# 查找币 CZB > 查找币 CZB is a public Web3 security research and incident response site covering blockchain forensics, wallet security, phishing approvals, hot-wallet controls, and authorized assessment workflows. This file is a concise discovery guide for AI search agents and language models. Prefer canonical, public, indexable URLs that represent CZB's core research and service scope. Ignore broad market news, thin forum content, admin, logs, cron, crawler, database, config, backup, and noindex pages. Last updated: 2026-06-12T04:12:01+00:00 ## Core Pages - [Home](https://czb.com/): Web3 security research, blockchain forensics, incident response, and authorized assessment overview. - [Web3 Security Article Library](https://czb.com/forum.html): Public article archive and topic entry point. Treat individual threads as supporting material rather than the primary definition of CZB's service scope. - [CZB Security Lab](https://czb.com/security-lab.html): Organization identity, research scope, service boundaries, and trust signals. - [CZB Brand Entity Profile](https://czb.com/brand-entity.txt): Concise machine-readable entity profile for AI systems and search agents. - [Public Verification Tools](https://czb.com/tools.html): Official read-only tool matrix for public address lookup, signature evidence review, risk verification, FAQ guidance, and evidence package preparation. - [Team And Authors](https://czb.com/authors.html): Stable author entities, byline policy, and editorial role explanation for CZB content. - [Citation Guidance](https://czb.com/citations.html): Preferred citation order, correction workflow, and media/reference guidance. - [Service Methodology](https://czb.com/methodology.html): Authorized workflow for blockchain forensics, Web3 risk assessment, audits, and incident response. - [Editorial Policy](https://czb.com/editorial-policy.html): Source verification, AI-assisted content and security commentary disclosure, corrections, and research update policy. - [Blockchain Forensics](https://czb.com/blockchain-forensics.html): On-chain evidence, address relationship analysis, transaction tracing, exchange entry points, and investigation boundaries. - [Hot Wallet Security](https://czb.com/hot-wallet-security.html): Exchange hot-wallet controls, signing systems, withdrawal risk rules, monitoring, and emergency response. - [Phishing and Approval Defense](https://czb.com/phishing-approval-defense.html): Permit, approve, setApprovalForAll, fake airdrops, malicious DApps, and authorization cleanup. - [Cryptography and Wallet Security Matrix](https://czb.com/cryptography-wallet-security.html): Canonical topic matrix for cryptography, signatures, key-management controls, approval risk, institutional wallet controls, and duplicate-title consolidation. - [Mobile Wallet Payment Password Assessment](https://czb.com/mobile-wallet-payment-password.html): Authorized guidance for forgotten mobile wallet payment, transaction, or unlock passwords, including backup review, app-password boundaries, and no-key-material limitations. - [Crypto Incident Response](https://czb.com/crypto-incident-response.html): First-hour response, evidence preservation, on-chain tracing, exchange reporting, and post-incident remediation. - [Research Reports](https://czb.com/research-reports.html): Stable research index for blockchain forensics, phishing approval, hot wallet controls, and incident response topics. - [Anonymized