区块链矿池攻击机制,区块链矿池什么意思
。矿池攻击机制是指在区块链网络中,一个或多个矿池参与者可以采取某种攻击方式,以提高自身的收益。在这种攻击中,矿池参与者可以控制网络中的一部分节点,从而改变网络的行为,从而提高自身的收益。这种攻击方式可能会影响区块链网络的安全性和可靠性,因此,需要采取有效的防御措施来防止矿池攻击。
矿池参与者:矿池参与者是指在区块链网络中,参与挖矿的个人或组织。矿池参与者可以是个人挖矿者,也可以是组织挖矿者,比如挖矿公司、矿池组织等。矿池参与者可以通过挖矿获取区块链网络中的收益,也可以通过攻击网络获取更多的收益。
节点控制:节点控制是指矿池参与者可以控制网络中的一部分节点,从而改变网络的行为,从而提高自身的收益。节点控制可以通过控制网络中的一部分节点,比如控制网络中的矿池节点,从而改变网络的行为,比如提高某个矿池参与者的收益。
防御措施:防御措施是指采取有效的措施,以防止矿池攻击。这些措施可以包括改变网络的设计,比如采用更安全的共识机制,以及采取技术措施,比如采用更高效的网络加密技术等等。这些措施的目的是为了防止矿池参与者控制网络中的节点,从而改变网络的行为,从而提高自身的收益。
请查看相关英文文档
『一』Nine common ways to attack the blockchain
Nine common ways to attack the blockchain, many people know about the blockchain Everyone knows that the blockchain can be attacked. Many people don’t know which chains or methods can attack the blockchain. Let’s take a look at it with the editor. I hope it can help you.
Nine common ways to attack the blockchain
1. Eclipse attack - a node will select "x" nodes as the basis for accessing the blockchain, and the node will obtain the area from these "x" nodes Blockchain data.
If the attacker can make the "x" nodes selected by this node all nodes controllable by the attacker, the attacked node can be placed in an "isolated" state. The attacked node will be isolated from the main network and completely controlled by the attacker.
2. Witch Attack - The "witch" here does not refer to a woman with magic, but comes from an American movie "Sybil". The protagonist in the play has 16 layers of magic and plays 16 different characters. Key to the same role. The witch attack refers to an attack launched by the same node disguised as a different node.
The attacker uses forged identities to disguise a small number of nodes into a large number of nodes, thereby affecting the entire network. Attackers may use witch attacks to double spend, implement 51% attacks, etc., and to implement a solar eclipse attack, they usually perform a witch attack first.
3. Alien attack - Alien attack is also called "address pollution".
When different public chains use compatible handshake protocols, we call these public chains homogeneous chains. The attacker adds the node data of the same chain to the attacked public chain node. When the attacked public chain node communicates and exchanges address pools, it will pollute the address pools of other normal nodes and continue to pollute the entire public chain network. , leading to a decrease in the communication performance of the public chain, and ultimately causing node congestion and other phenomena.
4. Selfish Mining_The consensus mechanism of the blockchain determines that nodes will agree that the longest chain is real and effective. An attacker can continue to mine the latest block without broadcasting it, thereby hiding the blocks he mined.
When the block hidden by the attacker node is longer than the longest block published on the chain, it will be broadcast again, thus becoming the longest chain, causing the original longest chain to roll back, thereby achieving attacks such as double spending. .
5. Mining Trojan_The attacker spreads the mining program to other people's computers by uploading malicious programs to the public network or creating worms.
Use other people's computer resources and electricity to mine and obtain mining benefits. An attacked computer will consume a lot of resources, causing the computer to freeze and shorten its service life.
6. 51% computing power attack_51% computing power attack is one of the most famous attack methods in the blockchain.
In a POW consensus blockchain network, computing power is power. When more than 50% of the computing power is controlled by one person, that person can cancel and block transactions at will, thereby achieving double spending.
7. Time hijacking attack_when a node passes through other nodesThe time is determined by the median value between them.
If an attacker places a malicious node list into the peer node list of the attacked node, he can control the time of this node, such as through an eclipse attack.
