Blockchain security experts have uncovered a malicious mobile application, BOM, responsible for stealing over $1.82 million in cryptocurrency. According to blockchain security firms SlowMist and OKX Web3 Security, the app secretly accessed users' private keys and mnemonic phrases.

區塊鏈安全專家發現了一個惡意移動應用程序BOM，負責竊取超過182萬美元的加密貨幣。 根據區塊鏈安全公司的說法，該應用程序秘密訪問了用戶的私鑰和助記符。

Analysis of stolen funds movement from the BOM creator across multiple DEXs | Source: SlowMist

分析來自多個DEX的BOM創建者的偷資金運動|資料來源：慢速派

SlowMist's February 27th report detailed the first unauthorized transactions occurring on February 14th. On-chain analysis revealed BOM as a fraudulent app that tricked users into granting excessive file access permissions. Once granted, the app scanned the device, exfiltrated wallet data, and transmitted it to a remote server.

Slowmist的2月27日報告詳細介紹了2月14日進行的首次未經授權的交易。 鏈分析顯示BOM是一個欺詐性應用程序，它欺騙用戶授予過多的文件訪問權限。 批准後，該應用程序掃描了設備，刪除錢包數據，然後將其傳輸到遠程服務器。

The app's request for unnecessary permissions, such as access to photos and media, was flagged as highly suspicious. SlowMist noted, "On iOS, the app deceptively requests permissions, claiming this access is necessary for normal operation. This behavior is highly suspicious—a blockchain application has no legitimate reason to require access to the photo gallery."

該應用程序要求的不必要權限的請求（例如對照片和媒體的訪問）被標記為高度可疑。 Slowmist指出：“在iOS上，該應用程序欺騙性請求權限，聲稱此訪問是正常操作的必要條件。此行為高度可疑 - 區塊鏈應用程序沒有正當理由需要訪問照相館。”

SlowMist tracked the stolen funds across multiple blockchains, identifying at least 13,000 victims. The main hacker address (0x49aDd3E…) transferred funds through BNB Chain, Ethereum, Polygon, Arbitrum, and Coinbase's Base. Stolen cryptocurrencies included Tether (USDT), Ethereum (ETH), Wrapped Bitcoin (WBTC), and Dogecoin (DOGE).

Slowmist追踪了跨多個區塊鏈中被盜的資金，確定了至少13,000名受害者。主黑客地址（0x49Add3e…）通過BNB鏈，以太坊，多邊形，索賠和Coinbase的基礎轉移了資金。 被盜的加密貨幣包括Tether（USDT），以太坊（ETH），包裹的比特幣（WBTC）和Dogecoin（Doge）。

While the perpetrators remain unidentified, SlowMist analysts observed the app's backend services were offline during their investigation, suggesting an attempt to conceal their activities. Some funds were laundered through decentralized exchanges like PancakeSwap and OKX-DEX.

雖然肇事者仍然身份不明，但慢慢分析師觀察到該應用程序的後端服務在調查過程中脫機，這表明試圖掩蓋他們的活動。 一些資金通過分散的交易所（如Pancakeswap和Okx-Dex）洗錢。