加密貨幣社交工程攻擊：10大實用貼士保障你的數碼資產安全

社交工程已成為加密貨幣生態內最主要的威脅渠道，透過操控人類心理，而非 技術漏洞，來侵害用戶安全。與傳統網絡攻擊針對軟件或硬件缺陷不同，社交工程手法是讓目標自願洩露敏感資料或主動進行危害自己資產的行動。

區塊鏈的不可篡改特性顯著放大這些風險——一旦資金被轉移，幾乎無法追回。 像是 2025年2月Bybit被駭事件，造成高達15億美元損失，正好突顯這些心理戰的破壞力。

2024年Chainalysis報告顯示，社交工程佔所有加密貨幣失竊事件的73%，即整體生態圈超過32億美元的損失。

隨著機構級採用加速，以及散戶大量進場，了解社交工程的運作及建立有效防禦措施，對個人持有人或大型平台同樣重要。

本文將探討心理基礎、手法演變、重大案例及新興防禦方案，一同剖析加密世界最難纏的威脅。

加密貨幣社交工程的心理基礎

社交工程攻擊會利用人類決策流程中根深蒂固的認知偏誤及情感觸發。這些心理弱點在加密領域尤其明顯，原因有幾個：

利用恐懼、緊迫感與貪念

攻擊者善於激發情緒反應，令受害人無法冷靜思考。像「即時凍結帳戶」或「發現可疑活動」等假警報，可觸發杏仁核的威脅回應，削弱判斷力。2024年史丹福行為經濟學研究指出，感到有時限壓力的加密用戶，洩露敏感資訊的可能性比對照組高出320%。

貪念同樣強大，尤其是在充滿波動性的加密市場。虛假的高回報投資機會會挑動行為經濟學所稱的「錯失恐懼症（FOMO）」，讓人誤信有機會一夜致富。例如2024年「DeFi夏季2.0」騙局，就是透過捏造的高息挖礦協議（承諾900%年利率）吸引用戶連接錢包到惡意合約。

技術複雜性變成弱點

區塊鏈系統本身的複雜結構，使社交工程更易得逞。2025年加密教育聯盟調查發現，64%用戶無法正確解釋私鑰管理，78%難以分辨智能合約操作真偽。這促使攻擊者偽裝成技術支援，以專業語言誘騙用戶。

以Bybit事件為例，北韓Lazarus Group沒有直接針對交易所，而是攻擊一家接入Bybit基礎設施的第三方數據公司。攻擊者以緊急假理由套取即時回應，甚至連有經驗的開發者也中招，最終導致價值十多億美元的損失。

文化及理念因素

加密社群強調去中心化與自主，這種理念既推動個人獨立與私隱，同時亦削弱了集中式驗證機制，增加騙徒可乘之機。

社群普遍匿名——不少開發者或KOL使用化名，方便冒充攻擊。2025年初「Blue Check」Discord事件，騙徒仿真大熱開發者帳號，宣稱發放空投，收集逾4,200組種子詞。

加密貨幣社交工程手法演變

隨加密生態成熟，社交工程手法變得更精密、更大規模及針對性更強。認清新型手法，是建立有效防守的關鍵。

進階釣魚行動

根據2024年FBI資料，釣魚是最常見的社交工程策略，佔加密相關詐騙七成。傳統電郵攻擊已進化成多渠道、多手法。常見手段包括：

1. SSL認證域名仿製：以相似網址與合法加密連結做假網站，經常用視覺近似字或筆誤域名。
2. 廣告戶口被盜用：谷歌威脅分析組指，2024年針對加密的釣魚廣告開支估計達1,470萬美元，用戶因此被引導到偽裝交易所登入頁。
3. 假冒瀏覽器擴充功能：2025年Chainalysis報告發現，冒充MetaMask及Trust Wallet等錢包的假擴充，被害人損失達4,500萬美元。這些工具甚至會在官方擴充商店出現。
4. 反向社交工程：黑客創造陷阱情境，令用戶主動求助。2024年「Gas Error」行動偽造交易出錯訊息，引人進入「偽調試工具」偷取私鑰。

精準冒充與情報收集

除了傳統「客服」詐騙，現時攻擊者會在社交平台蒐集受害人數據，為攻擊「度身訂做」。區塊鏈調查機構Elliptic統計，2023至2025年間，針對性冒充騙案增加了340%。

