加密货币投资者在针对以太坊和 Meme Coin 的网络钓鱼攻击中损失超过 18 万美元

最近针对以太坊的网络钓鱼攻击导致加密货币投资者损失了超过 18 万美元的 USDC 和 ANDY 代币。黑客利用受害者与智能合约的交互，将多个函数调用组合成一个交易，耗尽他们的余额。这次攻击突显了加密货币行业中网络钓鱼诈骗的日益盛行，仅 2 月份就有超过 57,000 名用户总共损失了 4600 万美元。

Cryptocurrency Investor Loses Over $180,000 in Phishing Attack Targeting Ethereum and Meme Coin

加密货币投资者在针对以太坊和 Meme Coin 的网络钓鱼攻击中损失超过 180,000 美元

On April 23rd, a cryptocurrency investor fell prey to a sophisticated phishing attack targeting their Ethereum (ETH) wallet, resulting in the loss of over $180,000 worth of digital assets. The incident, which unfolded over a span of just one hour, was meticulously executed by cybercriminals exploiting the victim's interactions with smart contracts.

4 月 23 日，一名加密货币投资者遭遇针对其以太坊 (ETH) 钱包的复杂网络钓鱼攻击，导致价值超过 18 万美元的数字资产丢失。该事件发生仅一小时，是网络犯罪分子利用受害者与智能合约的交互精心实施的。

Data obtained from the blockchain analytics firm Etherscan revealed that the attack began at 05:39 UTC and continued until 06:29 UTC. The perpetrators utilized a "multi-call phishing" technique, combining multiple function calls into a single transaction. While these calls may appear innocuous individually, their collective impact allowed the attackers to siphon funds from the victim's wallet.

从区块链分析公司 Etherscan 获得的数据显示，攻击于世界标准时间 05:39 开始，一直持续到世界标准时间 06:29。犯罪者利用了“多重调用网络钓鱼”技术，将多个函数调用组合到一个事务中。虽然这些电话单独看来无害，但它们的集体影响使攻击者能够从受害者的钱包中窃取资金。

Transaction records indicate that the perpetrators directed outflows from the victim's address to multiple wallets under their control. Some of these wallets have been flagged as phishing entities by Etherscan. The attack resulted in the loss of over 1.6 billion ANDY tokens, a recently launched meme coin inspired by Pepe, valued at approximately $162,400, as well as 17,913 USDC, a stablecoin pegged to the US dollar.

交易记录显示，犯罪者将资金从受害者的地址转移到他们控制的多个钱包中。其中一些钱包已被 Etherscan 标记为网络钓鱼实体。这次攻击导致超过 16 亿枚 ANDY 代币（一种受 Pepe 启发而最近推出的模因币）损失，价值约 162,400 美元，以及 17,913 USDC（一种与美元挂钩的稳定币）。

This devastating attack effectively emptied the victim's cryptocurrency account, leaving behind a balance of just $32 worth of ETH and Arbitrum (ARB). While one of the attacker's wallets has retained the stolen funds, the second, which received all the ANDY tokens, immediately swapped them for Wrapped Ethereum (WETH) on the Uniswap decentralized exchange and transferred the WETH to a newly created address.

这次毁灭性的攻击实际上清空了受害者的加密货币账户，仅留下价值 32 美元的 ETH 和 Arbitrum (ARB) 余额。虽然攻击者的一个钱包保留了被盗资金，但第二个钱包收到了所有 ANDY 代币，立即在 Uniswap 去中心化交易所将其兑换为 Wrapped Ethereum (WETH)，并将 WETH 转移到新创建的地址。

The attack most likely exploited the victim's interactions with smart contracts, which are self-executing programs stored on the blockchain. Malicious actors often create contracts that mimic legitimate decentralized finance (DeFi) operations, such as token swaps, but embed malicious code within the transactions. These embedded calls can grant the attacker the authority to transfer the user's tokens without their knowledge or consent.

这次攻击很可能利用了受害者与智能合约的交互，智能合约是存储在区块链上的自动执行程序。恶意行为者经常创建模仿合法去中心化金融（DeFi）操作（例如代币交换）的合约，但在交易中嵌入恶意代码。这些嵌入式调用可以授予攻击者在用户不知情或未经同意的情况下转移用户代币的权限。

This phishing attack bears striking similarities to a previous incident reported by Crypto.news in March, where an investor lost $674,000 in USDC in a similar multi-call phishing scheme. The perpetrators swiftly funneled the stolen assets to the Ox protocol for liquidation.

这次网络钓鱼攻击与 Crypto.news 3 月份报道的先前事件有着惊人的相似之处，当时一名投资者在类似的多次网络钓鱼计划中损失了 674,000 美元的 USDC。犯罪者迅速将被盗资产转移至 Ox 协议进行清算。

The prevalence of such phishing scams is alarming, with a recent report indicating that over 57,000 cryptocurrency users lost approximately $46 million to phishing attacks in February alone. These attacks highlight the importance of vigilance and caution when interacting with smart contracts and decentralized exchanges.

此类网络钓鱼诈骗的盛行令人震惊，最近的一份报告表明，仅 2 月份就有超过 57,000 名加密货币用户因网络钓鱼攻击损失了约 4600 万美元。这些攻击凸显了在与智能合约和去中心化交易所交互时保持警惕和谨慎的重要性。

Investors are urged to exercise extreme caution when authorizing transactions or connecting their wallets to third-party platforms. It is crucial to thoroughly verify the authenticity of contracts and websites before granting any approvals. Additionally, utilizing hardware wallets for storing cryptocurrency and employing multi-factor authentication can provide an extra layer of protection against phishing attempts.

投资者在授权交易或将钱包连接到第三方平台时应格外谨慎。在授予任何批准之前，彻底验证合同和网站的真实性至关重要。此外，利用硬件钱包存储加密货币并采用多因素身份验证可以提供额外的保护层，防止网络钓鱼尝试。