Web3 安全公司 CertiK 報告指出,2025 年全球扳手攻擊事件達 72 起,年增 75%。攻擊者透過暴力、綁架等手段迫使受害者交出私鑰,損失超過 4,090 萬美元,歐洲成高風險地區。本文源自 CertiK 所著文章,由 Foresight News 整理、編譯及撰稿。
(前情提要: 以太坊交易量創新高卻引爆安全警訊!駭客「粉塵攻擊」推高交易數據,繁榮背後暗藏危機)
(背景補充: 鏈上偵探ZachXBT:某錢包被「社交工程攻擊」盜走2.82億鎂BTC、LTC)
本文目錄
- 暴力程度顯著升級,歐洲成高風險地區
- 損失超 4,000 萬美元,真實規模或被嚴重低估
- 如何應對人身威脅?針對個人與機構的安全建議
2 月 2 日,Web3 安全公司 CertiK 發布《Skynet 扳手攻擊報告》指出,針對加密貨幣持有者的肢體暴力,已從極端個案演變為一種結構性風險。隨著加密資產安全防護不斷加固,這種繞過技術防線、直接針對「人」的攻擊方式正快速蔓延。
報告顯示,2025 年全球共記錄 72 起經核實的扳手攻擊事件,較 2024 年增長了 75%。所謂「扳手攻擊」,是指攻擊者透過暴力、恐嚇、綁架等物理手段,迫使受害者交出私鑰或密碼。這類攻擊不依賴技術漏洞,而是直接將矛頭指向加密資產背後的個人。
暴力程度顯著升級,歐洲成高風險地區
從攻擊形態來看,2025 年的扳手攻擊呈現出明顯的暴力升級趨勢。報告指出,綁架仍是最主要的攻擊路徑,全年發生 25 起;直接人身攻擊事件同比增長 250%,成為最值得警惕的變化之一。
在地理分布上,歐洲首次成為全球風險最高地區。2025 年,歐洲占全球已知事件的 40% 以上,其中法國記錄的攻擊數量位居全球首位,超過美國。CertiK 在報告中指出,這一變化並不意味著北美風險消失,而是反映出此類犯罪正在向更多司法環境複雜、跨境協作成本更高的地區擴散。
損失超 4,000 萬美元,真實規模或被嚴重低估
從財務影響看,2025 年已確認的扳手攻擊相關損失超過 4,090 萬美元,同比增長 44%。然而報告警告稱,由於受害者報案意願低、擔心報復、部分資產涉及逃稅或灰色地帶等因素,這一數字僅是「冰山一角」。
報告透過對比攻擊模式發現,2025 年的扳手攻擊已徹底告別早期的投機性、零散化特徵,進入專業化、產業化運作階段。攻擊者多以跨國犯罪集團形式存在,攻擊前通常會進行數週籌備,結合開源情報 (OSINT) 分析目標數位痕跡、鎖定防禦薄弱時段,甚至部署訊號干擾器、法拉第袋等專業設備切斷受害者與外界聯繫。
值得注意的是,攻擊者的目標正在泛化。雖然行業高層主管和專案創辦人仍是高價值目標,但攻擊者現在也開始針對持有量較少的個人。此外,攻擊者越來越頻繁地利用「關聯目標」,透過威脅受害者的配偶、子女或父母來施加心理壓力。
如何應對人身威脅?針對個人與機構的安全建議
隨著技術安全標準不斷提高,「破解系統」正變得越來越困難,而「脅迫個人」卻成本更低、效率更高。這一悖論,使得人身安全成為當前加密生態中最薄弱、也最容易被忽視的一環。
報告提出了一系列針對個人與機構的安全建議:個人層面,建議透過「誘餌錢包」降低脅迫損失、地理隔離儲存助記詞、移除日常裝置加密應用程式等方式減少風險;機構層面,則強調採用多重簽名機制、時間鎖合約、交易摩擦機制等技術手段,同時應將安全培訓擴展至家屬與員工。
CertiK 在報告結論中強調,2025 年的態勢表明,扳手攻擊已成為加密生態中獨立的犯罪類型,單純依賴助記詞的安全模式已無法應對風險。如何從「保護資產」升級為「保護人」透過制度化設計降低脅迫行為的可行性,或將成為行業未來發展的關鍵命題。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
AI Crypto Agents Are Moving Real Money And the Risks Are Real: Expert
_AI crypto agents in DeFi are executing unscripted trades, raising risks of exploits, losses, and unpredictable market behavior._
A crypto researcher is raising red flags about AI agents managing real funds in DeFi.
Tanaka, who has been testing these agent setups firsthand, says the danger is
LiveBTCNews2h fa
Productive Stablecoins: Closing the $300B Efficiency Gap
This essay discusses the inefficiencies of stablecoins, highlighting that 90% are unproductive and act as a hidden tax. It identifies a significant opportunity within DAO treasuries and DEX liquidity, as well as emerging solutions like HyENA and Solomon that aim to enhance yields for users.
CoinDesk3h fa
Digital Assets ETP Landscape: Past, Present and Future
Digital asset ETPs saw a peak of over $250B, ending 2025 with $184B AUM, mainly driven by Bitcoin products. The market is evolving, with over 125 new filings indicating a trend toward diversified asset offerings.
CoinDesk3h fa
Market Cap of Tokenized Assets Hit $24.6B in January, a New All-Time High
The market cap of tokenized assets reached $24.6B in January, led by tokenized treasuries and commodities. Treasuries made up 39% of this, while commodities surged due to rising gold prices. Stablecoins contributed to liquidity, with a market cap of $308B.
CoinDesk3h fa
Top 10 Blockchains By Developer Activity: Ethereum and BNB Chain Dominate
The blockchain industry is experiencing a downturn, yet Ethereum, BNB Chain, and Polygon lead in developer activity. Despite decreases across the board, they maintain significant engagement, with notable declines in events and contributors.
BlockChainReporter10h fa
Tether Taps KPMG for First Full USDT Audit Push
Tether has engaged KPMG for its first full audit of USDT reserves, moving beyond current attestations amid regulatory scrutiny and preparing for U.S. expansion. This aims to enhance transparency and confidence in its financial practices.
CryptoFrontNews15h fa
