Source: SlowMist Security Team
The blockchain industry is developing rapidly in 2019.The concepts of centralized exchanges / decentralized exchanges, DApps, staking, CeFi / DeFi, Web3.0, etc. have gradually become familiar, and the influx of large amounts of funds has continuously attracted the attention of underground hackers. Transfer to the blockchain industry. According to the statistics of the Slow Mist blockchain hacked.slowmist.io , in the whole year of 2019, there were more than 130 security incidents in the blockchain industry, and the cumulative loss of funds exceeded US $ 5 billion. Exchanges, wallets, and DApps became Hackers attack the hardest hit area.
- Security Monthly Report | More than 17 typical security incidents occurred in March, the prospects and risks of Ethereum Defi coexist
- China Net An Anhongzhang: Because of the blockchain, the era of password definition business is coming | Interview with Babbitt
- Windows Defender is found to be a security bug, and encrypted users may be at risk
- Difficulties and Solutions to Blockchain Security in Accidents
- Demystifying the IOTA mainnet suspension, bZx and SIM being hacked, doing so can improve account security
- White hat hackers are quietly emerging: repairing 20 cryptocurrency vulnerabilities in a month and winning $23,675
ETC suffers 51% attack
In the afternoon of January 5th, the ETC block with a height of 7245623 changed. On January 7th, the SlowMist security team disclosed that ETC was suspected of 51% attacks, and many blocks were rolled back. In just two days, In the meantime, the ETC network suffered a total of at least 11 suspected double-spend attacks, with an ETC value of approximately $ 460,000. On January 8, the Gate.io Research Institute announced that it had confirmed that the ETC network had been attacked by 51% and targeted the attack. The ETC address of the user.
Cryptopia goes bankrupt after attack
On January 14, the New Zealand cryptocurrency exchange Cryptopia was hacked. The hacker stole a total of 16 million US dollars worth of Ethereum and ERC20 tokens, and then suspended its platform services, 13 hours before the tweet was issued. The company has stated that "the platform is undergoing unplanned maintenance", suggesting that the exchange has been hacked. Police subsequently participated in an investigation into the hacking incident, and the Cryptopia exchange was unable to continue operations. In May of this year, the Cryptopia exchange announced the closure and filed for bankruptcy protection, and the exchange owed more than $ 2.7 million to creditors.
Many EOS DApps encounter transaction crowding attacks
In the early hours of January 11, 2019, EOS.WIN was hacked. The attacker of EOS.WIN uses a new attack method, which is a "transaction crowding attack". This attack method is the same as the previous attack method of bocai.game. The attacker first initiates a normal transfer transaction and then uses another contract account to detect the winning behavior. If the prize is not won, a large number of defer transactions are initiated to "crowd" the project's lottery transaction into the next block. This type of attack originates from the random number algorithm used by the project party to use the time seed, which makes the attacker increase the chance of winning, resulting in a successful attack.
DragonEx hacked loses over $ 6 million in cryptocurrency
Cryptocurrency exchange DragonEx issued an announcement saying that the platform wallet was hacked, resulting in the theft of digital assets of users and the platform, involving more than 20 mainstream digital assets such as BTC, ETH, EOS, XRP, TRX, and a total loss of more than $ 6 million.
With the development of cryptocurrencies, the hacker group Lazarus has become more and more interested in cryptocurrencies, and the number of hacking attacks has also increased, showing the nature of APT. Let hackers no longer have opportunities.
Bithumb stolen 3 million EOS and 20 million XRP
On March 29, South Korean cryptocurrency exchange Bithumb admitted to being hacked. An executive said that at around 10:15 pm local time on March 29, an abnormal withdrawal was detected in the hot wallet. Hackers stole about 3 million EOS, valued at about $ 13.4 million, and 20 million XRP, valued at $ 6 million. As early as June 2018, the exchange lost $ 31 million worth of cryptocurrencies due to hacking, and Bithumb suffered two hacked incidents in less than a year.
Binance stolen 7074 bitcoins
On May 8th, cryptocurrency exchange Binance issued a security announcement saying that on May 7th at 17:15:24, hackers stole 7,074 bitcoins (valued at approximately 40 million) from Binance Hot Wallet at block height 575012. US dollars). Hackers have previously discovered security vulnerabilities in the system, but have been patient until the system has a large amount of transactions.
