近期,一种新型的钓鱼诈骗手段引起了我们的注意。
这种诈骗通常发生于聊天软件(如 Telegram)中,起始于场外出入金交易,在进行正式交易前,骗子以“要确认受害者的地址是否存在风险”为由,让受害者先转账 0.1 USDT 看看地址的风险情况,接着给受害者发送了一个进行转账的“公链”地址,还特别提醒必须在钱包浏览器输入该公链地址才能进行转账。结果受害者在浏览器输入该“公链”地址后,发现账户所有的代币都被盗了。
究竟是怎么回事呢?
我们根据受害者提供的信息分析,发现这不是简单的转账被盗(为保护受害者信息,故地址模糊处理)。
根据我们的经验来看,这应该是由授权引起的钓鱼被盗。合约调用者(TK…Gh) 通过调用 transferFrom 函数,将受害者地址(TX…1W) 上的 271,739 USDT 转移到骗子地址(TR…8v)。
这时,我们将目光落到骗子口中的“公链”地址:0x2e16edc742de42c2d3425ef249045c5c.in
乍一看,地址没什么问题。但是细看问题很大啊!首先,这是 TRON 上的转账,但这是 0x 开头的地址;其次,再仔细看,发现这并不是一个地址,而是一个末尾带着 .in 的网址。
分析该网址,发现该网址创建于一个月前(10 月 11 日),相关 IP 为 38.91.117.26:
该 IP 下还存在相似的网址,都是近一个月创建的:
0x2e16edc742de42c2d3425ef249045c5b.in
tgsfjt8m2jfljvbrn6apu8zj4j9ak7erad.in
目前只有 0x2e16edc742de42c2d3425ef249045c5b.in 能打开,通过钱包浏览器搜索该地址,发现该页面只能选择 TRON 网络。
输入数额后,点击下一步,显示为合约交互 Contract interaction:
我们解码 Data 部分的数据,发现骗子(TYiMfUXA9JcJEaiZmn7ns2giJKmToCEK2N) 诱骗用户签署 increaseApproval,一旦用户点击 Confirm,用户的代币就会被骗子通过 transferFrom 方法盗走。
分析该骗子地址,发现已经有用户受骗:
受害者的大部分 USDT 都被转移到地址 TLdHGHB8HDtPeUXPxiwU6bed6wQEH25ZKQ:
使用 MistTrack 查看该地址发现这个地址接收超 3,827 USDT:
其他地址的分析不再赘述。
本文从一个实际被盗案例入手,介绍了一种新型的将钓鱼网址伪装成转账地址的骗局。慢雾安全团队在此提醒,由于区块链技术是不可篡改的,链上操作是不可逆的,所以在进行任何操作前,请务必仔细核对地址,同时,在进行链上操作前,提前了解目标地址的风险情况是十分必要的,例如在 MistTrack 中输入目标地址并查看风险评分及恶意标签,一定程度上可以避免陷入资金损失的境地。如果发现地址出现异常转账情况,请务必警惕并冷静检查,如有需要可以联系我们或在此提交表单 https://aml.slowmist.com/recovery-funds.html。
The US Department of Justice is pushing for Google to sell its Chrome browser to reduce its dominance in online search and advertising. This move could disrupt Google’s business model, with potential buyers facing regulatory scrutiny and uncertainties about the impact on competition.
AnaisHECO Network will shut down in January 2025, urging users to move their HRC20 tokens before the deadline to convert them into Huobi’s new HTX token. The network’s decline was due to security breaches and increasing competition from other blockchains.
WeatherlyPump.fun has indefinitely disabled its livestreaming feature after widespread abuse, including threats, violence, and price manipulation, shocked the crypto community. Despite boosting moderation efforts and using automated tools, the platform admitted it could not control the surge in harmful content.
CatherineJustin Sun’s $30 million investment in Donald Trump’s DeFi platform, World Liberty Financial, revitalises the struggling WLFI token, which had raised just $21 million of its $300 million goal due to restrictive investor terms.
KikyoTelegram's crypto reserves surged to $1.3 billion, driving profits and offsetting challenges like CEO Pavel Durov's legal issues. Despite growth in ads and subscriptions, concerns over content moderation and debt financing linger.
WeatherlySky Mavis, the developer of Axie Infinity and the Ronin gaming network on Ethereum, has announced staff layoffs even as it hints at the development of a new Axie game.
CatherineRumble is investing up to $20 million in Bitcoin as part of its strategy to diversify its treasury and strengthen ties with the crypto community. This move follows the example of companies like MicroStrategy, which has invested billions in Bitcoin.
JoyThe Dogecoin Foundation is seeking donor support for its Dogebox initiative, aimed at driving global adoption and expanding Dogecoin’s accessibility, but the exact funding target remains undisclosed.
KikyoAlan Joseph, a 36-year-old from Lancaster, Massachusetts, was convicted on 22 November 2024 for operating an unlicensed money transmitting business and laundering money through Bitcoin for criminals involved in trafficking counterfeit goods. He faces up to 20 years in prison and a fine, with sentencing set for February 2025.
AnaisCybercriminals are targeting Apple users with a new scam just in time for Black Friday, exploiting the holiday shopping rush. By sending emails claiming an Apple ID has been suspended, they aim to trick users into revealing sensitive information on fake websites.
Weatherly