他們先監察Reddit、Discord或Telegram上的討論，找出遇到錢包或平台問題的用戶，然後用極具針對性的細節接觸對方，建立信任。如有用戶因交易失敗發帖，騙徒會以完全準確的錯誤訊息和交易編號回應，假冒專業支援，藉機要求連接錢包。

社交向智能合約攻擊

DeFi擴張下，社交工程有了新攻擊面。不單偷取帳戶資料，更會誘騙用戶簽署惡意交易或授權危險的合約權限。常見手法有：

1. 無限代幣授權：用混亂界面欺騙用戶給予無限制使用權，攻擊者可隨時掏空錢包。
2. 假空投要求「認領」交易：假裝限時搶領代幣，誘使用戶觸發帶有惡意代碼的合約。
3. 假治理提案：偽裝成協議投票，引誘用戶簽署實為轉移管理權的指令。

2025年1月Curve Finance前台被劫持事件正是例子——攻擊者暫時掌控DNS，把用戶導向假界面，誘導他們授權看似例行交易，實際卻開放予攻擊方隨意提款。

重點案例剖析與客觀影響

典型社交工程事件能為業界提供寶貴啟示，包括攻擊模式、機構弱點及對生態系統的連鎖衝擊。

Bybit事件：供應鏈被滲透

2025年2月的Bybit事件，是加密史上最大型社交工程攻擊。Lazarus Group沒有正面攻擊交易所，而是瞄準具熱錢包權限的第三方數據公司。

黑客經過多週鋪排，以假法律緊急事件與開發者建立信任，持續施壓，最終有員工授予遠端進入權限，讓攻擊者取得Bybit系統憑證，套現500,000 ETH（約15億美元）。

事件揭示Vendor管理的重大漏洞。網絡安全公司Mandiant事後分析，84%大型交易所未有周全第三方安全認證程序，雖然其營運嚴重依賴外判商。

2024年Coinbase SMS行動

除了大型平台事件，針對零售用戶的小型攻擊其實造成更廣泛傷害。2024年初，有行動組織用SMS偽冒手法針對Coinbase用戶，消息覆蓋估計有230萬人。

黑客偽造Coinbase真實的雙重驗證（2FA）短訊提示，令用戶… sign-in notifications that directed users to convincing replica sites. Despite Coinbase's robust internal encryption standards, the human element - users hastily approving fake 2FA prompts - enabled the theft of approximately $45 million before detection systems identified the pattern.

登入通知將用戶引導到極具說服力的仿冒網站。儘管Coinbase具有強大的內部加密標準，但「人為因素」──用戶匆忙批准假的雙重認證提示──令黑客有機可乘，在偵測系統發現有異常模式之前，被盜資金已高達約4,500萬美元。

What made this attack particularly effective was its behavioral targeting. Analysis showed the SMS messages were timed to coincide with significant market volatility periods when users were likely to be checking their accounts anxiously, creating the perfect environment for bypassing rational scrutiny.

此攻擊之所以特別有效，是因為針對了用戶的行為特徵。分析發現，這些SMS訊息刻意安排在市場大幅波動時發出，這些時候用戶往往會不安地頻繁查閱帳戶，為忽略理性審查創造了最佳條件。

Cumulative Economic and Geopolitical Impact

累積經濟及地緣政治影響

The financial scale of social engineering in cryptocurrency extends far beyond individual incidents. According to Chainalysis, social engineering attacks resulted in $3.2 billion in direct theft during 2024 alone, with state-sponsored groups (particularly North Korea's Lazarus Group) responsible for 47% of major attacks.

加密貨幣領域的社交工程詐騙，財務規模遠超單一個案。根據Chainalysis數據，單於2024年，社交工程攻擊已直接導致32億美元被盜，而由國家支持的組織（尤其是北韓的Lazarus集團）佔重大攻擊的47%。

These funds finance a range of illicit activities with broader societal consequences. UN Panel of Experts reporting indicates that North Korea's cryptocurrency theft operations directly fund weapons proliferation programs, including the development of intercontinental ballistic missiles. The U.S. Treasury Department estimates that cryptocurrency social engineering has become the primary funding mechanism for sanctions evasion by multiple state actors.