8. Finney attack_If the attacker can hide a block containing his own transaction, it is possible to achieve a double spend.
When an exchange or other institution accepts a transaction with 0 confirmations, an attacker can make a transfer to it, spend the funds already spent in its hidden block, and transfer the hidden block to the new transaction before the block is broadcast. broadcast.
Because the hidden block time is earlier, subsequent spending will be rolled back, thus achieving double spending.
9. Racial attack_This type of attack is a branch of "Finney attack". The attacker will conduct two transactions at the same time, spending the same amount of funds, one transfer to a merchant that supports 0 confirmation for withdrawal; one transfer to itself and give higher gas.
The node will prioritize transactions with higher gas, so the latter transaction will not be executed. Usually the attacker will connect to a node that is close to the attacked merchant to operate, so that the merchant will receive the transactions that are not executed first.
『二』 What epic vulnerabilities did 360 discover in the blockchain?
According to news on May 29, recently, the Vulcan team of 360 Company discovered a A series of high-risk security vulnerabilities in the blockchain platform EOS. It has been verified that some of these vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, they can directly control and take over all nodes running on EOS through remote attacks.
Blockchain network security risks require urgent attention
EOS is a new blockchain platform called "Blockchain 3.0". The currency market value is as high as 69 billion yuan, ranking fifth in the world in market value.
In the blockchain network and digital currency system, there are many attack surfaces in nodes, wallets, mining pools, exchanges, smart contracts, etc. The 360 security team has previously discovered and exposed multiple attacks against Serious security vulnerabilities in digital currency nodes, wallets, mining pools, and smart contracts.
The series of new security vulnerabilities discovered by the 360 Security Team in the smart contract virtual machine of the EOS platform are a series of unprecedented security risks. No security researchers have discovered such problems before. This type of security issue not only affects EOS, but may also affect other types of blockchain platforms and virtual currency applications.
360 expressed the hope that through the discovery and disclosure of this vulnerability, the blockchain industry and security peers will pay more attention and attention to the security of such issues, and jointly enhance the security of the blockchain network. Safety.
Content source: The Paper
『三』 What are the security weaknesses of blockchain
What are the security weaknesses of blockchain
area Blockchain is the core technology in Bitcoin. On the Internet where trust cannot be established, blockchain technology relies on cryptography and ingenuity.The distributed algorithm uses mathematical methods to reach a consensus among participants without the intervention of any third-party central organization, ensuring the existence of transaction records, the validity of contracts, and the non-repudiation of identities.
The often mentioned characteristics of blockchain technology are decentralization, consensus mechanism, etc. The virtual digital currency derived from blockchain is currently the most popular in the world. One of the projects is creating a new batch of billionaires. For example, the Binance trading platform, just a few months after its establishment, has been rated by internationally renowned institutions as having a market value of US$40 billion, making it one of the richest digital currency entrepreneurial pioneers. However, since the establishment of digital currency exchanges, there have been endless incidents of exchanges being attacked and funds being stolen, and some digital currency exchanges have suffered heavy losses due to hacker attacks or even gone bankrupt.
1. The shocking attack on digital currency exchanges
From the earliest Bitcoin to the later Litecoin and Ethereum, there are currently hundreds of digital currencies. . As prices rise, attacks on various digital currency systems and digital currency thefts continue to increase, and the amount stolen is also soaring. Let’s review the shocking incidents of digital currencies being attacked and stolen.
On February 24, 2014, Mt. Gox, the world’s largest Bitcoin exchange operator at the time, announced that all 850,000 Bitcoins on its trading platform had been stolen, accounting for more than 80% of all Bitcoins. Exchange Mt.Gox filed for bankruptcy protection due to its inability to cover customer losses.
After analysis, the reason is roughly that Mt. Gox has a serious error such as a single point of failure structure, which was used by hackers to launch DDoS attacks:
The signature of the Bitcoin withdrawal link was hacked Tampering and entering the Bitcoin network before the normal request. As a result, the forged request can be successfully withdrawn, but the normal withdrawal request is abnormal and displayed as failed in the trading platform. At this time, the hacker has actually obtained the withdrawn Bitcoin. However, he continued to request repeated withdrawals on the Mt.Gox platform. Mt.Gox repeatedly paid equal amounts of Bitcoins without conducting transaction consistency verification (reconciliation), resulting in the Bitcoins on the trading platform being stolen.
