According to Thenextwebinformationinformation

, the decentralized prediction market platform Augur was revealed to have found a major vulnerability, hackers can use this to send tampered web pages to users and defraud users of tokens. Fortunately, the vulnerability was discovered by researchers from the vulnerability testing platform HackerOne, and Augur has officially patched the vulnerability.

This type of vulnerability is known as frame-jacking, and it manipulates HTML code to control how the Augur client displays data from an external source, such as a server. Users hijacked by the framework will see information on the page tampered with by hackers, including transaction data, wallet addresses, and market conditions. As a result, users will make wrong decisions, such as transferring money to the wrong (hacker) address when placing a bet.

Regarding the statement of Thenextweb, the domestic security team Slow Mist District put forward a more accurate statement after checking the Augur code.

This type of attack is very common on the Internet. In the blockchain, when a project ICO occurs, hackers use methods such as domain name hijacking and web vulnerabilities to tamper with the receiving address on the project's official website, and then the funds raised by the project fall into the hands of hackers.

andandthis time, the user interface (UI) of its client adopts a distributed storage design, and users store specific files related to software operations on their local computers, which makes the user interface easy to be obtained and tampered with by hackers at a single point.

text

at last,Bcsec Security TeamBcsec Security TeamBcsec Security Teamsuggestion,The security defense for the network layer is mainly improved from two aspects: P2P network security and network verification mechanism