朝鲜黑客正在利用分散协议中的网络安全弱点，以个人和组织为目标。了解如何加强您的防御能力。

Decentralized Protocols Under Siege: North Korean Hackers and the Cybersecurity Gap

围困下的分散协议：朝鲜黑客和网络安全差距

The world of decentralized protocols, once hailed as the epitome of security and resilience, is facing a rude awakening. North Korean hackers are increasingly targeting this space, exposing critical cybersecurity gaps that threaten the entire ecosystem. The focus is no longer on smart contract vulnerabilities, but on the human element and operational security (OPSEC).

曾经被称为安全和弹性的缩影的分散协议的世界正面临着粗鲁的觉醒。朝鲜黑客越来越多地针对这个空间，暴露了威胁整个生态系统的关键网络安全差距。重点不再放在智能合同漏洞上，而是人为因素和运营安全（OPSEC）。

The Evolving Threat Landscape

不断发展的威胁格局

Forget zero-day exploits in Solidity. Nation-state attackers are now exploiting the operational vulnerabilities of decentralized teams. Poor key management, nonexistent onboarding processes, unvetted contributors pushing code from personal laptops, and treasury governance conducted via Discord polls are all prime targets. As Oak Security's experience shows, many protocols are soft targets for serious adversaries, despite heavy investment in smart contract audits.

忘记零日的固定性。民族国家攻击者现在正在利用分散团队的运营漏洞。较差的关键管理，不存在的入职流程，未见的贡献者从个人笔记本电脑推出代码以及通过不和谐民意调查进行的财政部治理都是主要目标。正如Oak Security的经验所表明的那样，尽管对智能合同审核进行了大量投资，但许多协议是严重对手的软目标。

In 2025 alone, North Korean-affiliated attackers have been linked to campaigns targeting $1.5 billion in assets at Bybit through credential-harvesting, malware attacks on MetaMask and Trust Wallet users, infiltration attempts on exchanges via fake job applicants, and the creation of shell companies inside the U.S. to target crypto developers.

仅在2025年，仅在2025年，朝鲜附属的攻击者就通过证书收获，对MetAmask和Trust Wallet用户的恶意软件攻击，针对BYBIT的15亿美元资产的竞选活动，通过伪造求职者进行交流，以及在US中创建目标Crypto开发人员的壳牌公司。

The Smart Contract Illusion

智能合同幻觉

Many DeFi projects operate under the dangerous assumption that a passed smart contract audit equates to overall security. However, smart contract exploits are no longer the preferred method of attack. It’s easier and more effective to target the people running the system. Many DeFi teams lack dedicated security leads, managing enormous treasuries without formal OPSEC accountability.

许多DEFI项目在危险的假设下运行，即通过的智能合同审计等同于整体安全。但是，智能合同利用不再是首选的攻击方法。针对运行系统的人员更容易，更有效。许多Defi团队缺乏专用的安全线索，在没有正式OPSEC问责制的情况下管理巨大的国库。

Coinbase's May 2025 disclosure of a cybersecurity incident involving a bribed overseas support agent highlights this systemic vulnerability. Binance and Kraken faced similar attacks but successfully fended them off. This wasn't a coding error; it was insider bribery and human failure.

Coinbase于2025年5月披露涉及海外支持代理的网络安全事件突出了这种系统性脆弱性。 Binance和Kraken面临着类似的攻击，但成功地将其击退。这不是编码错误；这是内部贿赂和人类失败。

North Korean Hackers Go Phishing

朝鲜黑客去网络钓鱼

A recent campaign by the North Korean hacking group Famous Chollima illustrates the sophistication of these attacks. Disguising Python-based malware (PylangGhost) as part of a fake job application process, they impersonate top crypto firms like Coinbase, Robinhood, and Uniswap through polished fake career sites. The malware steals login credentials, session cookies, and wallet data from over 80 extensions, including MetaMask and 1Password.

北朝鲜黑客小组著名著名的Chollima最近进行的一项运动说明了这些袭击的复杂性。伪装总部位于Python的恶意软件（Pylangghost）作为虚假申请过程的一部分，他们模仿了Coinbase，Robinhood和Uniswap等高级加密公司，并通过抛光的假职业网站。该恶意软件从80多个扩展程序中窃取登录凭据，会话cookie和钱包数据，包括metamask和1password。

Learning from TradFi

向Tradfi学习

Traditional financial institutions face similar threats but rarely collapse due to cyberattacks. They operate on the assumption that attacks are inevitable and implement layered defenses, access controls, and structured incident response plans. Web3 needs to adopt similar maturity, adapted to the realities of decentralized teams.

传统的金融机构面临类似的威胁，但由于网络攻击而很少崩溃。他们基于这样的假设，即攻击是不可避免的，并实施了分层的防御，访问控制和结构化事件响应计划。 Web3需要采用类似的成熟度，适应了分散团队的现实。

This includes enforcing OPSEC playbooks, running red-team simulations, and using multi-signature wallets backed by hardware wallets. Contributor vetting and background checks are essential, even in decentralized teams.

这包括执行OPSEC剧本，运行红线仿真以及使用由硬件钱包支持的多签名钱包。贡献者审核和背景调查至关重要，即使在分散的团队中也是如此。

Decentralization Is No Excuse

权力下放不是借口

The difficulty of implementing operational security in decentralized organizations is no excuse for negligence. Nation-state adversaries are already inside the gates, and the global economy is increasingly reliant on on-chain infrastructure. Web3 platforms must employ disciplined cybersecurity practices to avoid becoming a permanent funding source for malicious actors.

在分散组织中实施运营安全的困难不是疏忽的借口。民族国家的对手已经在大门内部，全球经济越来越依赖链上的基础设施。 Web3平台必须采用纪律严明的网络安全实践，以避免成为恶意演员的永久资金来源。

Code alone won't defend us; a robust security culture will.

仅代码不会捍卫我们；强大的安全文化将。

The Last Word

最后一句话

So, Web3, let's get our act together! Time to ditch the

因此，Web3，让我们一起做我们的行为！是时候抛弃了