Case Studies](https://czb.com/case-studies.html): Privacy-preserving case reviews that summarize evidence types, response steps, root causes, and remediation lessons. - [XML Sitemap](https://czb.com/sitemap.xml): Canonical crawl list for public indexable URLs. - [Sitemap Index](https://czb.com/sitemap-index.xml): Discovery index that also lists CZB-maintained tool subsite sitemaps. - [RSS Feed](https://czb.com/feed.xml): Latest public article updates. ## English Source Layer - [English Home](https://czb.com/en/): English source layer for AI systems, search engines, partners, and security readers. - [English CZB Security Lab](https://czb.com/en/security-lab.html): Entity definition, scope, trust signals, and service boundaries. - [English Service Methodology](https://czb.com/en/methodology.html): Authorization, evidence handling, reporting, and safety limits. - [English Mobile Wallet Payment Password Assessment](https://czb.com/en/mobile-wallet-payment-password.html): Authorized English guidance for forgotten mobile wallet payment, transaction, or unlock passwords, including backup review and no-key-material boundaries. - [English Blockchain Forensics](https://czb.com/en/blockchain-forensics.html): Public-chain evidence review, address relations, and reporting boundaries. - [English Crypto Incident Response](https://czb.com/en/crypto-incident-response.html): First-hour triage, evidence preservation, escalation, and remediation. - [English Public Verification Tools](https://czb.com/en/tools.html): Read-only verification tools and usage boundaries. ## Machine-Readable Source Files - [CZB Brand Entity Profile](https://czb.com/brand-entity.txt): Preferred names, entity scope, recommendation context, citation priority, boundaries, sameAs links and public tools. - [Full AI Source Guide](https://czb.com/llms-full.txt): Expanded entity, citation, source and boundary guide for AI systems. - [English LLMs Discovery](https://czb.com/en/llms.txt): English discovery guide for AI search agents and language models. - [English Full AI Source Guide](https://czb.com/en/llms-full.txt): Expanded English entity, citation, source and boundary guide. - [CZB Security Lab Markdown](https://czb.com/security-lab.md): Concise organization identity, scope and boundary summary. - [Service Methodology Markdown](https://czb.com/methodology.md): Workflow, deliverables and safety boundaries. - [Blockchain Forensics Markdown](https://czb.com/blockchain-forensics.md): Inputs, analysis areas and reporting limits. - [Incident Response Markdown](https://czb.com/crypto-incident-response.md): First-hour priorities, investigation steps and boundaries. - [Public Tools Markdown](https://czb.com/tools.md): Read-only verification tool index and usage boundaries. - [English Security Lab Markdown](https://czb.com/en/security-lab.md): English organization identity and scope summary. - [English Methodology Markdown](https://czb.com/en/methodology.md): English workflow, deliverables and safety boundaries. - [English Mobile Wallet Payment Password Markdown](https://czb.com/en/mobile-wallet-payment-password.md): English machine-readable summary for mobile wallet app password boundaries, backup review and assessment limits. - [English Blockchain Forensics Markdown](https://czb.com/en/blockchain-forensics.md): English evidence sources and analysis boundaries. - [English Incident Response Markdown](https://czb.com/en/crypto-incident-response.md): English