社交工程
6 views
3 Discussing
Hot
Latest
See original
🚨 Polymarket Comments Section Phishing: A Hidden Trap Exceeding $500,000
💸 Event Recap
Recently, hackers exploited the comments section of the prediction market platform Polymarket to carry out phishing attacks. They posted malicious links in a way that obscured their true nature, and users were implanted with scripts when logging into these counterfeit sites using their email, leading to data breaches and financial losses. According to seasoned traders, the losses have exceeded $500,000.
🔍 Breakdown of Attack Methods
Trust Transfer: Leveraging users' trust in the Polymarket platform, they directly poisoned the comments section on the official page.
Link Obfuscation: Malicious links were specially processed to make them appear as non-plaintext phishing URLs, highly deceptive.
Script Data Theft: Inducing users to log in to counterfeit sites with their email, during which malicious scripts were implanted to steal sensitive information.
💡 Security Recommendations
For Users: Be vigilant about any unknown links in platform comment sections or social media groups, and never input your email and password through third-party links.
For Project Teams: Consider implementing stricter risk detection and filtering for user-generated content (such as comments).
#网络钓鱼 #社交工程 #Web3安全
💸 Event Recap
Recently, hackers exploited the comments section of the prediction market platform Polymarket to carry out phishing attacks. They posted malicious links in a way that obscured their true nature, and users were implanted with scripts when logging into these counterfeit sites using their email, leading to data breaches and financial losses. According to seasoned traders, the losses have exceeded $500,000.
🔍 Breakdown of Attack Methods
Trust Transfer: Leveraging users' trust in the Polymarket platform, they directly poisoned the comments section on the official page.
Link Obfuscation: Malicious links were specially processed to make them appear as non-plaintext phishing URLs, highly deceptive.
Script Data Theft: Inducing users to log in to counterfeit sites with their email, during which malicious scripts were implanted to steal sensitive information.
💡 Security Recommendations
For Users: Be vigilant about any unknown links in platform comment sections or social media groups, and never input your email and password through third-party links.
For Project Teams: Consider implementing stricter risk detection and filtering for user-generated content (such as comments).
#网络钓鱼 #社交工程 #Web3安全
See original
🔐 In-Depth Analysis | New Variant of Social Engineering: Forged Audit Reports Are Becoming Hackers' "Pass" to Intrusions
💥 Risk Escalation
Since October 2025, several emerging projects have been attacked due to the use of forged third-party audit reports. Hackers have deceived users into authorizing malicious contracts by forging audit conclusions from well-known institutions, resulting in a cumulative loss of over 3 million dollars.
🎯 Attack Process
Build a superficially compliant DeFi protocol
Forge reports from authoritative auditing institutions and disseminate them in the community
Induce users to perform "unlimited authorization"
Transfer user assets through backdoor contracts
✅ User Verification Guide
Audit reports must be verified through the institution's official website
Beware of "limited-time high-yield" authorization requests
🛡️ Project Responsibility
Establish community multi-verification channels
Initiate warnings for abnormal authorization behaviors
#社交工程 #审计验证 #授权安全 #Web3防护
💥 Risk Escalation
Since October 2025, several emerging projects have been attacked due to the use of forged third-party audit reports. Hackers have deceived users into authorizing malicious contracts by forging audit conclusions from well-known institutions, resulting in a cumulative loss of over 3 million dollars.
🎯 Attack Process
Build a superficially compliant DeFi protocol
Forge reports from authoritative auditing institutions and disseminate them in the community
Induce users to perform "unlimited authorization"
Transfer user assets through backdoor contracts
✅ User Verification Guide
Audit reports must be verified through the institution's official website
Beware of "limited-time high-yield" authorization requests
🛡️ Project Responsibility
Establish community multi-verification channels
Initiate warnings for abnormal authorization behaviors
#社交工程 #审计验证 #授权安全 #Web3防护
Login to explore more contents