区块链平台宣布被黑客攻击是真的吗,区块链平台宣布被黑客攻击了
近日,区块链平台宣布被黑客攻击,这一消息让众多区块链爱好者们大跌眼镜,也让众多玩家们担心自己的财产安全。那么,这到底是真的吗?本文将深入探讨这一话题,帮助大家了解这一现象。
一、区块链攻击的种类
首先,我们要了解的是,区块链攻击的种类有哪些?一般来说,区块链攻击分为三类:51%攻击、拒绝服务攻击和智能合约漏洞攻击。其中,51%攻击是指攻击者控制了网络上的51%节点,从而可以改变网络上的交易记录,甚至可以双花,即攻击者可以把一笔交易同时发送给多个地址,从而获取更多的资产。拒绝服务攻击则指攻击者利用技术手段,拒绝合法用户的访问,从而破坏区块链网络的正常运行。最后,智能合约漏洞攻击是指攻击者利用智能合约的漏洞,篡改或窃取资产。
二、区块链平台被黑客攻击是真的吗?
那么,区块链平台被黑客攻击是真的吗?从历史上看,区块链网络的安全性依然是一个悬而未决的问题,很多攻击事件都发生在区块链网络上。比如,2017年,比特币网络被攻击,攻击者成功窃取了5000万美元的资产;2018年,以太坊网络被攻击,攻击者成功窃取了1亿美元的资产;2019年,EOS网络被攻击,攻击者成功窃取了1000万美元的资产。可以说,这些攻击事件的发生,说明区块链平台被黑客攻击是真的,但是也不能完全否定区块链的安全性,因为每次攻击事件发生之后,区块链网络都会采取一系列措施,提高自身的安全性,从而防止这类事件的发生。
三、如何提高区块链网络的安全性
有了上面的了解,我们来看看,如何提高区块链网络的安全性?首先,要提高区块链网络的安全性,就要加强对智能合约的安全检查,以防止智能合约漏洞的发生;其次,要加强网络的安全防护,以防止攻击者控制网络上的51%节点;最后,要加强网络的安全监控,以及及时发现和处理攻击行为。
总之,区块链平台被黑客攻击是真的,但是我们也要看到,区块链网络也在不断改进,安全性也在不断提高,只要我们做好安全防范,就可以保障自己的财产安全。
请查看相关英文文档
㈠ How to solve blockchain security issues
One of the characteristics of blockchain projects (especially public chains) is open source. Open source code improves the credibility of the project and allows more people to participate. But the openness of source code also makes it easier for attackers to attack the blockchain system. There have been many hacker attacks in the past two years. Recently, the anonymous currency Verge (XVG) has been attacked again. The attacker has locked a vulnerability in the XVG code, which allows malicious miners to add false times to blocks. After stamping, new blocks were quickly mined, and nearly US$1.75 million worth of digital currency was obtained in just a few hours. Although the attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future.
Of course, blockchain developers can also take some measures
The first is to use professional code audit services,
The second is to understand safe coding standards and nip problems in the bud.
Security of cryptographic algorithms
The development of quantum computers will bring major security threats to the cryptographic systems currently used. Blockchain mainly relies on the elliptic curve public key encryption algorithm to generate digital signatures for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. cannot withstand quantum attacks in theory, and there will be greater risks. More and more Researchers are beginning to focus on cryptographic algorithms that are resistant to quantum attacks.
Of course, in addition to changing the algorithm, there is another way to improve security:
Refer to Bitcoin's handling of public key addresses to reduce the potential risks caused by public key leaks. As a user, especially a Bitcoin user, the balance after each transaction is stored in a new address to ensure that the public key of the address where Bitcoin funds are stored is not leaked.
Security of consensus mechanism
The current consensus mechanisms include Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS). , Practical Byzantine Fault Tolerance (PBFT), etc.
PoW faces 51% attack problem. Since PoW relies on computing power, when an attacker has a computing power advantage, the probability of finding a new block will be greater than that of other nodes. At this time, it has the ability to undo transactions that have already occurred. It should be noted that even in this case, the attacker can only modify his own transactions and not the transactions of other users (the attacker does not have the private keys of other users).
In PoS, an attacker can only successfully attack when he holds more than 51% of the token amount, which is more difficult than 51% of the computing power in PoW.