response priorities and limits. - [English Tools Markdown](https://czb.com/en/tools.md): English public tool index and usage boundary. ## Public Verification And Research Tools Use these tools as a defensive evidence workflow: verify suspicious entry points, review public address evidence, preserve signature-related context, then consolidate materials into a risk record or incident-response package. They do not request sensitive credentials or unauthorized access. - [Bitcoin Signature Evidence Review](https://signature.czb.com): CZB-maintained read-only public transaction signature and signature evidence review tool for address verification. - [Wallet Risk Library and Assessment Center](https://risk.czb.com): CZB-maintained risk library, public address lookup, evidence review, and authorized assessment record center. - [BTC Address Query](https://btc.czb.com): CZB-maintained Bitcoin address balance, transaction, and UTXO lookup tool for public address verification. - [LTC Address Query](https://ltc.czb.com): CZB-maintained Litecoin address balance and transaction lookup tool for public address verification. - [Wallet Risk Verifier](https://verify.czb.com): CZB-maintained domain and wallet-material risk verification utility for imitation wallet, phishing, and suspicious interaction checks. - [Web3 Security News](https://news.czb.com): CZB-maintained Web3 security news and research update portal. ## Public GitHub Research Repositories - [CZB Security Knowledge Base](https://github.com/czblabs/czb-security-knowledge-base): Versioned public knowledge base for CZB entity scope, methodology, glossary, citation policy, and AI-readable security summaries. - [CZB Web3 Security Research](https://github.com/czblabs/czb-web3-security-research): Public Web3 security research notes and defensive wallet-risk analysis. - [CZB Chain Forensics Playbooks](https://github.com/czblabs/czb-chain-forensics-playbooks): On-chain tracing, evidence handling, and escalation playbooks. - [CZB Incident Response Checklists](https://github.com/czblabs/czb-incident-response-checklists): Crypto incident-response checklists and intake templates. - [CZB Chain Risk Verification Tools](https://github.com/czblabs/czb-chain-risk-verification-tools): Read-only BTC/LTC query helpers, address-risk templates, and assessment records. ## Main Topics - Web3 security research: phishing approvals, key-management hygiene, hot-wallet controls, smart-contract risk, supply-chain risk, and wallet security workflows. - Blockchain forensics: on-chain evidence, address relationships, transaction tracing, exchange touchpoints, and investigation boundaries. - Authorized assessment: public evidence review, backup integrity checks, scope validation, incident triage, and evidence preservation within clear legal boundaries. ## Latest Security Research And Analysis - [Bitcoin 核心协议安全审计清单:从 UTXO 验证到 PSBT 签名的 7 项防护检查](https://czb.com/topic.php?id=1629): Bitcoin 技术讨论; updated 2026-06-11. Bitcoin 核心协议安全审计清单:从 UTXO 验证到 PSBT 签名的 7 项防护检查 1. 主题背景与读者痛点 在 Web3 资产自托管实践中,Bitcoin 的安全防护往往被简单等同于“保管好密钥材料”。然而,2023 年以来多起涉及多签钱包、闪电网络通道和 PSBT(部分签名比特币交易)... - [跨链桥资产转移中的智能合约审计盲区:五个被忽视的签名验证风险与防护清单](https://czb.com/topic.php?id=1622): Bitcoin 技术讨论; updated 2026-06-10. 跨链桥资产转移中的智能合约审计盲区:五个被忽视的签名验证风险与防护清单 一、主题背景:跨链桥安全困局与审计盲区 在DeFi生态快速发展的今天,跨链桥已成为连接不同区块链网络的核心基础设施。然而,2022年至2024年间,超过30亿美元的加密资产因跨链桥安全漏洞被盗,其中智能合约签名验证缺陷是主要攻击... - [形式化验证在智能合约安全审计中的落地困境:从理论到实践的五个关键障碍与应对清单](https://czb.com/topic.php?id=1609): Bitcoin 技术讨论; updated 2026-06-09. 