On August 4, 2016, Bitfinex, the largest US dollar Bitcoin trading platform, announced that a security vulnerability was discovered on the website, resulting in the theft of nearly 120,000 Bitcoins, with a total value of approximately US$75 million.
On January 26, 2018, the Coincheck system of a large digital currency trading platform in Japan suffered a hacker attack, resulting in the digital currency "New Economic Coin" with a current price of 58 billion yen, approximately US$530 million. This is the largest digital currency theft in history.
On March 7, 2018, the news that Binance, the world’s second largest digital currency exchange, was hacked kept the currency circle awake at night. The hackers actually started playing economics, buying and selling short and “speculating”. "Coins" to cut leeks. According to Binance’s announcement, the hacker’s attack process includes:
1) Use third-party phishing websites to steal users’ account login information over a long period of time. Hackers carried out web phishing attacks on users by using Unicode characters to impersonate some letters in the legitimate Binance website domain name.
2) After the hacker obtains the account, he automatically creates a trading API and then lurks quietly.
3) On March 7, hackers used the stolen API Key to directly increase the value of VIA currency by more than 100 times by using short-selling methods. Bitcoin plummeted by 10%, with a total of 17 million bits in the world. According to currency calculations, Bitcoin lost US$17 billion overnight.
2. Why hacker attacks are so successful
The hot market of blockchain-based digital currency has made hackers salivate. The amount of money stolen continues to set new records, and the occurrence of theft incidents also increases. This has raised concerns about the security of digital currencies, and people can’t help but ask: Is blockchain technology safe?
With the research and application of blockchain technology, in addition to the information system to which it belongs, the blockchain system will face threats from viruses, Trojans and other malicious programs and large-scale DDoS attacks. and face unique security challenges.
1. Algorithm implementation security
Since blockchain uses a large number of cryptographic technologies, it is a highly algorithm-intensive project and is prone to problems in implementation. There have been precedents of this kind in history. For example, the NSA embedded flaws in the implementation of the RSA algorithm, allowing it to easily crack other people's encrypted information. Once a vulnerability of this level breaks out, it can be said that the foundation of the entire blockchain building will no longer be safe, and the consequences will be extremely dire. Bitcoins have been stolen before due to problems with the Bitcoin random number generator. In theory, the private key can be deduced by using the same random number twice during the signing process.
2. Consensus mechanism security
A variety of consensus algorithm mechanisms have appeared in current blockchain technology, the most common ones are PoW, PoS, and DPos. However, whether these consensus mechanisms can achieve and ensure true security requires more rigorous proof and the test of time.
3. The use of blockchain is safe
A major feature of blockchain technology is that it is irreversible and unforgeable, but the premise is that the private key is safe. The private key is generated and kept by the user, and theoretically no third party is involved. Once the private key is lost, no operations can be performed on the account's assets. Once obtained by hackers, digital currencies can be transferred.
4. System design security
Since platforms such as Mt.Gox have single points of failure in business design, their systems are vulnerable to DoS attacks. Currently blockchain is decentralized while exchanges are centralized. In addition to preventing technology theft, centralized exchanges must also manage people well to prevent human theft.
In general, from the perspective of security analysis, blockchain faces challenges in algorithm implementation, consensus mechanism, use and design. At the same time, hackers use the system toSystem security vulnerabilities and business design flaws can also achieve the purpose of attack. Currently, hacker attacks are having an increasing impact on the security of blockchain systems.
3. How to ensure the security of the blockchain
In order to ensure the security of the blockchain system, it is recommended to refer to the NIST network security framework from a strategic level and the network security of an enterprise or organization. From the perspective of the entire life cycle of risk management, five core components of identification, protection, detection, response and recovery are constructed to perceive and block blockchain risks and threats.
In addition, according to the characteristics of blockchain technology, we focus on the security of algorithms, consensus mechanisms, usage and design.
