这次耗资3.3亿美元的攻击：鲜明的提醒社会工程的力量

一个重大的加密盗窃案已引发了整个行业的冲击波，价值3.3亿美元的比特币BTCUSD被盗。专家说，这是一次社会工程攻击，而不是技术攻击。

A massive crypto theft has seen $330 million stolen in Bitcoin, according to reports. Experts say this was a social engineering attack rather than a technical hack.

据报道，据报道，一次大规模加密盗窃案已有3.3亿美元的比特币被盗。专家说，这是一次社会工程攻击，而不是技术攻击。

According to investigations led by blockchain analyst ZachXBT, the victim was an elderly US citizen who was manipulated into granting access to their crypto wallet. On April 28, ZachXBT detected a suspicious transfer of 3,520 BTC, valued at $330.7 million.

根据区块链分析师Zachxbt的调查，受害者是一名老年人公民，被操纵以允许使用加密钱包。 4月28日，Zachxbt检测到3,520 BTC的可疑转移，价值3.307亿美元。

The stolen BTC was quickly laundered through more than six instant exchanges and converted into the privacy-oriented cryptocurrency Monero (XMR). Onchain analysis shows the victim had held over 3,000 BTC since 2017, with no previous record of substantial transactions.

被盗的BTC通过六个以上的即时交流很快被洗过，并转换为面向隐私的加密货币Monero（XMR）。 OnChain分析表明，自2017年以来，受害人已经持有3,000多个BTC，没有以前的大量交易记录。

Unlike typical cyberattacks that exploit software vulnerabilities, this incident relied on psychological manipulation. Scammers posed as trusted entities, slowly building credibility before persuading the victim over the phone to share sensitive credentials. This is the hallmark of social engineering — exploiting human trust rather than system weaknesses.

与利用软件漏洞的典型网络攻击不同，这一事件依赖于心理操纵。诈骗者伪装成可信赖的实体，在说服受害者通过电话分享敏感证书之前慢慢建立信誉。这是社会工程学的标志 - 利用人类信任而不是系统弱点。

After the Bitcoin theft, the attacker swiftly began laundering the funds using a peel chain method, splitting the stolen amount into smaller, harder-to-trace portions. The funds were routed through hundreds of wallets and scores of exchanges or payment services, including Binance.

盗窃比特币后，攻击者迅速开始使用果皮链方法洗钱，将被盗的数量分为较小，难以训练的部分。这些资金通过数百个钱包和数十个交易所或支付服务（包括binance）进行了路线。

A significant amount was laundered via instant exchanges and mixers, further obscuring its trail. A large portion of BTC was quickly converted into XMR, a privacy coin with untraceable architecture, causing its price to briefly surge 50% to $339.

通过即时交换和混合器洗钱，进一步掩盖了它的步道。 BTC的很大一部分被迅速转换为XMR，这是一种具有难以置信的建筑的隐私硬币，导致其价格短暂上涨了50％至339美元。

The attackers used pre-registered accounts across exchanges and OTC desks, which suggests careful planning. Some BTC was even bridged to Ethereum and deposited into various DeFi platforms, making forensic tracing more difficult. Investigators have since notified exchanges in hopes of freezing any accessible funds.

攻击者使用跨交易所和OTC书桌的预注册帐户，这表明仔细计划。一些BTC甚至被桥接到以太坊，并沉积在各种Defi平台中，从而使法医追踪更加困难。此后，调查人员已通知交流，希望冻结任何可访问的资金。

While attribution remains unclear, analysts like ZachXBT ruled out North Korean Lazarus Group involvement, pointing instead to skilled independent hackers. Hacken traced $284 million of BTC, now diluted to $60 million after extensive peeling and redistribution through obscure platforms.

虽然归因尚不清楚，但像Zachxbt这样的分析师排除了朝鲜拉撒路集团的参与，而是指出熟练的独立黑客。 Hacken追溯了2.84亿美元的BTC，通过晦涩的平台进行了大量剥离和重新分配后，现在被稀释至6000万美元。

Binance and ZachXBT were able to freeze about $7 million of the stolen funds. However, the bulk of the stolen Bitcoin remains missing. The suspects include an individual using the alias “X,” allegedly operating from the UK and believed to be of Somali origin, and another accomplice known as “W0rk.” Both have reportedly scrubbed their digital footprints since the theft.

