3月6日消息,尽管加密货币行业长期宣称去中心化,DeFi 前端仍高度依赖 Cloudflare 来保护网站安全。然而,本周出现的自主 AI 代理 OpenClaw 利用开源库 Scrapling,显示可以绕过 Cloudflare 的多道防线,引发安全关注。
OpenClaw 可在 Mac Mini 或云服务器上运行,通过模拟人类行为和代理 IP 地址,绕过 Cloudflare 的 Turnstile 和 Interstitials。该 Python 库支持并发多会话抓取,其解析速度是传统爬虫 BeautifulSoup 的 600 多倍。开发者强调,此工具可合法抓取网站内容,但也可能被用于测试安全漏洞。
加密行业长期依赖 Cloudflare 防御,但历史上已有多起惨痛教训。2021 年 BadgerDAO 因 Cloudflare Workers API 密钥泄露损失 1.3 亿美元;Curve Finance 2022 年和 2025 年遭遇 DNS 劫持,造成上百万美元损失,并被迫迁移域名。2024 年 7 月,Squarespace 平台的 DNS 攻击波及 228 个 DeFi 协议,2025 年 Aerodrome Finance 遭遇 DNS 劫持损失逾 100 万美元。
分析人士指出,DeFi 前端中心化基础设施存在结构性风险,包括 DNS 记录、CDN 脚本和 Cloudflare 配置。Scrapling 虽然目前尚未引发实际黑客事件,但展示了 AI 技术对传统防护体系的潜在威胁。
加密开发者被提醒,不能仅依赖客户端验证或 Cloudflare 挑战组件来保障安全,应在设计前端与智能合约交互时引入多层防御策略。专家表示,Scrapling 的出现标志着 AI 代理进入加密安全领域,DeFi 前端必须提前应对新的自动化抓取与绕过风险。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
Paul Sztorc's eCash Airdrop Draws Developer Warnings
Developers and industry figures have raised concerns about Paul Sztorc's eCash proposal, citing user risk, uneven distribution, and philosophical tension, according to industry commentary. The proposal has been characterized as 'hazardous' due to these issues.
Note: The source material provided con
CryptoFrontier16m geleden
$292M Crypto Hack Exposes DeFi Security Gaps
A $292 million crypto hack has emerged as the year's biggest DeFi crisis, prompting industry insiders to reassess risk management, security protocols, and market structure, according to statements made to CoinDesk.
The incident is driving a broader rethink across the sector as traditional
CryptoFrontier1u geleden
Meta-1 Coin Operator Robert Dunlap Sentenced to 23 Years for $20M Fraud on May 3
According to Forbes, on May 3, Robert Dunlap, operator of the Meta-1 Coin scheme, was sentenced to 23 years in prison for defrauding approximately 1,000 investors between 2018 and 2023, with total losses exceeding $20 million.
The U.S. Department of Justice revealed that Dunlap falsely claimed Meta
GateNews2u geleden
Zcash Foundation Releases Zebra 4.4.0 to Fix Multiple Consensus-Level Security Vulnerabilities
According to Zcash Foundation, Zebra 4.4.0 was released recently to fix multiple consensus-level security vulnerabilities. The update addresses denial-of-service flaws that could halt block discovery, block signature operation (sigops) counting errors causing consensus disagreements,
GateNews7u geleden
Canton Network's Guardrails Can Block North Korean Hackers, Says Digital Asset CEO
According to Digital Asset CEO Yuval Rooz, Canton network's guardrail design can prevent North Korean-linked hacking groups from operating within its ecosystem, as DeFi faces mounting threats from state-sponsored actors. Rooz told Decrypt that financial institutions have inquired about defenses agai
GateNews8u geleden
eCash Proposal Draws Developer Warnings Over Risk and Distribution
Developers and industry figures have raised concerns about an eCash proposal linked to Paul Sztorc, citing user risk, uneven distribution, and philosophical tension as key issues.
The proposal has been characterized as introducing hazardous elements that warrant caution within the cryptocurrency co
CryptoFrontier9u geleden
