Changpeng Zhao警告用户对基于平台的攻击保持谨慎

该警告发出后，《分类帐》 hack侵犯了对安全弱点的担忧。

Changpeng Zhao, founder of Binance, issued a stark warning to be cautious of platform-based attacks. His words come as the Ledger Discord hack continues to fuel worries over security weaknesses.

Binance的创始人Changpeng Zhao发出了明显的警告，以谨慎对待平台的攻击。随着分类帐会的黑客攻击继续引起对安全弱点的担忧，他的话来了。

On May 11, Ledger confirmed its Discord server was breached by a hacker who gained a moderator’s account. The attacker used a malicious bot to post scam links on the server. These links led users to a phishing site where they were asked for their 24-word recovery phrases. Entering those words granted attackers direct access to crypto funds.

5月11日，Ledger确认其Discord Server遭到了获得主持人帐户的黑客的破坏。攻击者使用恶意机器人在服务器上发布骗局链接。这些链接导致用户到达网络钓鱼站点，在那里他们被要求提供24个字的恢复短语。输入那些授予攻击者的单词直接访问加密资金。

How a Compromised Account Escalated the Ledger Hack?

一个折衷的帐户如何升级分类帐黑客？

According to Ledger, the breach began when attackers took over a contracted moderator’s account. The malicious bot then sent false alerts claiming a serious security flaw had been found and urging users to confirm their recovery phrases through a fake link.

根据莱杰的说法，违规行为始于攻击者接管合同主持人的帐户。然后，恶意机器人发送了错误的警报，声称已经发现了严重的安全缺陷，并敦促用户通过假链接确认其恢复短语。

Despite staff removing the bot quickly, some community members were muted or banned for reporting the issue.

尽管工作人员迅速删除了机器人，但一些社区成员因报告该问题而被静音或禁止。

Moreover, users received no warning before the fraudulent messages appeared. This delay allowed more users to fall for the scam. The incident itself escalated the harm caused by the Ledger Discord hack.

此外，在出现欺诈性消息之前，用户没有收到任何警告。这个延迟使更多的用户可以落入骗局。该事件本身升级了分类帐会攻击造成的伤害。

Hardware wallets like Ledger’s are designed with offline protection in mind to safeguard private keys. However, this Discord breach demonstrates how online channels can circumvent that security.

诸如Ledger's之类的硬件钱包的设计考虑到脱机保护，以保护私钥。但是，这种不和谐违规说明了在线渠道如何规避该安全性。

While the Ledger device itself remained intact, the attackers abused platform permissions and user trust to steal crypto.

虽然分类帐设备本身保持完整，但攻击者滥用了平台权限和用户信任窃取加密货币。

Zhao shared a brief warning about these risks on X. His post expressed the dangers posed by community platforms and social media, especially in the crypto space.

赵对X上的这些风险分享了一个简短的警告。他的帖子表达了社区平台和社交媒体所带来的危险，尤其是在加密货币领域。

The Binance founder urged users to stay vigilant against social engineering and phishing attacks. His voice adds urgency to calls for better user education and platform defenses.

Binance创始人敦促用户对社会工程和网络钓鱼攻击保持警惕。他的声音增加了要求更好的用户教育和平台防御措施的紧迫性。

Phishing Attacks Against Ledger Users Are Evolving

针对分类帐用户的网络钓鱼攻击正在不断发展

This isn’t the first time this year that Ledger users have faced scams. In April, attackers sent letters that looked like they were from Ledger, complete with the company’s branding and the usual address format.

这不是Ledger用户今年第一次面临骗局。 4月，攻击者发送了看上去像是从莱杰（Ledger）的信件，并配有公司的品牌和通常的地址格式。

These letters asked owners to scan a QR code, which led to a phishing site where recovery phrases were requested. It is unclear if the scammers used customer data leaked in the 2020 breach of over 270,000 accounts.

这些信件要求业主扫描QR码，该QR码导致了一个网站，要求恢复短语。目前尚不清楚骗子是否使用了2020年违反270,000多个帐户的客户数据。

This series of events shows how crypto scams are becoming more sophisticated and use multiple channels to target victims. Users must remain alert to both digital and physical threats.

