詐騙者，地獄排水器和CoinMarketCap：加密喚醒電話

最近的CoinMarketCap安全性違規突出了使用Inferno Drainer等複雜技術來針對加密使用者的騙子的日益增長的威脅。

Yo, crypto fam! The wild west of digital assets just got a little wilder. Recent events involving CoinMarketCap and a nasty wallet-draining tool called Inferno Drainer are a serious wake-up call. Here's the lowdown on how scammers are getting smarter and what you can do to protect your precious coins.

喲，加密貨幣。數字資產的野外西部有點荒野。最近涉及CoinMarketCap和一種稱為Inferno Drainer的討厭的錢包工具的事件是一個嚴重的警鐘。這是騙子如何變得更聰明以及可以採取什麼措施來保護寶貴的硬幣。

CoinMarketCap Gets Burned: The Inferno Drainer Strikes

CoinMarketCap被燒毀：地獄排水罷工

Picture this: You're cruising CoinMarketCap, checking prices, and suddenly a pop-up appears, urging you to "Verify Your Wallet." Seems legit, right? Wrong! This was the bait in a recent coordinated attack, where scammers injected malicious code into CoinMarketCap's site, using a tool called Inferno Drainer. The result? Over $43,000 drained from unsuspecting users' wallets in a matter of hours.

想像以下圖片：您正在巡航CoinMarketCap，檢查價格，突然出現了一個彈出窗口，敦促您“驗證錢包”。似乎合法，對吧？錯誤的！這是最近一次協調的攻擊中的誘餌，騙子使用稱為Inferno Drainer的工具將惡意代碼注入了CoinMarketCap的站點。結果？從毫無戒心的用戶錢包中排出了超過43,000美元。

Tammy H from Flare.io, a cybercrime intelligence firm, broke down how the attackers used Inferno Drainer, a known wallet-draining toolkit. The pop-up, appearing on almost every page, tricked users into connecting their wallets, which were then promptly emptied. Ouch!

網絡犯罪情報公司Flare.io的Tammy H破壞了攻擊者如何使用Inferno Drainer（一種已知的錢包耗盡工具包）。彈出窗口幾乎出現在每個頁面上，欺騙用戶連接錢包，然後迅速清空。哎喲!

Inside the Attack: How They Did It

攻擊內部：他們是如何做到的

Leaked images from a Telegram channel called TheCommsLeaks revealed the inner workings of the attack. Screenshots showed a live dashboard displaying wallet connections, token transfers, and total values drained in real time. The attackers were clearly focused on maximizing visibility and wallet connections, even to the point of overloading the "connect" button.

來自Teecommsleaks的電報頻道中洩漏的圖像揭示了攻擊的內部工作。屏幕截圖顯示了一個實時儀表板，該儀表板顯示了錢包連接，代幣傳輸以及實時排出的總價值。攻擊者顯然專注於最大化可見性和錢包連接，甚至到使“連接”按鈕超載。

Victims lost SOL, XRP, EVT, and smaller coins like PENGU and SHDW. While not every attempt succeeded (some wallets held unsupported tokens or negligible balances), the overall impact was significant.

受害者失去了SOL，XRP，EVT和較小的硬幣，例如Pengu和SHDW。儘管並非每次嘗試都成功（有些錢包擁有不支持的令牌或可忽略的餘額），但總體影響很大。

CoinMarketCap's Response: Damage Control

CoinMarketCap的響應：損壞控制

CoinMarketCap quickly addressed the issue, confirming that a malicious doodle image on their homepage triggered the attack through an embedded API call. They removed the malicious content, patched their systems, and assured users that the platform is now safe and secure. They were very transparent, and the community appreciated it.

CoinMarketCap迅速解決了這個問題，證實其主頁上的惡意塗鴉圖像通過嵌入式API呼叫觸發了攻擊。他們刪除了惡意內容，修補了他們的系統，並向用戶保證該平台現在是安全的。他們非常透明，社區對此表示讚賞。

Why This Matters: Trust No One (Seriously)

為什麼這很重要：沒有人信任（認真）

This incident highlights how easily trust in familiar interfaces can be misused. Even small interface changes, like a harmless homepage doodle, can be leveraged for large-scale damage. It's a reminder that in the crypto world, you need to be extra cautious.

該事件強調瞭如何輕易信任熟悉的界面。即使是無害的主頁塗鴉，也可以將小小的界面變化，也可以利用大規模損壞。提醒您，在加密貨幣世界中，您需要格外小心。

Remember the recent case where scammers exploited search ads to trick users into calling fake support numbers for Apple and PayPal? It's the same playbook: attackers prey on user assumptions about what's safe to interact with online.

還記得最近的案例，騙子利用搜索廣告來欺騙用戶呼叫蘋果和貝寶的偽造支持號碼？這是同一本劇本：攻擊者對用戶假設的捕食，內容涉及在線互動的安全性。

Staying Safe: Your Crypto Armor

保持安全：您的加密裝甲

So, how do you protect yourself? Here are a few key takeaways:

那麼，您如何保護自己？這是一些關鍵要點：

• Avoid connecting wallets directly through pop-ups. Always verify the prompt against the platform's official guidance.
• If something looks familiar, don't assume it's safe. Double-check everything.
• Use hardware wallets for storing large amounts of crypto.
• Stay informed about the latest scams and security threats.

The Bottom Line

底線

The CoinMarketCap incident is a stark reminder that the crypto space is still the Wild West, and scammers are constantly evolving their tactics. By staying vigilant, questioning everything, and taking proactive steps to protect your assets, you can avoid becoming the next victim. Stay safe out there, crypto cowboys and cowgirls!

CoinMarketCap的事件明顯地提醒人們，加密貨幣空間仍然是野外的西部，而騙子不斷地不斷發展他們的戰術。通過保持警惕，質疑一切並採取積極的步驟來保護您的資產，您可以避免成為下一個受害者。在那裡保持安全，加密牛仔和女牛仔！