both attacks appear to be connected to customers of Inferno Drainer, a "Drainer-as-a-Service" outfit that has facilitated numerous similar attacks, causing hundreds of millions in losses.

兩項攻擊似乎都與Inferno Drainer的客戶相連，這是一項“排水式服務”的服裝，促進了許多類似的攻擊，造成了數億美元的損失。

The Aftermath

後果

Both CoinMarketCap and CoinTelegraph have cleaned up their acts and strengthened their security controls to prevent future attacks. But the damage is done. Trust has been shaken.

CoinMarketCap和Cointelegraph均已清理了行為，並加強了他們的安全控制，以防止未來的攻擊。但是損壞已經造成。信任一直在動搖。

My Take: A Wake-Up Call

我的看法：喚醒電話

These incidents are a stark reminder that no platform is immune to attack. The crypto space needs to step up its security game, focusing on supply chain vulnerabilities and user education. We need to be more skeptical of pop-ups and double-check everything before connecting our wallets.

這些事件是一個明顯的提醒，沒有任何平台可以免疫進攻。加密空間需要加強其安全遊戲，重點關注供應鏈漏洞和用戶教育。在連接錢包之前，我們需要對彈出窗口和雙重檢查所有內容持懷疑態度。

Speaking of user education, it’s crucial that platforms invest in tools and resources that help users identify and avoid phishing attempts. Real-time alerts, like the one provided by MetaMask, are essential, but more can be done.

說到用戶教育，至關重要的是，平台投資於幫助用戶識別和避免網絡釣魚嘗試的工具和資源。像MetAmask提供的那樣，實時警報是必不可少的，但可以完成更多。

Looking Ahead

展望未來

So, what's the takeaway? Stay vigilant, folks! The crypto world is exciting, but it's also full of dangers. Keep your wits about you, and don't let those pesky phishers steal your precious crypto. And hey, maybe invest in a hardware wallet while you're at it. You can never be too safe, right?

那麼，收穫是什麼？伙計們保持警惕！加密世界令人興奮，但也充滿了危險。保持您的智慧，不要讓那些討厭的鄉村人竊取您的寶貴加密貨幣。嘿，也許在使用硬件錢包時投資。您永遠不會太安全，對嗎？