這些資金資助的非法活動廣泛，對社會有深遠後果。聯合國專家小組的報告指出，北韓的加密貨幣盜竊行動直接資助大規模武器擴散，包括洲際彈道導彈的研發。美國財政部則估計，加密貨幣社交工程已成為多個國家行為體規避制裁的主要集資手段。

Even beyond direct theft, social engineering creates significant second-order economic effects. A 2025 MIT Digital Currency Initiative study found that major social engineering incidents typically trigger 8-12% market-wide sell-offs, temporarily destroying billions in market capitalization as confidence erodes.

社交工程除造成直接盜竊損失外，還會帶來重大的間接經濟影響。2025年麻省理工學院數碼貨幣研究計劃指出，重大社交工程事件一般會觸發8-12%的全市場拋售，市值在信心動搖時暫時蒸發數十億美元。

Comprehensive Mitigation Strategies

全面緩解方案

Defending against social engineering requires a multi-layered approach combining human awareness, technological safeguards, and institutional policies. The most effective defense frameworks address all three dimensions simultaneously.

應對社交工程需要多層策略，結合用戶意識、技術防護及機構政策。最有效的防禦體系，必須同時涵蓋這三個範疇。

Human-Centered Defense: Education and Awareness

以人為本的防禦：教育及提升意識

User education forms the first line of defense against social engineering. Effective training programs should focus on:

用戶教育是防範社交工程的第一道防線。有效的培訓計劃應集中於：

1. Recognition training: Teaching users to identify red flags like artificial urgency, unsolicited contact, grammatical errors, and unusual requests. Simulations that expose users to realistic phishing attempts have proven particularly effective, improving detection rates by up to 70% according to a 2024 Cryptocurrency Security Consortium study.

2. 辨識訓練：教導用戶識別警號，例如製造緊急感、無端聯絡、文法錯誤和不尋常請求。模擬真實釣魚攻擊可有效提升警覺，2024年加密貨幣安全聯盟的研究證實，這類訓練可令用戶識別率提升至70%。

3. Procedural safeguards: Establishing clear internal policies that make verification routine. For example, Kraken's security guidelines recommend a mandatory 24-hour delay on any unusual withdrawal request, allowing emotional responses to subside before action.

4. 程序保障：訂立明確的內部政策，令核實程序變成日常。例如Kraken的安全指引建議所有不尋常提款請求必須強制等候24小時，讓情緒冷卻後才作決定。

5. Community verification systems: Leveraging community resources to validate communications. Legitimate projects now typically sign official announcements with verifiable cryptographic signatures or post simultaneously across multiple established channels.

6. 社群驗證系統：利用社群資源確認訊息真偽。正規項目現時多會用可驗證加密簽名作官方公告，或同時在多個已認可渠道發放。

Major exchanges have recognized education's importance in mitigating risk. Binance reported investing $12 million in user education programs during 2024, while Crypto.com implemented mandatory security workshops for employees, reducing insider vulnerability to pretexting attacks by an estimated 65%.

主要交易所已認同教育對降低風險至關重要。Binance表示於2024年投放了1,200萬美元於用戶教育，而Crypto.com則為員工設強制安全工作坊，估計已將內部人員被假冒攻擊的風險減少65%。

Technological Countermeasures

技術對策

While social engineering exploits human psychology, technological safeguards can create multiple layers of protection that prevent successful attacks from resulting in asset loss:

雖然社交工程是針對人性弱點，技術防護依然可建立多層保護，阻截攻擊最終造成資產損失：

1. Hardware wallets with air-gapped signing: Physical devices like Ledger and Trezor require manual verification of transaction details, preventing automated theft even if credentials are compromised. A 2025 analysis found that less than 0.01% of hardware wallet users experienced social engineering losses compared to 4.7% of software wallet users.

2. 隔空簽名的硬件錢包：如Ledger、Trezor等需要實體裝置親手驗證交易細節，即使用戶資料外洩，都可阻止自動偷竊。2025年一項分析顯示，硬件錢包用戶的社交工程損失率少於0.01%，而軟件錢包用戶則高達4.7%。

3. Multi-signature architectures: Requiring multiple independent approvals for high-value transactions creates distributed security that remains robust even if individual signers are compromised. Institutional adoption of multi-signature setups has grown 380% since 2023, according to on-chain analytics.

