Binance's security experts have developed an "antidote" against the increasing threat of address poisoning scams, which trick investors into sending funds to fraudulent addresses.
幣安的安全專家開發了一種“解藥”,以應對日益嚴重的地址中毒詐騙威脅,這種詐騙會誘騙投資者將資金發送到欺詐地址。
The security team at the world's largest cryptocurrency exchange created an algorithm that has detected millions of poisoned crypto addresses, as reported to Cointelegraph:
根據 Cointelegraph 報導,全球最大的加密貨幣交易所的安全團隊創建了一種演算法,該演算法已檢測到數百萬個中毒的加密位址:
"We have developed a unique method of identifying poisoned addresses, which helps us to alert users before they send money to criminals and was instrumental in identifying and flagging more than 13.4 million spoofed addresses on BNB Smart Chain and 1.68 million on Ethereum."
「我們開發了一種識別中毒地址的獨特方法,這有助於我們在用戶向犯罪分子匯款之前向他們發出警報,並有助於識別和標記BNB 智能鏈上的超過1340 萬個欺騙地址和以太坊上的168 萬個欺騙地址。
Address poisoning, also known as address spoofing, involves scammers sending a small amount of digital assets to a wallet that closely resembles the victim's address.
地址中毒,也稱為地址欺騙,涉及詐騙者將少量數位資產發送到與受害者地址非常相似的錢包。
This transaction becomes part of the wallet's history, leading the victim to accidentally copy and send funds to the scammer's address.
該交易成為錢包歷史記錄的一部分,導致受害者意外複製資金並將其發送到詐騙者的地址。
Binance's algorithm detects these spoofed addresses by identifying suspicious transfers—typically those with near-zero value or unknown tokens—linking them to potential victim addresses, and timestamping malicious transactions to pinpoint the time of poisoning.
幣安的演算法透過識別可疑傳輸(通常是那些價值接近零或未知代幣的傳輸)來檢測這些欺騙地址,將它們連結到潛在的受害者地址,並對惡意交易添加時間戳以查明中毒時間。
These spoofed addresses are logged in the database of Web3 security firm HashDit, Binance's security partner, enhancing the protection of the broader crypto industry from such scams. According to Binance's report:
這些欺騙性地址記錄在幣安安全合作夥伴 Web3 安全公司 HashDit 的資料庫中,從而增強了對更廣泛的加密產業免受此類詐騙的保護。根據幣安的報告:
"Many cryptocurrency service providers use HashDit's API to boost their defenses against a variety of scams.
「許多加密貨幣服務提供者使用 HashDit 的 API 來增強對各種詐騙的防禦能力。
READ MORE: Unknown Trader Nets $46 Million from Pepe Memecoin Amidst Resurgent GameStop Hype
閱讀更多:在 GameStop 的熱潮中,未知交易者從 Pepe Memecoin 中獲利 4600 萬美元
"One of them, for example, is Trust Wallet, which uses the database of poisoned addresses to alert users when they are about to transfer funds to a spoofed recipient."
“例如,Trust Wallet 就是其中之一,它使用中毒地址資料庫來提醒用戶何時將資金轉移給欺騙性的收件人。”
The algorithm also flags spoofed addresses on HashDit's user-facing products, web browser extensions, and MetaMask Snaps.
該演算法還標記 HashDit 面向用戶的產品、網頁瀏覽器擴充功能和 MetaMask Snap 上的欺騙地址。
The necessity for this preventive algorithm became evident two weeks ago after an unknown trader lost $68 million to an address-poisoning scam. On May 3, they accidentally sent $68 million worth of Wrapped Bitcoin (wBTC) to a spoofed address.
兩週前,一名身份不明的交易者因地址中毒騙局損失了 6800 萬美元,因此這種預防性演算法的必要性變得顯而易見。 5 月 3 日,他們意外地將價值 6800 萬美元的 Wrapped Bitcoin (wBTC) 發送到欺騙地址。
Remarkably, the thief returned the $68 million on May 13, after on-chain investigators traced his potential Hong Kong-based IP addresses.
值得注意的是,在鏈上調查人員追蹤到竊賊可能位於香港的 IP 位址後,竊賊於 5 月 13 日歸還了 6,800 萬美元。
This incident suggests the scammer panicked due to the public attention following the scam.
這起事件顯示詐騙者因詐騙後引起公眾關注而感到恐慌。
Address poisoning scams might seem avoidable, but most traders only verify the first and last digits of the wallet's 42 alphanumeric characters.
地址中毒詐騙看似可以避免,但大多數交易者僅驗證錢包 42 個字母數字字元的第一位和最後一位數字。
Scammers exploit this by using vanity address generators to create addresses that look similar. As Binance explains:
詐騙者透過使用虛榮地址產生器來創建看起來相似的地址來利用這一點。正如幣安所解釋的:
"An authentic Ethereum address like 0x19x30f…62657 could be spoofed using a similar-looking 0x19x30t…72657, which can be totally different in the middle while maintaining the first and last few characters."
“像 0x19x30f…62657 這樣的真實以太坊地址可以使用看起來相似的 0x19x30t…72657 進行欺騙,中間可能完全不同,同時保留第一個和最後幾個字符。”
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.
若要提交加密新聞稿 (PR),請發送電子郵件至 sales@cryptointelligence.co.uk。