Achieving security for algorithms: On the one hand, choose to adopt new cryptographic technologies that can stand the test, such as the national secret public key algorithm SM2. On the other hand, strict and complete testing of the core algorithm code and source code obfuscation will increase the difficulty and cost of reverse attacks by hackers.
For consensus algorithm security: PoW uses anti-ASIC hash functions and uses more effective consensus algorithms and strategies.
For usage security: protect the generation and storage of private keys, and encrypt and store sensitive data.
For design security: On the one hand, we must ensure that the design functions are as complete as possible, such as using private key white-box signature technology to prevent viruses and Trojans from extracting private keys during system operation; designing a private key leak tracking function , to minimize the loss after the private key is leaked. On the other hand, some key businesses should be designed to be decentralized to prevent single point failure attacks.
『四』 Blockchain Science Guide: What is a 51% attack
In the encryption world, when one person or a group of people controls 50% + 1 of the network units, A 51% attack will occur. No one said 50% + 1 unit, so it was simply called 51% attack.
When a team manages to control a large portion of the network linked to a particular blockchain, it is considered to have absolute power over it over the entire blockchain, which means the integrity and security of transactions Guarantees are no longer available.
How can blockchain resist 51% attacks?
Cryptocurrencies have different ways to protect themselves against 51% attacks. Undoubtedly the most well-known is that there is a massive network of miners around the world that includes tens or even hundreds of thousands of people, making it extremely expensive to control this network.
In this case, the blockchain is usually automatically secured because the resources required to take over the cryptocurrency are far more significant and an attack does not necessarily cover the cost once the network is under control.
Without going into too many details, let's just say that additional security mechanisms can be added with the goal of making this kind of attack impossible. This can be achieved by using a system with multiple controls, which sometimes increases the requirements of this attack from 51% to 75% to 90% of computing power., sometimes even 99%.
In other cases, some blockchains have chosen reputable centralized participants who authorize transaction verification to avoid such attacks. However, some purists dislike this idea because it defeats the purpose of blockchain, which is to decentralize transactions.
Should we really be worried about 51% attacks?
Bitcoin has never suffered a 51% attack since its inception, and is unlikely to suffer such an attack. The network is so vast that the cost of doing this would be prohibitively high.
Furthermore, when it becomes clear that a blockchain is experiencing a 51% attack, it is almost certain that all token holders will decide to sell their assets immediately, which will result in the loss of value. So, mathematically speaking, it doesn't make much sense for a group of people to try to control a cryptocurrency.
To get an idea of the resources required to carry out a 51% attack, there is a nice little website called Crypto51 that allows you to find out the hash rate required to carry out such an attack and the cost in dollars per hour.
Conclusion on 51% Attacks
We hope you now have a better understanding of the concept of 51% attacks and how they work. As you can see, they require huge resources and may still not be worth the trouble.
51% attacks are, in theory, a major problem with Proof of Work (PoW) systems. However, in practice, once a blockchain is sufficiently developed, the risk approaches zero.
For new or small-cap digital currencies, once again, there is no real interest for hackers to conduct such an attack, as the price of the cryptocurrency can drop to 0 very quickly, preventing the group from reaping financial benefits.
『Wu』What is a 51% attack
A 51% attack is a potential crisis to Bitcoin (or other blockchain networks). The use of Bitcoin is to use computing power as competition The characteristics of the conditions are to use the computing power advantage to cancel the transaction that has already occurred. 51% of attackers will have enough mining pool computing power to deliberately exclude or tamper with the order of transactions.
If malicious actors or organizations control more than 50% of the hash rate of the entire network, they can override the network’s consensus mechanism and implement malicious behaviors such as double spending. A successful 51% attack can also allow the attacker to prevent some or all transactions from being confirmed (also referred to as: transaction denial of service), and can also prevent some or all other miners from continuing to mine, leading to a mining monopoly.
On the other hand, most attacks do not allow the attacker to prevent transaction broadcasts, nor do they allow reverse transactions from other users. Additionally, it is highly unlikely to alter block rewards, create coins out of thin air, or steal coins that never belonged to the attacker.
51% attackHow likely is it to hit?