4. 多重簽署架構：高價值交易需多位獨立人士批准，即使有個別簽署人被攻破，安全性仍得以維持。鏈上數據分析顯示，自2023年起，機構採用多簽架構的比例已增長380%。

5. Time-locked withdrawals: Implementing mandatory delays for large transfers provides a critical window for fraud detection. Exchange-level adoption of tiered withdrawal delays has reduced successful social engineering attacks by 47% according to data from crypto insurance provider Nexus Mutual.

6. 定時延遲提款：為大額轉帳設強制等候期，可提供關鍵時間用於檢測詐騙。加密保險公司Nexus Mutual數據顯示，交易所實施分級提款延時措施後，成功社交工程攻擊減少了47%。

7. Behavioral biometrics: Advanced systems now analyze typing patterns, mouse movements, and interaction styles to identify compromised accounts, even when correct credentials are provided. Post-implementation data from exchanges deploying these systems shows 82% successful prevention of account takeovers.

8. 行為生物識別：先進系統現時可分析用戶打字模式、滑鼠動作及互動習慣，即使輸入正確資料，也能揪出被盜帳號。引入此系統的交易所錄得82%帳戶盜用成功攔截率。

Institutional and Industry-Level Approaches

機構及產業層面的措施

Broader ecosystem solutions can create collective defense mechanisms that reduce social engineering vulnerability:

更廣泛的行業生態解決方案，可構建集體防禦機制，降低社交工程風險：

1. Verified communication channels: Industry-wide adoption of cryptographically signed announcements prevents impersonation attacks. Protocols like ENS have introduced verification standards that definitively link on-chain identities to communication channels.

2. 已驗證通訊渠道：行業廣泛採用加密簽名公告，可杜絕冒充攻擊。ENS等協議已推出驗證標準，能將鏈上身份與通訊渠道明確綁定。

3. Zero-trust frameworks for organizational security: Implementing least-privilege access controls and continuous authentication, rather than perimeter-based security models. The Bybit attack's root cause - a compromised vendor with excessive access - highlights the necessity for companies to adopt zero-trust principles.

4. 零信任組織安全架構：實行最小權限及持續驗證，不靠傳統邊界安全。Bybit被攻擊的根本原因，就在於外判商獲授過多權限，突顯企業必須落實零信任原則。

5. Cross-platform threat intelligence sharing: Real-time sharing of social engineering indicators allows rapid response across the ecosystem. The Crypto Security Alliance, formed in late 2024, now connects 37 major platforms to share threat data, blocking over 14,000 malicious addresses in its first six months.

6. 跨平台威脅情報共享：社交工程指標實時通報，有助全行業迅速聯防。2024年成立的Crypto Security Alliance現已連接37個主流平台，首半年已攔截逾14,000個惡意地址。

7. Regulatory frameworks with industry input: Though controversial in some segments of the community, targeted regulation focused specifically on social engineering prevention has shown promise. The European Union's 2025 Digital Asset Security Directive requires exchanges to implement social engineering awareness programs and provides limited liability protections for platforms that meet specific security standards.

8. 有業界參與的監管框架：雖然社群部分人士有爭議，但針對社交工程預防的精準監管顯示成效。歐盟2025年《數碼資產安全指令》要求交易所開展社交工程意識培訓，並對達標平台提供有限責任保障。

10 Essential Protection Tips for Cryptocurrency Users

十大加密貨幣用戶防騙貼士

Individual vigilance remains critical regardless of technological and institutional safeguards. These practical steps dramatically reduce social engineering risk:

無論技術及機構保障多齊全，用戶自身警覺性始終關鍵。這些實用步驟，可大大降低社交工程風險：

1. Implement mandatory self-verification delays: Establish a personal rule to wait 24 hours before acting on any unexpected request involving account access or asset transfers, regardless of apparent urgency.

2. 設立自我驗證等候期：定下規矩，遇到任何要求登入或資產轉移的突發請求，即使表面上很緊急，也堅持等24小時先再決定。

3. Use separate "hot" and "cold" wallet infrastructure: Maintain minimal balances in connected wallets, with the majority of holdings in cold storage that requires physical access and multiple verification steps.

4. 熱/冷錢包分開管理：連網錢包只留最少資金，大部分資產放於需實體操作及多重驗證的冷錢包。

5. Verify through official channels independently: Always independently navigate to official platforms rather than clicking provided links, and confirm unusual communications through multiple established channels.