In PBFT, the malicious node is smaller than the total nodeThe system is safe at 1/3 of the point. In general, any consensus mechanism has its conditions for establishment. As an attacker, you also need to consider that once the attack is successful, the value of the system will be reduced to zero. At this time, the attacker has nothing to do except destroy it. Get other valuable rewards.
For designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to choose an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scenario.
Security of smart contracts
Smart contracts have the advantages of low running costs and low risks of human intervention. However, if there are problems with the design of smart contracts, it may cause greater losses. In June 2016, The DAO, Ethereum's most crowdfunded project, was attacked. Hackers obtained more than 3.5 million Ethereum coins, which later caused Ethereum to fork into ETH and ETC.
The measures proposed in this regard have two aspects:
The first is to conduct security audits of smart contracts,
The second is to follow the principles of safe development of smart contracts.
The security development principles of smart contracts include: be prepared for possible errors and ensure that the code can correctly handle bugs and vulnerabilities; release smart contracts with caution, do functional testing and security testing, and fully consider boundaries; maintain The simplicity of smart contracts; pay attention to blockchain threat intelligence and check for updates in a timely manner; be clear about the characteristics of blockchain, such as cautiously calling external contracts, etc.
Security of digital wallets
Digital wallets mainly have three security risks: First, design flaws. At the end of 2014, a serious random number problem (duplication of R values) caused users to lose hundreds of digital assets in a certain lottery. Second, digital wallets contain malicious code. Third, lost assets caused by loss or damage of computers and mobile phones.
There are four main countermeasures:
The first is to ensure the randomness of the private key;
The second is to verify the hash value before installing the software to ensure that the digital wallet software has not been tampered with ;
The third is to use a cold wallet;
The fourth is to back up the private key.
㈡ Who should bear the responsibility if the blockchain project money is defrauded by hackers
The person who was defrauded. If blockchain project money is defrauded by hackers, the person who was defrauded should bear the responsibility, because it was the result of his being deceived. Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
iii How did the currency circle know about hacker attacks for the first time?
Since the advent of cryptocurrency, it has been constantly attacked by hackers, which has continuously aroused the concern of investors. Worrying, just in February this year, Japanese digital currency exchange Coincheck had five billion US dollars worth of cryptocurrency stolen; in April, the AMO blockchain was hacked on the first day it went online, and the following currency circles are here to help. :How does the blockchain respond to hacker attacks?
How does the blockchain respond to hacker attacks?Hacker attacks?
Faced with the successive attacks from hackers, some exchanges appeared panicked, while others immediately took measures to fight back against the hackers' attacks. The most typical example is that Ethereum chose to hard fork the blockchain to get back all the Ethereum coins, effectively solving this problem.
At that time, The DAO established a crowdfunding platform based on Ethereum smart contracts, but hackers transferred Ethereum with a market value of US$50 million. Subsequently, in order to restore investor assets, the Ethereum community voted to change the Ethereum code. Therefore, Ethereum performed a hard fork at block 1,920,000, rolling back all Ethereum coins (including those owned by hackers).
Seeing this, some people may ask: What is a hard fork?
Let’s first understand why a fork occurs, mainly because of a new After the block is mined, the blockchain system will generate a new protocol, which is incompatible with the old protocol. A hard fork means that the new protocol will no longer allow the old protocol to continue to work. Just like Ethereum, the protocol was changed to get the funds back, so a hard fork occurred.
There are precedents, and Ethereum (ETH) and Ethereum Classic (ETC) are typical cases of hard forks. It can be seen that the blockchain can effectively ensure the security of user data and personal assets through hard forks, and respond to hacker attacks.
In addition, in addition to fighting back hacker attacks through hard forks, some exchanges have also proposed other solutions, such as blockchain scalability solutions, multi-signature technology, etc.
Blockchain scalability solution
Ethereum co-founder Vitalik Buterin proposed a blockchain scalability solution called Plasma Cash that can help transactions Resist hacker attacks. At the same time, he said: Users can exit the program through Plasma at any time during the transaction process and withdraw cash.
Therefore, even if hackers use Plasma Cash for transactions, user assets will not be lost, and even crypto exchanges may use this technology to resist hacker attacks.
