defibank.online：地毯扣的案例研究

最近，品牌名称“ defibank.online”在加密论坛和电报小组上的频率越来越高，作为“新的分散银行”，能够通过$银行代币提供三位数的回报。

Recently, the brand name ‘DefiBank.online’ has been appearing with increasing frequency on crypto forums and Telegram groups, presented as a ‘new decentralised bank’ capable of offering triple-digit returns via the $BANK token. A preliminary analysis, however, reveals a number of inconsistencies: a domain registered only a few weeks ago, a front-end lacking white-papers and audits, references to a DAO LLC that do not appear in official records, social profiles with minimal engagement, and an immediate invitation to connect the wallet by granting unlimited authorisations.

最近，品牌名称“ defibank.online”在加密论坛和电报小组上的频率越来越高，作为“新的分散银行”，能够通过$银行代币提供三位数的回报。然而，初步分析揭示了许多不一致之处：仅几周前才注册的域名，缺乏白色副本和审计的前端，指的是未出现在官方记录中的DAO LLC，具有最低限度参与的社交配置文件，以及通过授予无限制授权来连接钱包的邀请。

The following reconstructs, point by point, the anatomy of the DefiBank.online case-from the WHOIS data to the source code to the on-chain clues suggesting its potentially fraudulent nature-and provides an operational checklist to help recognise similar schemes in the DeFi landscape.

以下重建defibank的解剖结构。在线案例中，WHOIS数据到源代码到链链线索，表明其潜在的欺诈性质，并提供了一份操作清单，以帮助识别Defi景观中的类似方案。

Decripto offers a support and advisory service via on-chain analysis and forensic reports to claim the recovery of funds lost in cryptocurrency scams. For more information CLICK HERE. For the official Telegram group link below (LINK).

Nectipto通过链分析和法医报告提供了支持和咨询服务，以声称在加密货币骗局中损失的资金的收回。有关更多信息，请单击此处。对于下面的官方电报组链接（链接）。

The domain defibank.online

域defibank.online

The domain defibank.online was only registered on 11 November 2024 and extended for only one year, with the only update on 20 December 2024. The choice of a one-year horizon – combined with a mass registrar such as Go Daddy – suggests a hit-and-run strategy: it is unlikely that an entity aspiring to operate as a decentralised bank would establish such a short life window from the outset.

域defibank.online仅在2024年11月11日进行注册，仅延长了一年，并在2024年12月20日进行了更新。选择为期一年的地平线 - 加上像Go Daddy这样的大众注册服务商 - 暗示了一种命中式策略：不可能实现一个势在不足的银行来建立一个短暂的终身窗口，这是不可能的，这是不可能的。

The infrastructure rests entirely on DigitalOcean name-servers. It is a perfectly legitimate cloud but designed for quick and inexpensive deployments, and thus easily dismantled or moved elsewhere should the project become problematic. It also lacks minimal DNS hardening components: DNSSEC has not been activated, nor are there any SPF or DMARC records, indications of very little attention to domain reputation and integrity.

基础架构完全取决于Digitalocean名称服务器。这是一条完全合法的云，但设计用于快速且廉价的部署，因此如果项目变得有问题，则很容易拆除或移动到其他地方。它还缺乏最小的DNS硬化组件：DNSSEC尚未激活，也没有任何SPF或DMARC记录，很少关注域名声誉和完整性。

The picture is complicated by looking at the homepage markup: the code delivered to the browser is a React shell devoid of static content, which only downloads obfuscated JavaScript bundles after loading. Even the URL app.ray.sx, remnant of a template reused by another application, appears within the meta-tags. This structure prevents crawlers and anti-phishing tools from inspecting the site without executing code – a recurring pattern in front-ends used as bait for wallet-drain operations.

通过查看主页标记，图片很复杂：传递到浏览器的代码是一个没有静态内容的React shell，它仅在加载后仅下载了混淆的JavaScript捆绑包。甚至url app.ray.sx（由另一个应用程序重复使用的模板的残留）也出现在元标记中。该结构可防止爬行者和反向钓鱼工具在不执行代码的情况下检查站点 - 在前端中的反复出现的模式，用作钱包插入操作的诱饵。

The VirusTotal analysis returns an even more compromising picture. Two reputation engines – alphaMountain.ai and Forcepoint ThreatSeeker – classify defibank.online as ‘Suspicious’ and even ‘hacking’ respectively.

