Not long ago, the Cheetah Blockchain Center took inventoryBlockchain security incidents in September and October, in September and October, the attacks of hackers mainly focused on EOS and exchanges.
first level title
secondary title
Event history and security analysis
Event history and security analysis
On November 12, hackers invaded the certified "Blue V" Twitter accounts of film production companies, members of Congress, and even the Columbia Department of Transportation. By changing their names, avatars and uploading new content, they pretended to be Tesla CEO Musk himself. .
The hacker tweeted in the tone of Musk that he would resign as chairman of Tesla and send 10,000 bitcoins (nearly more than 60 million US dollars) to everyone in return.
The premise of participating in the activity is that you need to transfer a small amount of bitcoin (0.1-3) to the specified address to confirm the account information (this is very similar to domestic telecommunications and mobile fraud, give money first and then get gifts).
They even found a tweet to comment: "I just transferred 2.7 BTC and now I have received 54!", "I sent 0.50 BTC and got 5 back", "+25 BTC, thank you "
Before the tweet was deleted, there were tens of thousands of likes and retweets, and the wallet address had received more than $32,700 worth of bitcoins (according to the bitcoin price at the time).
secondary title
Thoughts from Safe Panther:
This method cannot be used as a means of attack. I prefer to call it a scam. Hackers make full use of and magnify the greed of human nature, and the ugly truth of impetuousness and quick success is clearly revealed in front of this simple temptation.
first level title
secondary title
Event background:
AurumCoin is a cryptocurrency backed by gold, and each token is pegged to pure 24K worth of gold. AurumCoin claims that for every token issued, 0.75 grams of gold will be deposited in a global security vault.
secondary title
Event history and security analysis
Event history and security analysis
On November 13, AurumCoin (AU) was attacked by 51% on the New Zealand digital currency exchange Cryptopia, with a loss of 15752.26 AU
AurumCoin officially tweeted: "We are not blaming cryptopia, but the fact is that the coins were indeed lost in cryptopia's wallet."
AurumCoin's attitude is that it insists that the Cryptopia exchange was hacked and that it suffered a 51% attack.
secondary title
Safety Leopard's view:
If the public chain using the POW consensus algorithm has insufficient computing power to participate in mining, the risk of being attacked by 51% is very high.
In the downturn of the overall market, some people even admitted that they had rented mining machines to carry out 51% attacks.
Therefore, users are reminded to be aware of these risks when choosing and using such cryptocurrencies.
first level title
event background
event background
secondary title
Event history and security analysis
Event history and security analysis
On October 29, the media claimed that MapleChange was hacked, resulting in the theft of 919 bitcoins (worth 6 million).
Since October 30th, MapleChange closed social media accounts and platforms, resulting in no way for users to withdraw coins
Then, the MapleChange founder was also lost, but later, community members found the CEO's home address and sent him to prison.
Since then, the MapleChange exchange officially stated that 919 bitcoins were not stolen, and only 8 bitcoins were stolen.
secondary title
Safety Leopard's view:
Although large-scale digital currency exchanges also have the risk of being attacked, they are relatively safe compared to small-scale transactions.
The reason is also very simple. Only when the exchange has a large enough transaction volume can it receive enough handling fees. With enough handling fees, it is possible to invest more in security construction and protection.
first level title
October 29, 2018 - Oyster Protocol
secondary title
Event history and security analysis
Event history and security analysis
On the afternoon of October 29th, reports of massive transfers and massive sell-offs of Oyster Pearl (PRL) tokens fermented on social media channels.
Turns out, in less than 8 hours, PRL trading volume surged from $156,351 to $1,577,860 — an increase of more than 900%.
But at the same time, the price of PRL fell by more than 63% — from $0.22 to $0.08.
Oyster officials issued a statement stating that the Oyster smart contract has passed 3 different audits and no loopholes have been found
But in a second statement, they say that "someone" took over ownership of the contract and successfully minted a new 3 million PRL tokens
It has been confirmed that this "someone" is actually the former co-founder and architect of the Oyster project
secondary title
Safety Leopard's view:
first level title
background
background
secondary title
security analysis
On October 31, analysts from the University of Maryland and Northeastern University released a code analysis report on Ethereum, which was supported by the National Science Foundation of the United States.
The study analyzed the bytecode of the smart contract for the first 5 million blocks in ETH (there are now over 6.8 million blocks).
The study found that currently, there are three times as many Ethereum smart contracts (not users) as all other public chain contracts combined.
secondary title
Safety Leopard's view:
Xiaobao believes that "open source" is a double-edged sword. It is a booster for the vigorous development of the blockchain and lowers the industry's entry barriers. However, it has to be said that it also more or less hinders innovation.
Xiaobao recommends that for most blockchain projects, at least one security expert must be assigned when forming a technical team, which can avoid many future risks.