这一系列事件表明了加密骗局如何变得更加复杂，并使用多个渠道来针对受害者。用户必须对数字和物理威胁保持警惕。

Messaging Apps Are the Weak Link in Blockchain Security

消息传递应用程序是区块链安全中的薄弱链接

According to Ledger, the Discord hack was an isolated event. But many still worry about future breaches.

根据莱杰（Ledger）的说法，Discord Hack是一个孤立的事件。但是许多人仍然担心未来的违规行为。

Many blockchain projects rely heavily on messaging platforms like Discord to communicate with their community and provide support. However, these channels usually lack the same degree of security governance as core exchange or wallet services.

许多区块链项目在很大程度上依赖于像Discord这样的消息传递平台来与他们的社区进行交流并提供支持。但是，这些渠道通常缺乏与核心交换或钱包服务相同的安全治理。

Hackers gaining moderator or administrative access, as seen in the Ledger Discord hack, can pose serious problems. As self-custody gains popularity, educating users about phishing scams and social engineering is becoming increasingly vital.

如《分类帐》（Ledger Discord Hack）中看到的，涉及主持人或管理访问的黑客可能会构成严重的问题。随着自我观察的受欢迎程度，对用户进行网络钓鱼骗局和社会工程的教育变得越来越重要。

Simple technical security cannot stop every human-based attack. Projects must strengthen both platform controls and user awareness to decrease risk further.

简单的技术安全不能阻止所有基于人类的攻击。项目必须加强平台控制和用户意识，以进一步降低风险。

The phishing messages looked convincingly official. Screenshots show the hacker posing as a Ledger community manager, warning of a “recently discovered vulnerability.” That fake manager urged users to "quickly confirm" their recovery phrase on a special webpage. The scam website mimicked a real Ledger verification page, asking the user to input their 24-word seed phrase "to ensure optimal protection of your Ledger Nano S/X." Users who entered their recovery phrases were told they had granted "complete access" to the attacker's device and should close the window.

网络钓鱼消息看上去令人信服。屏幕截图显示黑客摆姿势是分类帐社区经理，警告“最近发现的脆弱性”。该假管理器敦促用户在特殊网页上“快速确认”其恢复短语。骗局网站模仿了一个真正的分类帐验证页面，要求用户输入其24字的种子短语“以确保对分类帐Nano S/X的最佳保护”。输入恢复短语的用户被告知他们已授予攻击者设备的“完全访问”，并应关闭窗口。

This combination of technical tricks and psychological pressure was designed to deceive victims. Unpaid volunteer moderators were among those who fell for the scam, highlighting how quickly the scheme could spread.

技术技巧和心理压力的这种结合旨在欺骗受害者。无薪志愿者主持人是那些因骗局而倒下的人，强调了该计划的传播速度。

Victims often do not suspect such well-crafted scams until it is too late. This blend of deception makes modern crypto scams more dangerous and harder to spot than simple typos in a URL.

受害者通常不会怀疑这种精心制作的骗局，直到为时已晚。这种欺骗的融合使现代加密骗局比URL中的简单错别字更危险和难以发现。

The Ledger Hack Highlights the Need for Better Communication

分类帐hack强调了需要更好的沟通的需求

It is unclear if any users lost funds in this hack. But the fact that attackers invest time in these schemes means they often get results.

目前尚不清楚任何用户是否在此黑客中损失了资金。但是，攻击者在这些方案上投入时间的事实意味着他们经常获得结果。

This instance of the Ledger Discord Hack shows that companies may need to move from offering reactive fixes, like quickly removing a malicious bot, to having proactive communication plans in place.

Ledger Discord Hack的这一实例表明，公司可能需要从提供反应性修复程序（例如快速删除恶意机器人）转变为制定主动的沟通计划。

In the meantime, users should take several precautions. Never share your recovery phrase with anyone or enter it on any website unless you are sure of the source. Be wary of any urgent messages or claims of flaws. If you see a link in chat or a letter, double-check it carefully before clicking.

同时，用户应采取一些预防措施。除非您确定来源，否则切勿与任何人共享您的恢复短语或在任何网站上输入。警惕任何紧急信息或缺陷的主张。如果您在聊天或字母中看到链接，请在单击之前仔细检查它。

Crypto asset security is a shared responsibility that begins with companies but continues with users. Staying informed and cautious is now as vital as holding your private key.

加密资产安全性是从公司开始的共同责任，但持续到用户。现在，保持知情和谨慎的态度与持有私钥一样至关重要。