Virustotal Analysis返回的情况更加妥协。两个声誉引擎 - Alphamountain.ai和Forcepoint theakeeker - 将Defibank.online分别为“可疑”甚至“黑客攻击”。

alphaMountain.ai: Suspicious – Forcepoint: Hacking/tool

Alphamountain.ai：可疑 - 力点：黑客/工具

These are not isolated false positives: the site was first sent to VirusTotal on 8 March 2024 and re-examined until 19 March 2025, a sign that the domain or IP had been on the blacklist radar for a long time.

这些不是孤立的误报：该地点于2024年3月8日首次发送到Virustotal，并重新检查到2025年3月19日，这表明该域或IP已经在黑名单雷达上很长时间了。

The HTTP response confirms that the host (65.109.173.253) serves a simple Nginx on Ubuntu; the body of the home page weighs a mere 9 KB, a further indication of a front-end reduced to the bone that refers all logic to external JavaScript bundles. Most striking is the Open Graph section: the og:url tag points to app.ray.sx, a domain unrelated to the alleged banking project and already identified in the site’s markup. The preview image, the title (‘Buy $BANK…’) and the bombastic description confirm the purely promotional nature of the landing page, in stark contrast to the claim of institutional seriousness.

HTTP响应确认主机（65.109.173.253）在Ubuntu上提供了简单的NGINX。主页的主体仅重达9 kb，进一步指示前端还原为骨头，将所有逻辑都引用到外部JavaScript束。最引人注目的是开放图部分：OG：URL标签指向App.Ray.sx，这是与所谓的银行项目无关的域名，并且已经在网站的标记中确定。预览图像，标题（“购买$ bank…”）和夸张的描述证实了着陆页的纯粹促销性质，与机构认真的主张形成了鲜明的对比。

Finally, five tracking platforms emerge in the traffic – Google Analytics, Google Tag Manager, Facebook Pixel, Yandex Metrica and Facebook Custom Audience – an abnormal density for a product that proclaims itself ‘decentralised’ and attentive to user privacy. In summary, VirusTotal does not detect executable malware, but it does gather a number of risk signals (hacking classification, inconsistent meta-tags, massive tracking) that reinforce what has already been observed at the domain and site structure level: DefiBank.online acts more like an advertising funnel than a reliable financial platform.

最后，流量中出现了五个跟踪平台 - Google Analytics（Google Analytics），Google标签管理器，Facebook Pixel，Yandex Metrica和Facebook自定义受众 - 一种异常的密度，该产品宣称自己是“分散的”，并专注于用户隐私。总而言之，Virustotal并未检测到可执行的恶意软件，但是它确实收集了许多风险信号（黑客分类，不一致的元标记，大量跟踪），从而增强了在域和站点结构级别上已经观察到的东西：defibank.nline的行为比可靠的金融平台更像是广告渠道。

The rebus of the $BANK token

$银行代币的重组

Once past the front of the site, one discovers that the entire project revolves around a utility token called $BANK. It is here that the inconsistencies become macroscopic.

一旦经过网站的前部，人们发现整个项目都围绕一个称为$ bank的公用事业令牌。在这里，不一致成为宏观的。

The token is presented with a pre-mining phase, then an Angel fund-raising round (with a price of $0.04), followed by a Pre-Seed round at $0.07 and a Seed round at $0.1. According to the project’s statements, the token will be launched on two chains (ETH and BNB) and will be listed on tier-one exchanges by the third quarter of 2025. In total, $BANK will have a supply of 1 billion units, to be released over a period of 18

令牌呈现前期阶段，然后是一个天使筹款的回合（价格为0.04美元），然后是预付的回合，为0.07美元，种子回合为0.1美元。根据该项目的声明，代币将以两个连锁店（ETH和BNB）启动，并将在2025年第三季度之前在一级交易所上列出。总共，$银行将在18个单位中供应10亿个单位，将在18个期间发布。