System vulnerability of blockchain trading platform

1. Sharing source: DTV
the centralized trading platform covers the whole trading process including account opening, recharge, automatic transfer and transaction withdrawal. That is to say, when we put our digital assets into the address of the trading platform, the trading platform becomes the trustee of our digital assets, and the control of the actual assets is in the hands of the trading platform
different from the centralized trading platform, the decentralized platform does not need to register an account. It only needs to undertake the responsibilities of asset custody, matching transaction and asset clearing, and does not need to provide non trading function, account system, kcy and legal currency exchange functions like the centralized exchange; On the other hand, in the decentralized trading platform, all operations are realized through smart contracts, and this transaction needs to wait for the confirmation of the blockchain before it is successfully completed

based on the above attributes, the decentralized platform avoids the moral hazard of the trading platform and the centralized attack of hackers to a certain extent. However, in this trading mode, the security of assets depends on the users themselves.

2. The analysis of Chongqing jinwowo network is as follows:
each node on the blockchain can verify the integrity and authenticity of the account book to ensure that all transaction information is not tampered with, true and effective
every node on the blockchain keeps copies of all transaction information. When the number of data and participants on the blockchain is very large, the cost of modifying information will be very high. At least 51% of the computing power of the whole network is needed to modify information, and the modification cost may far exceed the expected revenue
when the information of some nodes is maliciously tampered with, other nodes on the blockchain will find the information that has not formed a "consensus" in a short time and maintain and update it.

3.

Recently, Vulcan team of 360 company found a series of high-risk security vulnerabilities in EOS, a blockchain platform. It is verified that some of the vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, they can directly control and take over all nodes running on EOS through remote attacks

In the early morning of May 29, 360 reported this kind of vulnerability to EOS official for the first time, and assisted it to repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these problems are fixed

EOS super node attack: the virtual currency transaction is completely controlled

in the attack, the attacker will construct and publish a smart contract containing malicious code, and the EOS super node will execute the malicious contract and trigger the security vulnerability. The attacker then uses the super node to pack the malicious contract into a new block, resulting in the remote control of all nodes in the network (alternative super node, exchange recharge withdrawal node, digital currency wallet server node, etc.)

because the system of the node has been completely controlled, the attacker can "do whatever he wants", such as stealing the key of the EOS super node and controlling the virtual currency transaction of the EOS network; Obtain other financial and privacy data in the participating node system of EOS network, such as digital currency in the exchange, user key stored in the wallet, key user information and privacy data, etc

What's more, an attacker can turn a node in the EOS network into a member of a botnet, launch a network attack, or become a free "miner" to extract other digital currency

source: Science and Technology News

4. Stolen currency and being attacked should be a headache for the exchange and it is difficult to avoid. Large exchanges usually set up their own technical team to develop the transaction payment system. Small and medium-sized exchanges can dock with third-party technical service providers, so the cost of R & D and operation and maintenance is relatively low
the exchange I am familiar with uses the currency payment enterprise version, which is a digital asset security payment system. The general principle is to store the private key locally, bind the exchange's unique client with multiple encryptions, and the system itself does not save the private key, so as to prevent the possibility of digital currency theft from the source. It is also convenient to operate, with unified management of Multi Chain and multi currency and convenient reconciliation
hope to adopt.

5.

On June 8, 360 exposed the high-risk vulnerability of EOS, which caused a lot of hot discussion among networks. In the early morning of June 2, Beijing time, EOS officially acknowledged to the 360 security team and offered a reward of US $30000, strongly calling on the security community to work together to ensure the continuous improvement of EOS software security

360 exposed EOS vulnerability, if exploited, can control every node and every server in the EOS network, not only take over the virtual currency, various transactions and applications in the network, but also take over all participating servers in the node. It can be said that if someone makes a malicious smart contract, all the digital currencies in it can be taken away directly

the attack of EOS vulnerability can spread among multiple nodes and super nodes at the speed of seconds. The continuous propagation from the control node to the generation of new blocks is a continuous and chain explosion action. It is likely to take over all nodes and complete the operation in 20 seconds

imagine that when the attacker has obtained the supreme authority in the entire EOS network, it is equivalent to mieba putting together all six cosmic protoliths, and can change rapidly in the universe and do whatever he likes

source: China News

6. It's useless to just delete, because there is no solution to the vulnerability
the suggestion is to redo the system, and then find the guardian God to reinforce the system security for you, so as to completely plug the loopholes.

7. It's not true. Money won't fall from the sky. Don't think too much. If you can make money by wechat, you will know these routines.

8.

It was reported on May 29 that recently, Vulcan team of 360 company found a series of high-risk security vulnerabilities in EOS, a blockchain platform. It is verified that some of the vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, they can directly control and take over all nodes running on EOS through remote attacks

the hidden dangers of blockchain network security need to be paid attention to

EOS is a new blockchain platform known as "blockchain 3.0". At present, its token market value is as high as 69 billion yuan, ranking fifth in the global market value

in the blockchain network and digital currency system, nodes, wallets, mines, exchanges and smart contracts all have many attack surfaces. 360 security team has found and exposed several serious security vulnerabilities for digital currency nodes, wallets, mines and smart contracts

this time, the 360 security team found a series of new security vulnerabilities in the smart contract virtual machine of EOS platform, which is a series of unprecedented security risks. No security researchers have found such problems before. This type of security problem not only affects EOS, but also may affect other types of blockchain platforms and virtual currency applications

360 expressed the hope that through the discovery and disclosure of this vulnerability, the blockchain instry and security peers will pay more attention to the security of such issues, and jointly enhance the security of the blockchain network

content source: surging news