6. 只用官方渠道獨立核實：絕不點擊別人提供的連結，必須自行打網址到官方平台，多渠道確認突發訊息。

7. Enable all available authentication methods: Implement app-based 2FA (not SMS), biometric verification, and IP-based login alerts where available. Exchange accounts with full security implementation experience 91% fewer successful attacks.

8. 啟用一切可用認證方式：建議用應用程式型2FA（勿用SMS）、生物認證及IP通知等。安全設置齊全的交易所戶口，成功攻擊率低91%。

9. Regularly audit wallet connection permissions: Review and revoke unnecessary smart contract approvals regularly using tools like Revoke.cash or Etherscan's token approval checker. Many wallets retain unlimited approvals that represent significant risk vectors.

10. 定期審查錢包授權：用Revoke.cash或Etherscan授權管理工具定期撤銷多餘授權。好多錢包預設無限批核權限，非常危險。

11. Maintain dedicated hardware for high-value transactions: Use a separate device exclusively for financial operations, reducing exposure to malware and compromised environments.

12. 分開高值操作專屬設備：高額交易專設一部專用裝置，減少中毒或被攻陷的風險。

13. Customize anti-phishing security codes: Most major exchanges allow setting personalized security codes that appear in all legitimate communications, making phishing attempts immediately identifiable.

14. 自設反釣魚安全碼：主流交易所大多支援自訂安全碼顯示於官方訊息，有效一眼分辨真假。

15. Implement whitelisted withdrawal addresses: Pre-approve specific withdrawal destinations with additional verification requirements for new addresses, preventing instant theft even if account access is compromised.

16. 設定提款白名單：只允許指定提現地址，新增必須多重驗證，帳戶即使被攻陷都冇得即時轉走。

17. Use multi-signature setups for significant holdings: Implement 2-of-3 or 3-of-5 multi-signature arrangements for valuable long-term holdings, distributing security across multiple devices or trusted individuals.

18. 大額資產用多簽方案：長期持有分散風險，比如2-of-3或3-of-5的多簽，必須多部裝置／多人同意先操作。

19. Treat all unsolicited offers with extreme skepticism: Remember that legitimate opportunities rarely require immediate action, and extraordinary returns typically signal extraordinary risk. Apply heightened scrutiny to anything that seems unusually profitable or urgent.

20. 所有非主動查詢的投資機會都要極度懷疑：正規商機極少要你即時決定，利潤過高往往代表高風險。遇到「特別筍」或「極急」時，一定要冷靜再三查證。

The Future of Social Engineering Defense

社交工程防禦的未來發展

As cryptocurrency adoption accelerates, both attack and defense methodologies continue to evolve rapidly. Several emerging technologies and approaches show particular promise in the ongoing security arms race:

隨著加密貨幣普及，攻防手法皆日益進化。多項新科技及策略正成為這場資訊安全軍備競賽的關鍵：

AI-Driven Threat Detection and Prevention

AI驅動的威脅偵測與防範

Machine learning models trained on historical scam patterns now power increasingly sophisticated defense systems. These AI systems can:

人工智能已透過分析歷來詐騙數據，提升了防禦系統的智能化程度。這些AI系統可以：

1. Detect anomalous wallet interactions: Identifying transaction patterns that deviate from established user behavior, flagging potential compromise in real-time.

2. 偵測不尋常錢包行為：即時識別異常交易模式，及時通報可能被盜的帳號。

3. Filter suspicious communications: Analyzing messaging across platforms to identify psychological manipulation patterns characteristic of social engineering attempts.

4. 過濾可疑訊息：跨平台分析通訊內容，辨識出社交工程常用的心理操控套路。

5. Validate visual authenticity: Detecting subtle inconsistencies in spoofed websites or applications that human users might miss.

