COINTELEGRAPH在火中：漏洞，网络钓鱼和加密媒体雷区

Cointelegraph和CoinMarketCap面对前端的漏洞，将可信赖的加密新闻网站变成了钱包排水器的媒介。唤醒加密安全性的呼唤。

Cointelegraph Under Fire: Exploits, Phishing, and the Crypto Media Minefield

COINTELEGRAPH在火中：漏洞，网络钓鱼和加密媒体雷区

Hold onto your hats, crypto enthusiasts! It's been a wild ride with Cointelegraph and CoinMarketCap getting hit by front-end exploits, turning trusted news sites into unwitting accomplices in wallet draining schemes. Let's dive into the chaos and see what lessons we can learn.

抓住您的帽子，加密爱好者！这是一个疯狂的旅程，Cointelegraph和CoinMarketCap受到前端漏洞的打击，将可信赖的新闻网站变成了钱包排干计划中的意外同谋。让我们深入研究混乱，看看我们可以学到什么。

The Cointelegraph Breach: A Phishing Pop-Up Nightmare

Cointelegraph违规：网络钓鱼弹出式噩梦

Recently, Cointelegraph confirmed that its website was compromised by a front-end exploit. Attackers injected a malicious pop-up claiming to offer “CoinTelegraph ICO Airdrops” and “CTG tokens.” The hook? Connect your crypto wallet for a sweet $5,500 worth of tokens. Of course, it was all a big fat lie.

最近，Cointelegraph确认其网站被前端漏洞损害。攻击者注入了一个恶意的弹出窗口，声称提供“ Cointelegraph ICO Airdrops”和“ CTG令牌”。钩？连接您的加密钱包，可提供价值5,500美元的代币。当然，这都是一个大胖子。

Cointelegraph swiftly warned users: “Do not click on these pop-ups, connect your wallets, or enter any personal information.” They were, thankfully, on the case, working to fix the issue.

Cointelegraph迅速警告用户：“不要单击这些弹出窗口，连接钱包或输入任何个人信息。”值得庆幸的是，他们正在努力解决这个问题。

Déjà Vu: CoinMarketCap's Similar Scare

已经看到：CoinMarketCap的类似恐慌

Just two days prior, CoinMarketCap faced a nearly identical exploit. Attackers embedded similar code to serve wallet phishing prompts. These attacks relied on hijacking trusted platforms, turning news and data sites into vectors for wallet drainers. Sneaky, right?

仅仅两天前，CoinMarketCap面临着几乎相同的利用。攻击者嵌入了类似的代码，以服务钱包网络钓鱼提示。这些攻击依赖于劫持受信任的平台，将新闻和数据站点变成钱包排水器的向量。偷偷摸摸，对吧？

How the Hackers Did It

黑客是如何做到的

CoinMarketCap’s breach involved exploiting a vulnerability in their front-end system. Hackers used a seemingly harmless doodle image to inject malicious code that triggered fake wallet verification pop-ups. Coinspect Security pinpointed the attack vector as the platform’s rotating “doodles” feature, allowing attackers to embed the malicious code without altering the site’s core infrastructure.

CoinMarketCap的违规行为涉及利用其前端系统中的脆弱性。黑客使用看似无害的涂鸦图像来注入触发假钱包验证弹出窗口的恶意代码。 Coinspect Security将攻击向量指定为平台旋转的“涂鸦”功能，从而允许攻击者嵌入恶意代码，而无需更改站点的核心基础架构。

The pop-up was live briefly before CoinMarketCap’s team took it down. They've since implemented “comprehensive measures” to isolate and mitigate the issue. The big question remains: how many users were affected, and were any wallets compromised?

在CoinMarketCap的团队将其拆除之前，该弹出式弹出窗口短暂直播。从那以后，他们就采取了“综合措施”来隔离和减轻问题。最大的问题仍然存在：有多少用户受到影响，并且任何钱包是否受到妥协？

Verified Accounts, Compromised Trust: The Bigger Picture

经过验证的帐户，受损的信任：大局

This isn't just about Cointelegraph and CoinMarketCap. There's a surge in social media hacks targeting the crypto community. Verified accounts on X, belonging to crypto projects, influencers, and even politicians, have been hijacked to spread scams. Bitget, a crypto exchange, reports that hackers are using deceptive methods that are harder to detect.

这不仅仅是Cointelegraph和CoinMarketCap。社交媒体骇客攻击了针对加密货币社区的人。 X上的X，属于加密项目，有影响力的人甚至政客的验证帐户已被劫持以传播骗局。 BITGET是一种加密交易所，报告说黑客正在使用更难检测的欺骗性方法。

One Bitget employee fell victim to a scammer posing as a potential business partner. The scammer shared files disguised as project demo tools, which installed malware, granting control of the employee’s X account. Classic move, but effective.

一位BITGET员工成为了一个骗子的受害者，该骗子冒充潜在的商业伙伴。骗子共享的文件伪装成项目演示工具，该​​工具安装了恶意软件，授予员工X帐户的控制。经典举动，但有效。

Evolving Tactics: How to Stay Safe

不断发展的策略：如何保持安全

These scams are getting sophisticated. Hackers use verified accounts, remove messages to stay hidden, and spoof profiles with alarming accuracy. Bitget recommends precautions like verifying identities through multiple channels and being skeptical of unsolicited offers.

这些骗局变得复杂。黑客使用经过验证的帐户，删除消息以保持隐藏状态，并以令人震惊的精度欺骗配置文件。 BITGET建议采取预防措施，例如通过多个渠道验证身份，并对未经请求的报价持怀疑态度。

If you suspect a hack, change your passwords immediately, revoke API keys, and report the incident. Knowledge is your strongest defense.

如果您怀疑有黑客攻击，请立即更改密码，撤销API键并报告事件。知识是您最强大的防御。

The Takeaway

外卖

What's my take? The Cointelegraph and CoinMarketCap exploits highlight the need for robust security measures, even on trusted platforms. Always double-check before connecting your wallet or entering personal information. If something seems too good to be true, it probably is. The fact that trusted crypto news outlets can be compromised underscores the importance of skepticism and vigilance in the crypto space.

我的看法是什么？ Cointelegraph和CoinMarketCap利用了即使在受信任的平台上也需要强大的安全措施。在连接钱包或输入个人信息之前，请务必仔细检查。如果某件事似乎太好了，那么可能是真实的。值得信赖的加密新闻媒体可能会受到损害，这强调了对加密货币空间中怀疑和警惕的重要性。

Final Thoughts

最后的想法

So, stay frosty, crypto fam! Keep your wits about you, and remember, a healthy dose of paranoia can save you a fortune. After all, in the wild world of crypto, it's better to be safe than sorry!

因此，保持冷冻，加密货币熟！保持智慧，并记住，健康的偏执狂可以为您节省一笔财富。毕竟，在加密世界的野生世界中，安全比后悔更好！