TokenStore was blasted away, taking away billions of users' assets
On May 31, TokenStore issued an announcement saying that due to hacking, the system will be fully upgraded and maintained for 10 days, and emphasized that the platform will continue to operate no matter what happens. On June 10, many users in the community reported that TokenStore was suspected to be running 10 days after the announcement of the upgrade was announced, and billions of investors' funds were lost in a roll.
PlusToken runs away with about $ 2 billion in cryptocurrencies
On the evening of June 27, some investors found that their PlusToken wallet could not be withdrawn, and there were not many people who encountered the same problem. Some people found that the withdrawal time of as little as 10 minutes and up to 3 hours in the past has been unresponsive for several days, the app cannot be logged in, and the customer service is not online. It was later confirmed that PlusToken was running, and the scam had absorbed a total of more than 2 billion US dollars of cryptocurrencies, including 180,000 BTC, 6,400,000 ETH, 111,000 USDT, and so on.
Bitrue stolen 9.3 million XRP
At 1 am on June 27, Singapore-based crypto asset exchange Bitrue suffered a major hacking attack. Its hot wallet lost 9.3 million XRP and 2.5 million ADA. The value of the stolen XRP and ADA exceeded 4.5 million U.S. dollars and $ 23.75 million.
In the blockchain world, the gap between offense and defense is obvious. The defense capabilities of most exchanges are not enough to resist the invasion of professional underground hackers. The construction of security system is very complicated. The defense needs to be comprehensive, but the invasion can be broken through at a single point.
BitPoint stolen about $ 32 million worth of cryptocurrency
Bitpoint hacked on July 11. Hackers attacked the exchange's hot and cold wallets, stealing approximately $ 32 million worth of Bitcoin, Bitcoin Cash, Litecoin, Ripple, and Ethereum, of which about $ 23 million of digital currency belonged to the exchange. user. BitPoint said the number of victims was close to half of the total number of users on the exchange, up to 50,000. The exchange stated that it will bear all losses of users.
Third party issues lead to platform attacks
On July 5, the NPM official blog posted an article stating that the NPM security team cooperated with Komodo to discover and block malicious poisoning threats against all users of the cryptocurrency wallet called Agama. The attacker put a malicious package into Agama's build chain and used this method to steal the wallet private key and other login passwords used in the wallet application.
BitMEX, Binance user identity information leaked
On November 1, 2019, when BitMEX sent a platform email notification, the email addresses of all recipients of the email were leaked because no blind copy setting was used. Afterwards, a researcher posted on Twitter that more than 23,000 email addresses had been collected.
Binance user KYC data leak incident occurred in August 2019. Someone publicly released Binance user KYC data through the Telegram group "FIND YOUR BINANCE KYC". After that, Binance released news that the KYC data and Binance system information transmitted by the Telegram group. No, the picture does not have a Binance specific electronic watermark, and it cannot be proven that it is from Binance.
Upbit stolen 342,000 ETH
The South Korean exchange Upbit announced that 342,000 Ethereum were stolen and have been transferred to an unknown Ethereum address (0xa098 … 029) with a total value of about 50 million USD. Previously, according to on-chain data monitored by WhaleAlert, Upbit frequently transferred large amounts of cryptocurrencies, including SNT, EOS, OMG, XLM, TRX, ETH, etc., with a total value of more than $ 100 million. Subsequently, an official announcement clarified that only ETH was stolen by hackers, and the rest of the assets were transferred to the cold wallet by the exchange for security.
1. Inner ghosts commit crimes. Indeed, in the face of the magic of money, human nature can't stand the test, and the internal security and risk control construction of many exchanges is too lacking, which has prompted the inner ghosts to have sufficient motivation to commit crimes, leading to stolen coins;
2. Fake recharge vulnerability attack. Some exchanges have insufficient security experience on various public chains or tokens that are docked, leading to false funds in the recharge process, but the exchange system considers them to be true, resulting in stolen coins;
3. APT attack. Professional underground hackers use advanced phishing and Trojan implants to infiltrate layer by layer and eventually obtain the private key authority of the exchange, resulting in stolen coins;
4. Supply chain attacks. The third-party components used by the exchange were hacked with malicious code, which indirectly affected the exchange's security defense and led to stolen coins;
5. Carelessness. Due to the lack of security awareness of the personnel inside the exchange, system defects that should not have been exposed have been exposed, giving underground hackers the opportunity to cause stolen coins.
1. The human nature of internal staff, lack of safety awareness and safety experience;
2. The gap between offense and defense is obvious. The defense capabilities of most exchanges are not enough to resist the invasion of professional underground hackers.