3月6日消息,尽管加密货币行业长期宣称去中心化,DeFi 前端仍高度依赖 Cloudflare 来保护网站安全。然而,本周出现的自主 AI 代理 OpenClaw 利用开源库 Scrapling,显示可以绕过 Cloudflare 的多道防线,引发安全关注。
OpenClaw 可在 Mac Mini 或云服务器上运行,通过模拟人类行为和代理 IP 地址,绕过 Cloudflare 的 Turnstile 和 Interstitials。该 Python 库支持并发多会话抓取,其解析速度是传统爬虫 BeautifulSoup 的 600 多倍。开发者强调,此工具可合法抓取网站内容,但也可能被用于测试安全漏洞。
加密行业长期依赖 Cloudflare 防御,但历史上已有多起惨痛教训。2021 年 BadgerDAO 因 Cloudflare Workers API 密钥泄露损失 1.3 亿美元;Curve Finance 2022 年和 2025 年遭遇 DNS 劫持,造成上百万美元损失,并被迫迁移域名。2024 年 7 月,Squarespace 平台的 DNS 攻击波及 228 个 DeFi 协议,2025 年 Aerodrome Finance 遭遇 DNS 劫持损失逾 100 万美元。
分析人士指出,DeFi 前端中心化基础设施存在结构性风险,包括 DNS 记录、CDN 脚本和 Cloudflare 配置。Scrapling 虽然目前尚未引发实际黑客事件,但展示了 AI 技术对传统防护体系的潜在威胁。
加密开发者被提醒,不能仅依赖客户端验证或 Cloudflare 挑战组件来保障安全,应在设计前端与智能合约交互时引入多层防御策略。专家表示,Scrapling 的出现标志着 AI 代理进入加密安全领域,DeFi 前端必须提前应对新的自动化抓取与绕过风险。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
Claude Desktop Installation Reportedly Writes Backdoor File to Chromium-Based Browsers
The Claude Desktop application by Anthropic installs a backdoor file in Chromium-based browsers without user consent, posing serious security and privacy risks by potentially allowing attackers to control users' browsers.
GateNews1u geleden
Chinese National Arrested at Buenos Aires Airport for $49.4M Crypto Fraud Scheme
A Chinese national was arrested in Argentina for carrying a forged Paraguayan passport. He is wanted for orchestrating a $49.4 million cryptocurrency fraud in Nigeria, and extradition proceedings are being initiated.
GateNews1u geleden
Lido EarnETH Vault Exposed to $21.6M rsETH Following Kelp Bridge Exploit, DAO Sets $3M Loss Protection
On April 18, a Kelp cross-chain bridge exploit led to the theft of $292 million in rsETH. Lido reported $21.6 million in exposure via its EarnETH vault, prompting Aave to freeze relevant markets. EarnETH has paused transactions and is deleveraging, while Lido's DAO treasury implemented a $3 million protection mechanism to cover potential losses. The core staking protocol remains unaffected.
GateNews1u geleden
Seven Israeli Officers Charged in Multimillion-Dollar Crypto Theft Ring
Israeli Security Forces Charged in Crypto Theft Case
Israeli authorities have charged seven military and police officers with running a multimillion-dollar theft and bribery ring involving cryptocurrency, marking the second crypto-related criminal case to hit the country's defence establishment in
CryptoFrontier6u geleden
Ice Open Network Suffers Data Breach; User Emails and 2FA Phone Numbers Exposed
Ice Open Network reported a security breach on April 15, revealing unauthorized access to user data, including email addresses and 2FA phone numbers, but no financial data was compromised. The incident, linked to former partners of a service provider, is under legal review, and users are advised to update security settings. The breach highlights escalating security issues in the crypto sector, with significant losses reported in recent months.
GateNews8u geleden
