Tron Dao的X頁面被黑客圍困

片刻，Tron Dao的X頁面被一名黑客圍困，他利用未經授權的訪問權限出版了帶有合同地址的帖子。

A hacker gained unauthorized access to TRON DAO's X page to post a message with a contract address, while TRON founder Justin Sun urged cryptocurrency exchange, OKX, to freeze funds linked to the exploit.

一名黑客獲得了對Tron Dao的X頁面未經授權的訪問，以發布帶有合同地址的消息，而Tron創始人Justin Sun敦促OKX的加密貨幣交易所凍結與Exploit相關的資金。

In the early hours of May 3, TRON DAO said its X account was compromised the previous day, and the hacker posted a message containing a contract address.

在5月3日凌​​晨，Tron Dao說，其X帳戶在前一天受到損害，黑客發布了一條包含合同地址的消息。

We’re aware that our X account was compromised from 9:25 AM PST on May 2, 2025. During this time, an unauthorized party published a post containing a contract address (CA), sent direct messages (DMs), and followed various accounts unknown to us.

我們知道，我們的X帳戶從2025年5月2日上午9:25從PST遭到損害。在此期間，未經授權的一方發布了一個包含合同地址（CA），發送直接消息（DMS）的帖子，並遵循了我們未知的各種帳戶。

Please be reminded: TRON DAO will…

請提醒：Tron Dao會…

— TRON DAO (@trondao) May 3, 2025

- Tron Fot（@Trove）2025年5月3日

The hacker also sent direct messages to several accounts and clicked on the "Follow" button for some other X profiles, which were not completed with TRON DAO's permission.

黑客還向多個帳戶發送了直接消息，並單擊了其他一些X配置文件的“關注”按鈕，而Tron Dao的許可未完成。

"TRON DAO will never post contract addresses or send unsolicited DMs. If you received a DM from our account on May 2, please delete it and consider it the work of the attacker," the protocol stated.

該協議說：“ Tron Dao永遠不會發布合同地址或發送未經請求的DMS。如果您在5月2日從我們的帳戶中收到DM，請刪除它，並將其視為攻擊者的工作。”

As confirmed, the exploit came from the loopholes traced to a member of its team. The Tron DAO said, "a member of our team was targeted in a malicious social engineering attack, which led to their account being compromised."

正如確認的那樣，漏洞利用來自追溯到其團隊成員的漏洞。特隆道說：“我們團隊的一名成員是針對惡意的社會工程攻擊的，導致他們的帳戶受到損害。”

According to the DAO, logging out the perpetrator and restoring TRON's access were not sufficient to stop the damage initiated by the hacker. The hackers were still able to contact others, offering posts from the TRON DAO main account in exchange for payment. Some funds were allegedly stolen while the hackers were in control of the X account.

根據DAO的說法，記錄肇事者並恢復Tron的訪問不足以阻止黑客啟動的損害。黑客仍然能夠與他人聯繫，提供Tron Dao主帳戶的帖子以換取付款。據稱，在黑客控制X帳戶時，一些資金被盜。

However, the hackers later transferred the siphoned funds to a wallet linked with OKX, per a post from Justin Sun. Hence, he appealed to the exchange to intervene to ensure that the assets were not moved further and to help with the investigation.

但是，根據賈斯汀·孫（Justin Sun）的職位，黑客隨後將偷偷摸摸的資金轉移到了與OKX相關的錢包中。因此，他呼籲交換進行干預，以確保資產不會進一步移動並幫助進行調查。

In response, OKX CEO Star Xu told Sun that his firm has a Public Law Enforcement Cooperation policy. This is a list of guidelines and procedures that require law enforcement agencies to collaborate with other organizations. With it, they could share information with the public, government agencies, and non-governmental organizations.

作為回應，OKX首席執行官XU告訴Sun，他的公司有公共執法合作政策。這是需要執法機構與其他組織合作的準則和程序列表。有了它，他們可以與公共，政府機構和非政府組織共享信息。

Xu shared the link to the reporting channels where TRON DAO can drop evidence of the incident. He also assured TRON's founder that a temporary freeze will be made, but this will be based on the evidence provided. If the attacked protocol plans to extend the freeze, it is required to provide legal documents to OKX. This is part of the exchange's consumer protection policy.

Xu分享了指向Tron Dao可以放棄事件證據的報告渠道的鏈接。他還向特隆的創始人保證，將暫時凍結，但這將基於提供的證據。如果攻擊的協議計劃擴展凍結，則需要向OKX提供法律文件。這是交易所消費者保護政策的一部分。

While OKX has spelled out its policy, it is worth noting that Sun's request from the crypto exchange is not a new thing in the broader market.

儘管OKX已經闡明了其政策，但值得注意的是，在更廣泛的市場中，Sun的要求並不是新事物。

Crypto exchanges do not consider it a 'big deal' to request assistance from their counterparts whenever they come under attack or breach. Decentralized trading platform KiloEx was recently attacked, causing users to lose $7.5 million.

加密交易所並不認為每當他們受到攻擊或違規時，請求對同行的幫助是“大事”。分散的交易平台Kiloex最近受到攻擊，導致用戶損失了750萬美元。

Not too long after, Binance announced that it had managed to recover $6.1 million of the stolen funds, which is equivalent to 90% of the total stolen assets.

不久之後，Binance宣布已設法收回了610萬美元的被盜資金，這相當於被盜總資產的90％。

The exchange's security team acted swiftly when the KiloEx exploit was detected and reported, and the effort was supported by additional collaborations to investigate the incident, according to Binance CEO Richard Teng.

據Binance首席執行官Richard Teng說，當kiloex漏洞利用被發現和報告時，交易所的安全團隊迅速採取了行動，據Binance首席執行官Richard Teng稱，額外合作的努力得到了支持。