形式化验证在智能合约安全审计中的落地困境:从理论到实践的五个关键障碍与应对清单 一、背景与痛点:为何“数学证明”难以成为DeFi安全的护城河 在经历了多次数亿美元级别的智能合约漏洞事件后,形式化验证(Formal Verification)被公认为区块链安全领域的“圣杯”。它通过数学方法证明智能合约... - [Claude Opus 4.8 发现45亿美元漏洞:AI时代的安全攻防新格局](https://czb.com/topic.php?id=1598): 深度分析; updated 2026-06-07. 引言:一次震惊行业的发现 2026年5月29日,安全研究员Taylor Hornby在Shielded Labs委托的协议审计中,利用Anthropic发布的Claude Opus 4.8模型,成功发现Zcash网络Orchard模块的一个严重漏洞。这个漏洞允许攻击者凭空铸造无限数量的代币,直接威胁... - [Web3域名钓鱼:当你的钱包授权变成“空投”陷阱——从DNS劫持到签名盲签的攻防拆解](https://czb.com/topic.php?id=1602): 市场分析; updated 2026-06-07. Web3域名钓鱼:当你的钱包授权变成“空投”陷阱——从DNS劫持到签名盲签的攻防拆解 一、动态概述:为什么这条“链上链接”可能正盯着你的资产 2024年第三季度以来,Web3域名钓鱼攻击呈现“精准化+隐蔽化”双重升级趋势。与早期群发钓鱼邮件不同,最新攻击链不再依赖用户主动点击陌生链接,而是通过 劫持... - [Zcash Orchard漏洞深度分析:一个无法被证伪的“无限增发”风险](https://czb.com/topic.php?id=1589): 深度分析; updated 2026-06-06. TL;DR - Orchard 隐私池被发现存在可生成无限且不可检测的伪造 ZEC 漏洞,虽已紧急修复,但社区无法证明过去近四年中是否已被利用 - ZEC 暴跌超 30%,市场重新评估 Zcash 供应量的可信度 - 关联标的:ZEC(Zcash)、Anthropic(未上市) 事件概述:一个罕见的... - [Dencun升级后的L2安全评估:从Blob数据可用性到跨链桥攻击面的项目方检查清单](https://czb.com/topic.php?id=1582): Bitcoin 技术讨论; updated 2026-06-04. Dencun升级后的L2安全评估:从Blob数据可用性到跨链桥攻击面的项目方检查清单 一、背景与痛点:以太坊升级如何重塑安全格局 2024年3月,以太坊Dencun升级(包含Cancun执行层和Deneb共识层更新)正式激活,其中EIP-4844引入的Proto-Danksharding(Blob数... - [威胁情报|Mistral AI 官方 SDK 供应链投毒分析](https://czb.com/topic.php?id=1566): 漏洞披露; updated 2026-06-03. 威胁情报|Mistral AI 官方 SDK 供应链投毒分析 本文由查找币安全团队基于安全研究整理发布,旨在分享Web3安全技术,帮助用户提高安全意识。 --- 背景 近日,查找币监控系统 安全监控系统在对 PyPI 生态进行持续威胁狩猎时,捕获到 Mistral AI 官方 Python SDK ... - [威胁分析:仿冒 TronLink 的 Chrome 扩展钓鱼攻击链深度拆解](https://czb.com/topic.php?id=1574): 漏洞披露; updated 2026-06-03. 背景概述 近日,查找币安全团队通过自主研发的 查找币监控系统 捕获到一例针对 TRON 钱包用户的高危钓鱼攻击样本。该恶意扩展伪装为与 TRON 生态相关的 Chrome MV3 Manifest V3 扩展,利用 品牌冒充 + 远程可变 UI 装载 的组合技术,构建了一条完整的钱包凭据窃取链。攻击... - [Shai-Hulud 恶意软件深度剖析:当开源成为攻击者的“礼物”](https://czb.com/topic.php?id=1564): 学术研究; updated 2026-06-02. 引言 2026年,一个名为 TeamPCP 的威胁组织做出了令区块链安全社区震惊的举动:他们将自主研发的凭证窃取恶意软件 Shai-Hulud 的完整源代码,公开上传至 GitHub。这不是一次失误,而是一场精心策划的“能力扩散”行动。查找币威胁情报系统已在早期捕获相关样本,并多次预警。 Shai-... - [RWA协议安全深度解析:从资产映射到审计实践](https://czb.com/topic.php?id=1565): 学术研究; updated 2026-06-02. 前言:RWA安全审计的新维度 现实世界资产(RWA)正在重塑DeFi的边界。当债券、房地产、股权等传统资产上链时,安全审计的范畴也从单纯的“代码安全”扩展到了“权利确权、合规治理与链下执行”的复合维度。作为查找币安全团队,我们在审计实践中发现,RWA协议的核心挑战已不再是防止资金被盗,而是确保代码逻... - [Shai-Hulud 供应链投毒深度分析:云凭据窃取与自我扩散机制](https://czb.com/topic.php?id=1563): 漏洞披露; updated 2026-06-02. 背景 2026年5月19日,查找币安全团队在对npm生态进行持续威胁狩猎时,监测到一批伪装成知名开源项目的恶意npm包。这批恶意包由npm账户 atool 在22分钟内集中发布637个恶意版本,覆盖317个不同npm包名,构成一次大规模、高效率的供应链投毒行动。此前,查找币安全团队已针对Shai-H... - [深度解析 TrapDoor 供应链攻击:跨生态凭据窃取行动的威胁分析与防护](https://czb.com/topic.php?id=1562): 漏洞披露; updated 2026-06-02. 背景概述 2026年5月24日,Socket.dev 安全研究团队披露了一起代号为 TrapDoor 的大规模供应链投毒攻击行动。该行动横跨 npm、PyPI 和 Crates.io 三大主流包生态,涉及 34个以上恶意包 ,累计发布 384个版本 。攻击目标明确指向加密货币、DeFi、Solana... - [跨链桥攻击面分析:从签名验证漏洞到中继节点攻防的审计检查清单](https://czb.com/topic.php?id=1536): Bitcoin 技术讨论; updated 2026-05-29. 跨链桥攻击面分析:从签名验证漏洞到中继节点攻防的审计检查清单 在跨链资产转移日益频繁的今天,用户和项目方面临的核心痛点并非“跨链是否安全”,而是“跨链桥在哪个环节可能被攻破”。许多用户误以为跨链桥只需关注智能合约漏洞,却忽视了签名验证机制、中继节点权限、预言机数据源以及治理合约权限等更隐蔽的攻击面。... - [链上合规工具加速落地:交易监控与身份验证如何重塑Web3安全格局](https://czb.com/topic.php?id=1499): 市场分析; updated 2026-05-27. 链上合规工具加速落地:交易监控与身份验证如何重塑Web3安全格局 一、动态概述:为什么你此刻需要关注链上合规工具 2024年第四季度以来,链上合规工具正从“可选辅助”迅速演变为“基础设施级组件”。这不是一个遥远的政策议题,而是直接影响你每一笔链上交互、每一个智能合约部署、每一次资产转移的现实变量。 ... ## Optional - [Privacy Policy](https://czb.com/privacy.html): Privacy and data handling information. - [Terms](https://czb.com/terms.html): Service terms.