The blockchain network is maintained by a decentralized and distributed node network, and requires all participants to work cooperatively in the process of reaching a consensus. This is also one of the main reasons why blockchain networks are highly secure. The larger the network, the better the defense, and the more advanced the ability to protect and defend against attacks and data corruption.
『Lu』 What kind of loopholes are there in the ag blockchain?
I am not sure whether there are any loopholes in the ag blockchain. However, blockchain technology itself is not perfect and may have various security risks and vulnerabilities. The following are some loopholes that may exist in the ag blockchain: Nao Meotong 1. Contract loopholes: A contract is a form of code in the blockchain that can automatically execute transactions in the contract. If there are loopholes in the contract, hackers may exploit these loopholes to attack, resulting in the loss of large amounts of funds. 2. 51% attack detection: If some nodes or miners control more than 50% of the computing power, they can control the entire blockchain network and tamper with transaction records and historical data. 3. DOS attack: A distributed denial of service (DOS) attack is an attack method that paralyzes the network by sending a large number of requests to the network. In blockchain networks, DOS attacks may cause transactions to fail to be executed or the network to shut down. 4. Privacy issues: Although blockchain technology itself is anonymous, if the user's personal identity information or address information is exposed, all related transaction records will also be exposed. 5. Consensus algorithm loopholes: The consensus algorithm in the blockchain determines how to confirm transactions through consensus. If there is a vulnerability in the consensus algorithm, the entire blockchain network may be attacked.『撒』 Is blockchain safe?
Hi, everyone, I am your Q&A assistant - Zi Xiaochen. Recently, blockchain resistance has been widely concerned and discussed. But there are many people who don’t know much about its safety. So today we will talk about the security issues of blockchain.
First of all, would you like to hear an easy-to-understand metaphor? A friend of mine joked: "Blockchain is like a password lock. Without a password, no one can open it." Although this is simple and interesting, it makes a lot of sense. Since the blockchain uses distributed ledger technology, data is stored in a huge network, and the transmission between each node uses asymmetric encryption, the blockchain has extremely high security, and third-party attacks are very vulnerable. difficult.
Secondly, of course there are some security issues that need attention. For example, hacker attack methods such as "51% attack" can pose a threat to the blockchain. In addition, there are also security risks in virtual currency trading venues, such as Bitcoin exchanges, and you need to pay attention to precautions. Therefore, when choosing a blockchain platform or participating in virtual currency transactions, you need to know more and consider carefully to avoid losses.
In short, blockchain is an open technology, which has huge advantages in ensuring data security and preventing tampering. But we also need to be wary of potentialTo avoid security risks, choose reliable platforms and exchanges to participate in cryptocurrency investments.
I hope my answer can help you better understand the blockchain and its security issues. If you have any questions or want to share your experience, please feel free to message me privately! Finally, don’t forget to like, comment and forward, follow my articles, more content is waiting for you!
『8』 A brief explanation of what a 51% attack is
You may subconsciously think that cryptocurrency is safe and reliable. How should I put it, even if cybercriminals frequently attack exchanges and hot wallets with incredible regularity, the underlying blockchain technology itself is naturally resistant to attacks, right?
Well, not really. Blockchains are vulnerable to so-called “51% attacks.”
A 51% attack (also known as a "majority attack") can occur when a group of miners control more than 50% of a token's hashing power (computing power). Actually, “51%” is actually a misnomer; a successful attack actually only requires 50% + 1 hashing power.
If a group can achieve such a high level of control, it can easily destroy the currency in the following ways.
Prevent new blocks from being created by not confirming
Undo completed transactions on the current block
Initiate a "double spend" on the network
50% + 1 is the hashing power required to ensure a successful attack. However, it is also possible to successfully conduct an attack with lower hash power. The security team used statistical modeling to show that when controlled hashing power reaches about 30%, the risk of vulnerabilities may start to increase.
Bitcoin, as well as several other major currencies, use a proof-of-work mechanism to verify transactions and broadcast them to the blockchain.
