诈骗者，地狱排水器和CoinMarketCap：加密唤醒电话

最近的CoinMarketCap安全性违规突出了使用Inferno Drainer等复杂技术来针对加密使用者的骗子的日益增长的威胁。

Yo, crypto fam! The wild west of digital assets just got a little wilder. Recent events involving CoinMarketCap and a nasty wallet-draining tool called Inferno Drainer are a serious wake-up call. Here's the lowdown on how scammers are getting smarter and what you can do to protect your precious coins.

哟，加密货币。数字资产的野外西部有点荒野。最近涉及CoinMarketCap和一种称为Inferno Drainer的讨厌的钱包工具的事件是一个严重的警钟。这是骗子如何变得更聪明以及可以采取什么措施来保护宝贵的硬币。

CoinMarketCap Gets Burned: The Inferno Drainer Strikes

CoinMarketCap被烧毁：地狱排水罢工

Picture this: You're cruising CoinMarketCap, checking prices, and suddenly a pop-up appears, urging you to "Verify Your Wallet." Seems legit, right? Wrong! This was the bait in a recent coordinated attack, where scammers injected malicious code into CoinMarketCap's site, using a tool called Inferno Drainer. The result? Over $43,000 drained from unsuspecting users' wallets in a matter of hours.

想象以下图片：您正在巡航CoinMarketCap，检查价格，突然出现了一个弹出窗口，敦促您“验证钱包”。似乎合法，对吧？错误的！这是最近一次协调的攻击中的诱饵，骗子使用称为Inferno Drainer的工具将恶意代码注入了CoinMarketCap的站点。结果？从毫无戒心的用户钱包中排出了超过43,000美元。

Tammy H from Flare.io, a cybercrime intelligence firm, broke down how the attackers used Inferno Drainer, a known wallet-draining toolkit. The pop-up, appearing on almost every page, tricked users into connecting their wallets, which were then promptly emptied. Ouch!

网络犯罪情报公司Flare.io的Tammy H破坏了攻击者如何使用Inferno Drainer（一种已知的钱包耗尽工具包）。弹出窗口几乎出现在每个页面上，欺骗用户连接钱包，然后迅速清空。哎哟!

Inside the Attack: How They Did It

攻击内部：他们是如何做到的

Leaked images from a Telegram channel called TheCommsLeaks revealed the inner workings of the attack. Screenshots showed a live dashboard displaying wallet connections, token transfers, and total values drained in real time. The attackers were clearly focused on maximizing visibility and wallet connections, even to the point of overloading the "connect" button.

来自Teecommsleaks的电报频道中泄漏的图像揭示了攻击的内部工作。屏幕截图显示了一个实时仪表板，该仪表板显示了钱包连接，代币传输以及实时排出的总价值。攻击者显然专注于最大化可见性和钱包连接，甚至到使“连接”按钮超载。

Victims lost SOL, XRP, EVT, and smaller coins like PENGU and SHDW. While not every attempt succeeded (some wallets held unsupported tokens or negligible balances), the overall impact was significant.

受害者失去了SOL，XRP，EVT和较小的硬币，例如Pengu和SHDW。尽管并非每次尝试都成功（有些钱包拥有不支持的令牌或可忽略的余额），但总体影响很大。

CoinMarketCap's Response: Damage Control

CoinMarketCap的响应：损坏控制

CoinMarketCap quickly addressed the issue, confirming that a malicious doodle image on their homepage triggered the attack through an embedded API call. They removed the malicious content, patched their systems, and assured users that the platform is now safe and secure. They were very transparent, and the community appreciated it.

CoinMarketCap迅速解决了这个问题，证实其主页上的恶意涂鸦图像通过嵌入式API呼叫触发了攻击。他们删除了恶意内容，修补了他们的系统，并向用户保证该平台现在是安全的。他们非常透明，社区对此表示赞赏。

Why This Matters: Trust No One (Seriously)

为什么这很重要：没有人信任（认真）

This incident highlights how easily trust in familiar interfaces can be misused. Even small interface changes, like a harmless homepage doodle, can be leveraged for large-scale damage. It's a reminder that in the crypto world, you need to be extra cautious.

该事件强调了如何轻易信任熟悉的界面。即使是无害的主页涂鸦，也可以将小小的界面变化，也可以利用大规模损坏。提醒您，在加密货币世界中，您需要格外小心。

Remember the recent case where scammers exploited search ads to trick users into calling fake support numbers for Apple and PayPal? It's the same playbook: attackers prey on user assumptions about what's safe to interact with online.

还记得最近的案例，骗子利用搜索广告来欺骗用户呼叫苹果和贝宝的伪造支持号码？这是同一本剧本：攻击者对用户假设的捕食，内容涉及在线互动的安全性。

Staying Safe: Your Crypto Armor

保持安全：您的加密装甲

So, how do you protect yourself? Here are a few key takeaways:

那么，您如何保护自己？这是一些关键要点：

• Avoid connecting wallets directly through pop-ups. Always verify the prompt against the platform's official guidance.
• If something looks familiar, don't assume it's safe. Double-check everything.
• Use hardware wallets for storing large amounts of crypto.
• Stay informed about the latest scams and security threats.

The Bottom Line

底线

The CoinMarketCap incident is a stark reminder that the crypto space is still the Wild West, and scammers are constantly evolving their tactics. By staying vigilant, questioning everything, and taking proactive steps to protect your assets, you can avoid becoming the next victim. Stay safe out there, crypto cowboys and cowgirls!

CoinMarketCap的事件明显地提醒人们，加密货币空间仍然是野外的西部，而骗子不断地不断发展他们的战术。通过保持警惕，质疑一切并采取积极的步骤来保护您的资产，您可以避免成为下一个受害者。在那里保持安全，加密牛仔和女牛仔！