Inventory of blockchain security incidents in January and February

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Inventory of blockchain security incidents in January and February

猎豹区块链安全

2019-02-21 09:09

本文约3780字，阅读全文需要约15分钟

After 18 years of madness, the blockchain is slowly returning to rationality, and various landing application products are slowly coming out. For a nascent industry, experienced security incidents are essential.

Lead:Lead:

Therefore, Cheetah Blockchain Security will insist on taking stock of monthly security incidents, and while sorting out, it will also experience growth with everyone and the entire blockchain industry.

secondary title

event background

According to the plan, the Ethereum community was originally scheduled to conduct the Constantinople fork at block height 7,080,000, which is about January 16, 2019 in China. But on the eve of the upgrade (January 15th), ChainSecurity published a potential issue related to the Constantinople upgrade. Out of an abundance of caution, the Ethereum Foundation has decided to postpone this fork.reentrant vulnerability

secondary title

Event history and security analysis

· In order to better transition to the POS model in the future, the Ethereum Foundation decided to launch a transitional upgrade plan - the Constantinople upgrade. Because there is not much controversy within the Ethereum community, it will not lead to a hard fork, but a smooth transition to the next stage in a soft fork.

· The Constantinople upgrade includes a series of improvements such as reducing miner rewards, among which EIP 1283 will replace the original 1087, and adjust the net Gas metering of the SSTORE operation code.

· Although this seems to be a very friendly solution for developers, ChainSecurity has discovered hidden dangers: an attacker can use updateSplit to set the current split, and receive all funds with the first address (contract address); and call the splitFunds function , (this function will perform a check* and use transfer to send the entire deposit of this pair of addresses to the contract); from the callback function, the attacker can update the split again, this time allocating all funds to the attacker's second account; The execution of splitFunds continues and the entire deposit is also transferred to the second attacker account.

· Due to the decrease of Gas fee. Before the upgrade, each storage operation required at least 5000 gas. Far more than the 2300 gas fee sent when using transfer or send to call the contract.

After the upgrade, the attacker contract can use 2300 gas fee to successfully manipulate the variables of the vulnerable contract.

· Based on security considerations, after an in-depth discussion, Ethereum announced the postponement of the Constantinople upgrade plan at 12 am Pacific time

secondary title

first level title

secondary title

event background

As a hard fork product of The Dao event, it is the second largest fork chain in the world by market value. After the fork, ETC has been using the POW algorithm, but the computing power of the entire network has been at a relatively low level, which led to a 51% double-spending attack on the ETC main network on January 6.

Vulnerability type: 51% attack (double spending)

secondary title

Event history and security analysis

· On January 6, 2019, the security team warned the ETC team that there is a possibility of ETC being attacked by 51%. The next day, Coinbase officially determined that there were 15 attacks on ETC, 12 of which included double spending, with a total loss of 219,500 ETC (about 1.1 million U.S. dollars. Coinbase also temporarily closed ETC transactions.

· Through analysis, it is found that the victims of this incident are mainly two exchanges, Biture and Gate.io

· On January 14, Gate.io stated that ETC worth $100,000 has been returned.

secondary title

Essentially, there is no way to monitor 51% attacks in advance. If you want to completely eliminate 51% attacks, you can only find ways to increase the computing power of the entire network, or simply modify the consensus algorithm. From the perspective of a security company, it is possible to comprehensively judge the possibility of a public chain being hacked by 51% at a certain point in time by calculating the cost of purchasing computing power and the tokens that may be obtained by attacking, and then referring to the current currency price. Although it cannot be completely eliminated, once a 51% attack occurs, we can increase the number of confirmed blocks for each transaction and suspend the deposit and withdrawal of this currency to minimize the loss.

secondary title

event background

In January 2019, a series of guessing games on the EOS public chain were attacked by a new type of transaction blocking attack. The recruited applications include EOS.Win, FarmEOS, Shadow Dice, LuckBet, GameBet, EOSDice, STACK DICE and other popular DAPPs.Scale of loss:

About 20 cases, 5 million US dollarsblocking attack etc.

secondary title

Event history and security analysis

· Different from previous frequent random number or transaction rollback attacks and other contract-layer attacks, this is an attack launched by exploiting the flaws of the underlying public chain. After in-depth analysis, it is found that this is a fatal denial-of-service vulnerability that exists in the main network layer. Attackers can initiate a large number of garbage delayed transactions, which makes EOS network-wide super nodes (BP) unable to package other normal transactions, that is, by blocking transactions of normal users Then paralyze the EOS network.

· This is why a large number of EOS DApps were attacked in January.

secondary title

Safe Panther's View

There are not many developers of EOS at present, and even fewer mature developers. But for a public chain like EOS, this is a stage that must go through. Compared with last year, the number of Dapps and users on EOS has shown a surge. Coupled with the efforts of security companies, the future prospects are still very bright.

secondary title

event background

Cryptopia is a small exchange located in New Zealand. It is called C Network in the circle. The average daily trading volume is about 3 million US dollars, and more than 500 currencies are traded.Scale of loss:

Vulnerability type: private key disclosure

secondary title

Event history and security analysis

· On January 15, 2019 local time, the Cryptopia Exchange officially issued a notice that the exchange was attacked by hackers. The Cryptopia Exchange will shut down the exchange services, fully cooperate with the police investigation and try to recover the stolen funds.

According to public information, the stolen digital currency is mainly ETH and various ERC-20 tokens on the Ethereum blockchain, with a total value of about 16 million US dollars.

· According to various signs, the likely reason is that C network simply stores the private key on a certain server, and the hacker hacks the server, which makes C network unable to obtain the private key from the server.

secondary title

Safe Panther's View

In addition, as we all know, C network is famous in the industry for its variety of currencies. One of the reasons is that it is very simple and rude to list altcoins on C network. It only needs two steps of giving money (BTC) and voting, which leads to most of the coins on C network The transaction volume of this kind is very low, and it mainly becomes a paradise for brick-moving parties. The author thinks that this kind of listing model is very bad. I suggest that exchanges, large and small, must have a security audit process for the project before listing. This is the most basic and the embodiment of being responsible to users.

secondary title

Other security incidents of the exchange:

· On February 13, Coinbase issued a bug bounty worth $30,000. From the amount, it can be seen that the bug is a key system bug. This kind of bounty is very valuable to the industry. It is suggested that every exchange and public chain should provide similar incentives to promote progress in the security field.

secondary title

event background

The U.S. cybersecurity firm has tracked the notorious Ryuk ransomware, which spread across the internet, locked computer files, demanded bitcoin from victims, and created incentives for participants to spread the virus.Scale of loss:

Vulnerability Type: Ransomware

secondary title

· Event history and security analysis

In the past 5 months, the hacker group of GRIM SPIDER has received more than 705 BTC equivalent to $3.7 million through ransomware.

· The characteristic of ransomware virus is that once the computer is infected with the virus, all hard disk files will be encrypted and locked until the victim contacts the hacker and pays Bitcoin.

Some major media outlets in the U.S. were caught off guard during the New Year, leading to service suspensions, including the Los Angeles Times, San Diego Union-Tribune, Wall Street Journal, and New York Times

first level title

Summarize

As far as the current situation is concerned, security incidents in the industry have remained high. There are many reasons for this. For example, the technical standards and specifications of the blockchain industry are not uniform, and each company has its own infrastructure; the security awareness of developers and users It is not enough, both the enterprise team and the development team need to strengthen the training in this area; finally, there are still too few security organizations and professional security personnel in the industry, and in the face of endless hacker attacks, more security personnel are urgently needed to join.

安全

猎豹区块链安全

作者文库