Multi-signature technology
Hackers once disclosed that Coincheck did not even take some basic security measures when it was attacked. The stolen cryptocurrency is stored in an Internet-connected wallet, while the funds are stored in the hardware. This makes people worry about the wallet. How can you access your wallet more securely?
Someone A solution was proposed: multisig technology can be combined to achieve multi-signature resistance, just like multiple keys are needed to open a home. Multi-signature means that multiple keys are needed to perform a task, which can make it more difficult for hackers to obtain funds.
The above is about blockchain such asHow to deal with hacker attacks? However, the security of the above solutions still needs to be improved. These will be further answered and solved as the technology is updated. We will wait and see.
㈣ What should we do if our website is attacked by DDoS? We are engaged in blockchain. The website cannot be opened. How to solve it now?
This requires access to a professional high-tech Anti-traffic attack protection is based on: 1. It depends on whether it is a DDoS traffic attack or a CC attack. Anti-traffic attack is relatively crude and simple, and most companies use this type of local protection to compete for bandwidth resources. However, few CC attacks can be prevented and the protection effect is good. 2. Ruisu Cloud, a professional network security company, has reserved 4T+ high defense bandwidth resources. CC protection is based on unique signature analysis technology and customized protection based on the characteristics of the attack. It is also cloud protection and does not limit the source server region. It takes ten minutes. It can quickly access our Ruidun protection system, which can provide four-layer and seven-layer protection for various application systems, helping many well-known customers such as chess and card games, virtual currency exchanges, payments, and e-commerce to successfully resist hacker attacks. 3. Free access to the protection run-in. If the protection effect is satisfactory, formal cooperation can be carried out.
㈤ Will the blockchain be attacked by hackers?
Blockchain is a "consensus" implementation technology. Through the blockchain, all transactions on the Internet can be recorded for blocks. The users of the chain realize "consensus" and the information content on the chain "cannot be tampered with". This "non-tamperability" increases the cost of malicious tampering of content through the existence of multiple copies in the system. “Blockchain is not a privacy solution. It is a verification solution. It is very important to understand this. Blockchain can definitely be combined with other technologies to create various systems that help users better manage their data, but These systems cannot prevent data leaks." Blockchain technology can solve the problem of identity hacking because if your identity is controlled by a private key and you keep that private key yourself, then there is no way to hack your identity. Or at least the likelihood of an attack is very low compared to traditional database systems." Blockchains are all based on a mechanism, and the information on the blockchain is immutable. "One of the greatest values of blockchain is that you You cannot change the value at will as an administrator. No one controls the blockchain. This is short-term. "Technically speaking, blockchain alone may not be the solution to data hacking and identity theft, but it is still a major technological leap in personal information security, and information security changes from cyberspace to routine.
㈥ The answer to the currency circle: Cryptocurrency worth 4 billion yuan was stolen. How did the hackers operate
The hackers used a vulnerability in the blockchain data collaboration platform Poly Network to attack and successfully The 4 billion cryptocurrencies were stolen and transferred to other accounts. Currently, the entire platform is working intensively to catch these hackers, because once these currencies flow into the currency market, they will definitely cause great damage to the market, and even It will also affect the entireMarket fluctuations. Then the currency circle will cause a certain price drop.
Summary: The emergence of virtual currency undoubtedly provides a way for people's finance to develop, but this development path is bound to be full of risks and hardships, especially now The governments of various countries do not recognize this currency, resulting in this currency having no legitimacy at all. Therefore, when we choose to invest in this currency, we must keep our eyes open and decide whether to invest after careful consideration.
㈦ What happened when 360 discovered epic vulnerabilities in the blockchain?
Recently, the Vulcan team of 360 Company discovered a series of high-risk security vulnerabilities in the blockchain platform EOS. . It has been verified that some of these vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, they can directly control and take over all nodes running on EOS through remote attacks.
In the early morning of May 29, 360 immediately reported this type of vulnerability to EOS officials and assisted them in repairing the security risks. The person in charge of the EOS network stated that the EOS network will not be officially launched until these problems are fixed.
EOS super node attack: virtual currency transactions are completely controlled
In the attack, the attacker will construct and publish a smart contract containing malicious code, EOS The super node will execute this malicious contract and trigger the security vulnerability in it. The attacker then uses the super node to package the malicious contract into a new block, which in turn causes all full nodes in the network (alternative super nodes, exchange deposit and withdrawal nodes, digital currency wallet server nodes, etc.) to be remotely controlled.
