PANews 3月19日消息,在慢雾创始人余弦披露Coinbase Commerce资产恢复页面直接要求用户输入明文助记词存在风险后,慢雾首席信息安全官23pds补充表示,该页面的站点地图(sitemap)也存在缺陷,恶意攻击者可以轻易使用ResourcesSaver等工具下载前端代码并部署类似的网站,如果将其与Coinbase等类似的域名结合使用进行网络钓鱼攻击,用户很容易上当受骗。
ZachXBT and SlowMist's evilcos warn Coinbase's seed phrase withdrawal page exposes users to social engineering risks.
Coinbase Commerce faces scrutiny after reports of seed phrase prompts, with SlowMist and ZachXBT warning of potential wallet ...
A Coinbase Commerce subdomain reportedly asked users to access a withdrawal tool and enter seed phrases, drawing warnings from security experts.
ZachXBT flags Coinbase Commerce recovery page asking users to enter their 12-word seed phrase, raising phishing and social engineering concerns.
ZachXBT and SlowMist warn Coinbase Commerce recovery page could normalize seed phrase entry and make phishing scams easier ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果