Gate News 消息,3 月 18 日,SlowMist 与某 CEX 联合发布 AI Agent 安全报告。报告指出,随着 AI Agent 在 Web3 生态中承担行情分析、策略生成及自动化交易等任务,其攻击面正在扩大。报告系统梳理了七大安全威胁:提示词注入攻击可操控 Agent 决策逻辑;Skills/插件生态存在供应链投毒风险,SlowMist 在 OpenClaw 插件中心 ClawHub 中发现超 400 个恶意 Skill 样本,呈现团伙化批量攻击特征;任务编排层可被篡改关键参数导致异常执行;IDE/CLI 环境中的敏感信息可能被恶意插件外发;模型幻觉可能在链上操作中引发不可逆资金损失;Web3 高价值操作的不可逆性放大了自动化风险;高权限执行可能导致系统级风险。该 CEX 安全团队从实践角度提出防护建议,包括启用 Passkey 无密码登录和双重验证、遵循最小权限原则配置 API Key 并绑定 IP 白名单、通过子账号隔离机制限制潜在损失上限、建立持续交易监控与异常检测体系,以及仅安装经官方审核的 Skill。SlowMist 同时提出 L1 至 L5 五层安全治理框架,覆盖从开发基线、权限收敛、威胁感知、链上风险分析到持续巡检的完整防护体系。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
Rhea Finance 遭 Oracle 攻擊損失 1,840 萬美元:ZachXBT 示警、Tether 凍結 434 萬 USDT,攻擊者退回部分資金
Rhea Finance 在 NEAR Protocol 上遭遇 Oracle 操縱攻擊,損失達 1,840 萬美元,兩倍於初步估計。攻擊者操控假代幣報價,造成抵押品估值錯誤。Tether 凍結約 434 萬 USDT,攻擊者退還約 350 萬美元資金,迄今追回資金超過 780 萬美元,凸顯 Oracle 安全性的重要性。
ChainNewsAbmedia5h fa
eth.limo DNS Under Attack, Vitalik Urges Users to Pause Access and Switch to IPFS
Vitalik Buterin warned on April 18 about an attack on the DNS registrar for eth.limo, urging users to avoid accessing vitalik.eth.limo and related pages. He recommended using IPFS as an alternative until the issue is resolved.
GateNews5h fa
Sanctioned Exchange Grinex Hit by $13.7M Hack; Blames Foreign Intelligence Services
Grinex, a sanctioned crypto-ruble exchange, has halted operations due to a cyberattack that stole over $13.74 million in USDT. The attack is believed to involve state-level actors aiming to destabilize Russia's financial system. Grinex is cooperating with law enforcement but has no timeline for resuming services.
Coinpedia13h fa
Figure Faces Short Seller Accusations Over Blockchain Integration Claims; FIGR Stock Down 53% From January Peak
Figure Technology Solutions faced allegations from Morpheus Research of overstating its blockchain technology use, resulting in a significant drop in share prices. Figure defended its operations, highlighting its digital asset features and strong performance metrics.
GateNews20h fa
Houston Crypto Fraudster Sentenced to 23 Years for $20M Meta-1 Coin Scam
Robert Dunlap, a Houston entrepreneur, was sentenced to 23 years in prison for a $20 million cryptocurrency fraud involving fake assets and deceptive practices, impacting over 1,000 victims. His case reflects a broader rise in crypto-related cybercrimes.
GateNews04-17 12:11
SlowMist Warns of Active Phishing Attack Using Fake 'Harmony Voice' Software
SlowMist's security team has warned of a social engineering campaign targeting cryptocurrency users. Fraudsters are posing as project partners to trick users into downloading a malicious application disguised as a translation tool. Users are advised to verify software authenticity.
GateNews04-17 11:46