In the white paper, Satoshi Nakamoto, the founder of Bitcoin, succinctly summarized this process as "one CPU, one vote":
The essence of "proof of work" There is one CPU, one vote, and the longest chain represents the majority of judgments, because this chain has the largest amount of "proof of work" input. If the majority of the CPU power is controlled by honest nodes, the honest chain will grow faster than other competing chains.
You may have noticed the big problem in the above quote: "If most of the CPU power is controlled by honest nodes..."
When dishonest nodes Problems arise when the number exceeds honest nodes. In these cases, they can "vote out" legitimate miners, ensuring that they themselves control the longest chain, and thus the entire cryptocurrency.
Satoshi Nakamoto assumed that even if minersCan control more than 50% of the nodes, he may still "follow the rules" to protect his wealth:
If a greedy attacker has the ability to control more CPU computing power than honest miners, he will be Forced to choose between committing fraud to steal back what they paid for (Translator's Note: a double-spend attack), or generating (obtaining) new currency. He should find it more profitable to act by rules that help him acquire more new currency than everyone else combined, rather than disrupting the system and compromising the effectiveness of his own wealth.
Unfortunately, cybercriminals don’t exactly follow the rules. Since the release of Satoshi Nakamoto’s white paper, there have been numerous cases of 51% attacks.
So far we have used Bitcoin to illustrate how a 51% attack can occur.
However, while on a technical level Bitcoin is vulnerable, on a more practical level it is unlikely to fall victim to this attack for three reasons:
1. Cost
The Bitcoin network is huge, and obtaining enough hashing power for attacks requires a considerable amount of capital investment.
According to Crypto51, an hour-long hack of Bitcoin cost $237,941. The cost of an attack on Ethereum is equally prohibitive – it would cost $74,837.
2. Mining Pools
Today, the largest cryptocurrency mining pools are widely distributed.
This wasn’t always the case; in 2014, Ghash.io probably controlled 51% of Bitcoin’s hashing power. Bitcoin was obviously far less influential then than it is now, but it was still a cause for concern.
I have to say that Ghash.io is a reliable thief. They almost immediately gave up 10% of their computing power and asked the community to voluntarily limit their computing power to 40% to protect the long-term future of the blockchain. Integrity.
The hash power of the largest Bitcoin mining pools now hovers around 20%.
3. NiceHash
NiceHash is the world’s largest cryptocurrency mining computing power market.
According to Crypto51 estimates, the total power that NiceHash can generate is less than one percent of the total power of the Bitcoin network. Ethereum is 5% and Bitcoin Cash is 2%. The percentages for all major coins remain similarly low.
So even a weaponized NiceHash is not enoughForce to conduct 51% attack on mainstream coins.
When you look at smaller coins, things start to change dramatically.
Just like the top ten currencies by market capitalization, attacks on them are basically sky-high prices, and it is hard to say for the lower rankings. Its corresponding NiceHash percentage also begins to increase. There are also some worrying percentages for larger coins. 82% for Ethereum Classic, 79% for Monero…
The vulnerability of smaller coins came into focus when Bitcoin Gold suffered a 51% attack in May 2018.
Bitcoin Gold – a hard fork from Bitcoin in 2017 – was not even six months old at the time.
So much so that the project’s spokesman, Edward Iskraal, had to tell all exchanges that can trade Bitcoin Gold to increase the number of confirmations from 5 to 50 and manually review whether large transactions There is suspicious activity.
“The cost of a sustained attack is high. Because of the high cost, attackers can only profit by quickly obtaining something of high value from fake deposits. Like exchanges Venues like this can automatically accept large deposits, allowing users to quickly trade another currency and then automatically withdraw. Before liquidating trading funds, we have always recommended setting a cap to prevent such attacks, and urge manual review of large deposits on BTG ."
Over a long period of time, we are almost certain that the number of 51% attacks will continue to increase.
But is there a silver lining? It’s hard to say what tangible benefits the thousands of altcoins currently in existence bring to end users. If the crypto world can consolidate around some of the larger coins as a result, then a 51% attack may not be an absolute bad thing for the long-term health of the industry.
- 上一篇: bsc区块链是什么意思,bch区块链
- 下一篇: 区块链是一种分布式数据存储,区块链是一种分布式技术
