Mid ka mid ah xatooyada crytocurrency-ka ugu caansan ilaa maanta, hackers ayaa jabsaday boorsada Ethereum ee offline-ka ah, waxayna ka qateen ku dhawaad $1. 5 bilyan oo hantidijitaal ah, oo inta badan ay ka kooban tahay tokens Ethereum. Weegtani, oo si gaar ah u beegsaneysay is-weydaarsiga cryptocurrency ee Bybit, ayaa ka dhalisay walaac cusub oo ku saabsan amniga xitaa ikhtiyaarada kaydinta ugu amaansan. Caadi ahaan, boorsooyinka qabow iyo aqoonsiga multisignature (multisig) ayaa loo arkaa inay yihiin xeerarka dahabka ah ee ilaalinta hantida dijitaalka ah; si kastaba ha ahaatee, dhacdadan cusub ayaa muujineysa sida qaladka aadanaha iyo manipalashada interface-ku u khatar gelin karaan tallaabooyinkaas ilaalineed. Jabintan ayaa la ogaaday 21-kii Febraayo iyadoo la adeegsanayo nidaamka Threat Intelligence ee Blockchain-ka ee Check Point, kaas oo ogaaday anomaliyad ku jirta buug-xisaabinta macaamilka ee shabakadda Ethereum. Cilmi-baarayaal ka socday Check Point ayaa si dhaqso ah u ogaaday in weerarku ka dhashay howlo heer sare ah oo ka faa’iideystay nuglaanta ka baxsan xadka fikirka heshiiska caqliga leh. Halkii ay si toos ah u weerari lahaayeen borotokoolka blockchain-ka, hackers ayaa la macasalaameeyay interfaces-ka isticmaala oo waxay adeegsadeen farsamooyin horumarsan oo injineernimada bulshada si ay ugu qaldo saxiixayaasha muhiimka ah inay ansixiyaan macaamil been ah. Sida ku cad natiijooyinka Check Point, weerarku wuxuu adeegsaday hab la ogaaday markii ugu horreysay bishii Luulyo 2024, markii cilmi-baarayaashu ay soo saareen silsilad aan saameyn ahayn oo ku saabsan hawsha execTransaction ee Safe Protocol. Si asalka loogu talagalay inuu fududeeyo macaamilka amniga leh ee multisig, hawshaan ayaa la hubay oo noqonaysay hub ay isticmaaleen weerarayaashu, kuwaas oo si xariifnimo leh u beddelay codsiyada macaamilka saxda ah. Iyagoo beddelaya interface-ka ay saxiixayaasha u isticmaalaan in ay aadiyaan macaamilka, waxay si guul leh ugu qaldameen key custodian-ka muhiimka ah in ay si aan ula socon u oggolaadaan wareejinta lacagta ballaaran. "Duulaanka lagula kaco Bybit ma aha mid lama filaan ah—bishii Luulyo ee la soo dhaafay, waxaan ogaanay farsamadan manipulation-ka ee weerarayaasha ku adeegsanayaan xatooyadan aan horay loo arag, " ayuu sheegay Oded Vanunu, Maareeyaha Farsamada iyo Madaxa Cilmi-baarista Muraajica Dhimista ee Check Point Research. "Warka ugu walaaca badan waa in xitaa boorsooyinka qabow—horay loo arki jiray in ay yihiin doorashada amniga ugu wanaagsan—haatan halis gashay.

Dhacdadan waxay muujineysaa in istiraatijiyad ka hortag ah, oo hubinaysa heer kasta oo macaamil ah, ay muhiim u tahay ka hortagga falkani maal aya raadinaya in ay sameeyaan weeraro waaweyn oo la mid ah mustaqbalka. " Dhacdadan waxay muujineysaa waqti muhiim ah oo ku saabsan khataraha cyber-ka ee hantida dijitaalka ah. Xatooyooyin waaweyn oo hore waxay badanaa ka faa'iideysteen daciifnimooyinka koodka heshiiska caqliga leh ama cilado ku jira maaraynta furayaasha gaarka ah. Isbarbardhig adag, weerarka Bybit wuxuu muujinayaa aqoonta sii kordheysa ee farsamooyinka injineernimada bulshada oo ka gudba tallaabooyinka amniga farsamada adigoon ka faa’iideysan xad-gudubka aadanaha. Falanqaynta Check Point ayaa muujineysa in aan wax xaddidaad ah oo amniga khariidadda ah aanay bixin karaynin ilaalin buuxda oo ka dhanka ah khiyaanada, gaar ahaan haddii saxiixayaashu ay ku jahwareeraan habka oggolaanshaha macaamilka. Saameynta weerarkan waxay ka fog tahay Bybit. Cilmi-baarayaal ka socday Check Point ayaa ka digaya in kororka weerarada silsiladda sahayda iyo manipulation-ka UI ay khatar weyn u keenayaan amniga hantida dijitaalka ah. Maadaama weerarayaashu ay hagaajiyaan farsamooyinkooda, ururada leh hantida cryptocurrency ee badan waa inay dib u eegaan xeerarkooda amniga. Tallaabooyinka caadiga ah ee amniga cyber-ka sida ogaanshaha khataraha endpoint, amniga emailka, iyo xaqiijinta macaamilka waqtiga-dhabta ah waa in lagu daro qaab-dhismeedka istiraatiijiyadda ilaalinta hantida crypto.