6. 驗證視覺真偽：AI能發現偽冒網站或應用中，肉眼難察覺的細微矛盾。

However, attackers have begun leveraging generative AI to craft hyper-personalized phishing content, escalating the technological arms race. The emergence of voice cloning technology presents particularly concerning implications for impersonation attacks targeting high-net-worth individuals and

然而，攻擊者也開始利用生成式AI設計超高仿真個人化釣魚內容，令科技攻防戰進一步升級。語音偽造技術的出現，更令針對高資產人士的冒充攻擊風險日益嚴峻。Here is your translation:

institutional key holders.
機構級金鑰持有人。

Decentralized Identity Solutions

去中心化身份認證方案

Blockchain-based identity verification systems may eventually provide robust protection against impersonation attacks. Projects like Civic, Polygon ID, and Worldcoin are developing cryptographically verifiable credentials that could enable trustless verification without centralized vulnerability points.
基於區塊鏈的身份驗證系統，最終有機會為假冒攻擊提供強而有力的防護。像 Civic、Polygon ID 和 Worldcoin 等項目，正開發可以加密驗證的身份憑證，這些憑證有望讓用戶在沒有中心化弱點的情況下進行信任最小化驗證。

These systems typically combine zero-knowledge proofs with biometric verification, allowing users to prove their identity without exposing personal data. Such approaches align with cryptocurrency's core ethos of self-sovereignty while addressing critical security challenges.
這類系統通常結合零知識證明與生物識別驗證，讓用戶在不洩露個人資料的情況下證明自己的身份。這種做法不但契合加密貨幣強調的自我主權核心理念，同時也針對至關重要的安全挑戰作出回應。

Cultural Evolution Toward Security-First Thinking

向以安全為本的思維方式邁進的文化進化

Perhaps most fundamentally, combating social engineering demands a cultural shift within the cryptocurrency ecosystem. The community's early emphasis on rapid innovation and frictionless experiences often inadvertently deprioritized security considerations. Leading protocols are now actively working to reverse this trend:
從根本來說，要對抗社交工程攻擊，必須推動加密貨幣生態圈內部的文化轉變。早期社群著重於高速創新和無縫體驗，經常無意間忽略了安全議題。領先的協議現正積極扭轉這種趨勢：

1. Normalizing verification delays: Establishing waiting periods as standard practice rather than emergency measures.

2. 正常化驗證延遲：將等待期變為標準操作流程，而不只是遇到危機時的臨時措施。

3. Developing common security certifications: Creating industry-recognized standards for both individual and institutional security practices.

4. 發展通用安全認證：為個人及機構建立業界認可的安全操作標準。

5. Integrating security education into onboarding: Making security awareness training a prerequisite for platform access, particularly for DeFi protocols.

6. 將安全教育納入入門流程：讓安全意識培訓成為使用平台的必要條件，尤其是在 DeFi 協議中。

Final thoughts

最後想法

Despite technological advancement, social engineering represents an enduring challenge precisely because it targets the most complex and adaptable component of any security system: human psychology. As cryptocurrency systems themselves become increasingly resilient to direct technical attacks, malicious actors will continue focusing on manipulating the people who control access.
儘管科技進步，社交工程攻擊始終是一個持續的挑戰，正因為它針對的是任何安全系統中最複雜、最能適應變化的部分——人的心理。隨著加密貨幣系統本身越來越能抵抗直接的技術性攻擊，惡意份子將會繼續集中操縱那些掌握權限的人。

The irreversible nature of blockchain transactions creates uniquely high stakes for these psychological battles. While traditional financial fraud might be reversible through institutional intervention, cryptocurrency theft through social engineering typically results in permanent loss.
區塊鏈交易無法逆轉的特性，為這些心理博弈帶來極高的風險。在傳統金融領域，欺詐行為或許可以經過機構介入而被逆轉，但加密貨幣因社交工程而被盜，往往導致永久損失。

This reality demands continuous evolution in both individual awareness and collective defense mechanisms. By combining technological safeguards with psychological resilience training and institutional best practices, the ecosystem can significantly reduce its vulnerability to manipulation.
這現實促使個人意識及集體防衛機制都要不斷進步。只要將技術保障、心理抗壓訓練以及機構最佳實踐結合起來，整個生態圈便能大幅降低被操控的風險。

As Vitalik Buterin noted following the Curve Finance frontend hijacking: "The greatest challenge for cryptocurrency isn't building unbreakable code - it's building unbreakable people." In an industry predicated on trustless technology, learning to navigate human trust relationships securely remains the critical frontier.
正如 Vitalik Buterin 在 Curve Finance 前端被劫持事件後指出：「加密貨幣領域最大的挑戰，不是寫出無法破解的代碼，而是培養出無法被擊敗的人。」在一個以無需信任技術為基礎的行業中，學習如何安全處理人與人之間的信任關係，仍然是最重要的一道防線。