Since the attacker has completely controlled the node system, the attacker can "do whatever he wants", such as stealing the key of the EOS super node, controlling the virtual currency transactions of the EOS network; obtaining other financial information in the EOS network participating node system. and private data, such as digital currencies in exchanges, user keys stored in wallets, key user information and private data, etc.
What's more, attackers can turn nodes in the EOS network into members of the botnet, launch network attacks or become free "miners" to mine other digital currencies.
Source: Technology News
Has the world’s largest Bitcoin exchange been hacked?
According to foreign media reports on December 13, Beijing time, the headquarters is located in Hong Kong’s world’s largest
“These Bitcoin trading markets cross national borders, and significant transactions may occur on systems and platforms outside the United States.” SEC Chairman Clayton said on Monday , “Without your knowledge, your investment funds may soon flow overseas. Therefore, this risk may be amplified, including that market regulators, such as the SEC, may not be able to effectively pursue these bad behaviors.” Or the funds may be recovered.”
This warning is at least reflected to a certain extent in the Bitcoin futures market. Tuesday, Cboe issueThe trading volume of Bitcoin futures contracts on the exchange fell sharply. This was the second day that the futures were listed for trading.
㈨ Binance black screen
Original title: Binance’s “48 Hours of Panic”
On March 7, 2018, it was destined to be the currency circle A day to remember.
In the early morning, Binance was reported to be out of order. Hackers stole Binance accounts and made away with at least 700 million yuan.
Following this, early on the morning of the 7th Beijing time, the U.S. Securities and Exchange Commission (SEC) issued an announcement reminding investors to pay attention to illegal platforms for digital asset trading, and stated that regulatory actions against such trading platforms would be tightened. . The SEC said: “These trading platforms provide mechanisms for trading assets and must comply with the definition of ‘securities’ under the federal securities laws. If the platform provides securities digital asset trading services and operates as an ‘exchange’ under the federal securities laws.”< br />
Then, the Japan Financial Services Agency issued 8 "clearance orders" in a row and issued 7 fines. 2 exchanges were directly shut down and 5 were required to make rectifications.
In one day, a series of accidental events occurred, and everyone in the currency circle was involved, making people panic.
On March 9, Xu Mingxing, founder of OKcoin, one of the world’s largest virtual currency exchanges, stated in the employee group that he is “ready to donate to the country at any time in the future.”
The whole story of the Binance incident
The failure occurred late at night.
At 1:40 a.m. on March 7, Beijing time, the digital currency exchange Binance was reported to have malfunctioned.
Many users posted on the forum that Binance was suspected of being hacked and suddenly dumped the cryptocurrencies in their accounts. They found that various tokens and digital currencies in their Binance accounts were instantly traded into BTC. According to media reports and analysis, this was an organized and premeditated hacking operation. The fault stems from some API robots being hacked. Hackers used stolen accounts to buy VIA (Vircoin) at a high price, causing VIA to explode by 110 times.
Binance immediately announced that it would suspend withdrawals of all currencies. However, the hacker did not choose to withdraw cash. Instead, he raised the currency value of VIA on Binance, triggering a chain reaction of currency prices on other exchanges. The hacker then profited from the short orders placed on other exchanges.
However, Binance official responded: "It was not stolen. API withdrawals require email confirmation. It was just sold. Now the situation has been stopped. The currency cannot be withdrawn. We are confirming why these users have problems. .”
The stolen person wanted to roll back the transaction, but Binance stated that because the counterparty was not a hacker account, the transaction could not be rolled back, and the loss would be borne by the user.
Binance is currently the second largest virtual currency exchange by trading volume, second only to OKEx. This security failure not only caused Binance’s credibility to plummet, but also caused major exchanges toExchanges are being questioned. "Playing with decentralized blockchain virtual currency on a centralized trading platform is ironic in itself." Some netizens said.
According to statistics from CoinMarketCap.com, affected by this incident, the top ten digital currencies fell across the board, and digital currencies fell into a continued general decline.
- 上一篇: 区块链测试是什么意思?,区块链测试工具
- 下一篇: 区块链注册有风险吗,区块链公司注册