Binance和Zachxbt能够冻结大约700万美元的被盗资金。但是，大部分被盗的比特币仍然缺失。犯罪嫌疑人包括一个使用别名“ X”的人，据称是从英国运营的，被认为是索马里的起源，还有另一个称为“ W0rk”的同伙。据报道，两人自盗窃以来都擦洗了数字足迹。

This case underscores that crypto security isn’t just about strong passwords and hardware wallets but also recognizing psychological threats. As the investigation continues, the community is reminded that even the most secure technologies are vulnerable to human fallibility.

这种案例强调了加密安全性不仅仅是密码和硬件钱包，而且还认识到心理威胁。随着调查的继续，提醒社区，即使是最安全的技术也容易受到人类犯错性的影响。

Social engineering is a manipulative technique used by cybercriminals to exploit human psychology. They trick you into revealing confidential information to access your wallets and perform actions that compromise security.

社会工程是网络犯罪分子用于利用人类心理学的一种操纵技术。他们欺骗您揭示机密信息以访问您的钱包并执行损害安全性的操作。

Unlike traditional hacking, which targets system vulnerabilities, social engineering thrives on human weaknesses such as trust, fear, urgency and curiosity. It leverages psychological tactics to manipulate victims.

与传统的黑客攻击，它针对系统脆弱性，社会工程在人类的弱点上繁衍生息，例如信任，恐惧，紧迫性和好奇心。它利用心理策略来操纵受害者。

Here are common tactics used by criminals to convince their victims and execute their plans:

以下是罪犯说服受害者并执行他们的计划的常见策略：

These psychological strategies are a major threat to users in the crypto space, where irreversible transactions and often decentralized platforms make it very difficult for the victims to regain the lost funds.

这些心理策略是对加密货币领域中用户的主要威胁，在该空间中，不可逆转的交易和经常分散的平台使受害者很难恢复损失的资金。

Did you know? Crypto drainers-as-a-service (DaaS) offers complete social engineering toolkits, including fake DEX websites, wallet prompts and Telegram support bots for anyone to run phishing campaigns, no coding required.

你可知道？加密流失者-As-a-Service（DAAS）提供完整的社会工程工具包，包括伪造的DEX网站，钱包提示和电报支持机器人，任何人都可以运行网络钓鱼活动，不需要编码。

Crypto users are particularly susceptible to social engineering attacks due to a combination of technological and behavioral issues. These include irreversibility of transactions, lack of recourse, high-value targets and overreliance on trust.

由于技术和行为问题的结合，加密使用者特别容易受到社会工程攻击的影响。这些包括交易的不可逆性，缺乏追索权，高价值目标和对信任的过度依赖。

Together, these factors make crypto users highly susceptible to human-centric attacks, more than users of traditional finance.

这些因素在一起，使加密使用者高度容易受到以人为中心的攻击，而不是传统金融的使用者。

Did you know? Unlike traditional hacks, social engineering doesn’t target code; it targets people. It is low-tech but high-reward, exploiting trust, emotion and routine to steal assets in seconds.

你可知道？与传统黑客不同，社会工程不是针对代码。它针对人。这是低技术，但很高的回报，利用信任，情感和常规，可以在几秒钟内窃取资产。

Fraudsters use customized social engineering strategies to trick and exploit unsuspecting crypto users. To protect yourself from these scamsters, you must be well aware of their various tactics.

欺诈者使用定制的社会工程策略来欺骗和利用毫无戒心的加密用户。为了保护自己免受这些骗子的侵害，您必须非常了解他们的各种策略。

You need to have a broad idea of how these methods work, including phishing scams, impersonation attacks and malicious downloads.

您需要广泛了解这些方法的工作方式，包括网络钓鱼骗局，模仿攻击和恶意下载。

Here are some prevalent tactics that fraudsters use:

以下是一些欺诈者使用的普遍策略：

Understanding these tactics is crucial for crypto users to safeguard their assets. Vigilance, verification of sources and skepticism toward unsolicited offers can mitigate the risks posed by social engineering attacks.

了解这些策略对于加密用户保护其资产至关重要。警惕，对来源的验证和对主动提议的怀疑可以减轻社会工程攻击带来的风险。

There have been several scams in the crypto domain exploiting human weaknesses. Fraudsters used clever tactics like phishing and impersonation to steal digital assets.

加密型领域中有几个骗局，利用人类的弱点。欺诈者使用网络钓鱼和模仿等聪明的策略来窃取数字资产。

These case studies provide key insights to boost awareness and prevent losses.

这些案例研究提供了关键的见解，以提高意识并防止损失。

Ronin Network attack

罗宁网络攻击

In March

在三月