盗usdt套路,钱包二维码盗 秒usdt 安全事件分析 搭建飞机 @aauu33 蝙蝠 240000usdt诈骗套路,TokenPocket 钱包二维码盗 usdt 安全事件分...
资讯 2024-07-03 阅读:36 评论:0
搭建飞机 @aauu33 蝙蝠 240000
& nbsp; & nbsp; & nbsp; bat 240,000
usdt诈骗套路,TokenPocket 钱包二维码盗 usdt 安全事件分析
Usdt Fraud, TokenPocket Wallet 2D Burglary Usdt Security Incident Analysis
一、事件概要
Summary of events
v 的曝光,一种币圈新型骗局进入大家的视线,一时间币圈人人自危:
v & nbsp; & nbsp; exposure, a new currency con in front of everyone's eyes.
大概是:只要你通过二维码给骗子转过一次 usdt,之后你账户的 usdt 就会被骗子转光。看起来非常正常的二维码交易,为什么骗子在转账一次之后就能控制用户的钱包呢?
It's like: once you pass the two-dimensional code to a liar, wedt on your account will be turned over by a liar. It looks like a normal two-dimensional deal. Why does a liar control a user's wallet after a transfer?
下面对犯罪手法做简要分析。
The following is a brief analysis of modus operandi.
二、过程分析
II. PROCEDURAL ANALYSIS
点开之后是这样的:
This is what happens when the dot starts:
使用 TokenPocket 钱包扫码,尝试转账,注意一定是波场链,下图注意左上角:会发现过程中会有如下请求。请注意方法:approve!
Use the TokenPocket wallet to scan, try to transfer, note that it must be a wave-field chain, and watch the top left corner: the following requests will be found in the process. Please note the method: approve!
或者使用 tronlonk 查看:
Or use a tronlonk to view:
这个合约的形式是 approve,上面这个图的意思是请求批准转账 90000000 usdt!
This contract is in the form of Approve, and the figure above is a request for authorization to transfer 900,000,000 usdt!
而此处的请求签名本应该是授权,而 Tronscan 把授权识别成了转账。
The request here should have been for authorization, whereas Transcan identified authorization as a transfer.
现在大家应该明白如果点了接收的后果,approve 授权你就把自己的 usdt 钱包授权给了的地址,90000000 之内的 usdt 可以被转走。
Now you should understand that if you pick up the consequences of the reception, the approve authorizes you to authorize the address of your usdt wallet, and wedt within 9,000,000 can be moved.
这种手法也被称之为 “approve钓鱼” 。
This technique is also called "approve fishing".
三、继续追踪
III. CONTINUING FOLLOW-UP
请求签名的详情为:
The details of the requested signature are:
从弹出的授权里,看得到是授权给 TVM7gSoNdpgup9SbTKWWY2dHhLVjhehGiy 这个地址,然后去查此地址的转账记录,可以看到 TRC20&TRC721 转入记录全部显示90000000:
From the pop-up authorization, it can be seen that this address was authorized to TVM7g SoNdpgup9SbTKWWY2d HhLvjhehGiy, and then to check the transfer records of this address, it can be seen that TRC20&TRC721 went to the record showing all 90000000:
这些转入账户就全都是受害者。这其实是 tronscan 的 bug,90000000的只是授权,还不是转账。
These transfers are all victims. This is actually the bug 90 million of the tronscan, which is merely an authorization or not a transfer.
比如随便看一笔显示金额为 90000000 的交易:
For example, look at a transaction showing a value of 900,000,000:
可以看到授权:
You can see the authorization:
也仅仅是授权,这里提示小白,实际是授权给这个地址,跟转账界面显示的地址无关。
It's just an authorization, it's a hint, it's actually an authorization to this address, and it has nothing to do with the address shown in the transfer interface.
随便看一个受害者的记录:
Look at the records of one of the victims:
可以看到授权了5次,但是暂无转出。
Five authorizations can be seen, but no transfers have been made.
有好几笔都是这样,无转出。经过坚持不懈的寻找,终于找到了一笔转出,可以看到金额是比较大的为 4276 usdt:
There are several of them, and they don't come out. After a persistent search, a transfer is found, and it can be seen that the larger amount is 4276 usdt:
从上图也可以看出,真正的转出时候,TVM7gSoNdpgup9SbTKWWY2dHhLVjhehGiy 是发起地址,而不是收账地址,真正的收账地址是 TAej7uZxaLLqjFx4bDDnc1NishXRCfNqxt。
As can also be seen from the above figure, TVM7g SoNdpgup9SbTKWWY2dHLVjhehGiy is the initiating address, not the receiving address, the real collection address is TAej7uZxaLLqjFx4bDnc1NishXRCfNqxt.
去 Tronscan 查看此地址的收益,也就是 TRC20&TRC721 转入的记录:
Go to Transcan to see the proceeds of this address, the records transferred by TRC20&TRC721:
经统计,截止 2021/5/27 下午 12:50 分,第一笔交易产生于 2021-05-25 11:18:42,最后一笔交易产生于 2021-05-27 09:52:45,累计金额:120126.66 usdt,约人民币 780823.39 元。
According to statistics, as of 12:50 p.m., the first transaction arose from 2021-05-25 11:18:42, the last from 2021-05-27 09:52:45, with a cumulative amount of 1 20126.66 usdt, about RMB 780823.39.
短短两天时间,赚钱比卖粉还快!
Two days short, making money faster than selling powder!
可以看到,攻击者是选择性作案的,作案金额一般都是大于 2000 usdt的。也就是如果你账户里的 usdt 数量太少,可能攻击者看不上、侥幸逃脱转账。
As you can see, the attacker is selective, and the amount is usually greater than 2000 usdt. That is, if you have too few of usdt in your account, the attacker may fail to see it and escape the transfer.
四、防范措施
IV. Preventive measures
在转账时候,警惕 “approve钓鱼”。
At the time of the transfer, watch out for "approve fishing".
或者如果这样防不胜防,干脆尽量通过地址转账,而非扫描二维码,因为二维码能携带的信息量太多了。
Or, if this is too much to guard against, simply try to transfer it through the address instead of scanning the two-dimensional code, which carries too much information.
TokenPocket钱包出现用户usdt被盗,上面的分析遗漏了关键一步的问题:“用户怎么签名授权的”。目前分析只看发起转帐,但签名怎么签的?是不是TokenPocket钱包本身就存在安全bu
TokenPocket's wallet was stolen by its user, usdt, and the analysis above leaves out the key step question: “How does the user sign the authorization?” The analysis now looks only at the initiation of the transfer, but how does the signature go? Is the TokenPocket wallet itself secure?
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论