Position: Home page » Blockchain » Attack on blockchain
Attack on blockchain
Publish: 2021-05-13 11:28:13
1.
Although driven by the influx of capital and talents, the blockchain instry ushered in rapid development, but as an emerging instry, the frequent warning of its security vulnerabilities caused people to worry about the risk of blockchain
Yu Kequn, director of the national information technology security research center, pointed out that the emergence of blockchain has brought people a lot of expectations for privacy exposure, data leakage, information tampering, network fraud and other issues. However, there are still many challenges in the security of blockchain 
Li Bin, assistant director of China Information Security Evaluation Center, analyzed that the current blockchain is divided into three types: public chain, private chain and alliance chain. No matter which type, it faces security challenges in algorithm, protocol, use, time limit and system. What is particularly critical is that the current blockchain is still facing 51% attack problem, that is, nodes can successfully tamper and forge blockchain data by mastering more than 51% of the network examples
it is worth noting that in addition to external malicious attack risk, blockchain also faces the threat of its endogenous risk. Yu Kequn reminded that how to build a complete security application system around the equipment, data, application, encryption, authentication and authority of the application system of the whole blockchain is an important problem that all parties must face
Wu Jia also analyzed that as an emerging instry, employees in the blockchain instry are lack of safety awareness, which leads to the low safety factor of the software and hardware related to the blockchain and a large number of security loopholes. In addition, there are many ecological links in the whole blockchain. In contrast, the strength of the relevant security employees is scattered and it is difficult to form a joint force to solve the problem. A systematic solution is needed to meet the above challenges
content source: zhongxin.com
2. One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring great security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can only attack successfully when they hold more than 51% of the token, which is more difficult than 51% of the computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring great losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contracts, and the other is to follow the principles of smart contract security development
the security development principles of smart contract are: be prepared for possible errors to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
the second is to verify the hash value before software installation to ensure that the digital wallet software has not been tampered with
the third is to use cold wallets
the fourth is to back up the private key.
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring great security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can only attack successfully when they hold more than 51% of the token, which is more difficult than 51% of the computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring great losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contracts, and the other is to follow the principles of smart contract security development
the security development principles of smart contract are: be prepared for possible errors to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
the second is to verify the hash value before software installation to ensure that the digital wallet software has not been tampered with
the third is to use cold wallets
the fourth is to back up the private key.
3. There are patches
this problem is actually very simple
your graphics card is OK! But the vertical synchronization of the graphics card is not off, so the FPS is very low. You can turn off the vertical synchronization in the properties of the graphics card
it must be this problem
the properties of the graphics card can be found by right clicking on the desktop, and then properties - Settings - Advanced<
vertical synchronization is off
in the 3D settings of the graphics card
this problem is actually very simple
your graphics card is OK! But the vertical synchronization of the graphics card is not off, so the FPS is very low. You can turn off the vertical synchronization in the properties of the graphics card
it must be this problem
the properties of the graphics card can be found by right clicking on the desktop, and then properties - Settings - Advanced<
vertical synchronization is off
in the 3D settings of the graphics card
4. Both indivials and enterprises can purchase alicloud servers and develop an app. However, real name authentication is required. Personal real name certification and enterprise real name certification, after passing the certification, you can easily choose cloud computing procts. Leave a message or see the content of the blog, Lao Wei has written many detailed articles, which can help you get started.
5. In a simple explanation, 51% attack is also called majority attack. It means that malicious miners control more than 50% of the hash rate of the blockchain network, and then attack the network and take over the blockchain network, so that criminals can reverse transactions, stop payment or prevent new transactions from being confirmed
for more information about 51% attacks, you can learn about them on the password finance network,
for more information about 51% attacks, you can learn about them on the password finance network,
6. How to protect my bitcoin after bifurcation
if bitcoin really forks, as an ordinary user, the biggest risk is replay attack
what is replay attack? If bitcoin is split into one or more bitcoins, such as btc1 / btc2 / btc3, each bitcoin account will have a corresponding number of all bifurcated coins according to its bitcoin balance
because the address, private key, algorithm, etc. on each chain are the same, and the transaction format is also the same, the transaction initiated on one blockchain can be broadcast on another blockchain and may be confirmed. This is the "replay attack."
in short, when you transfer btc1, your btc2 / btc3 may also be transferred at the same time
however, at present, many forked coins have done two-way anti replay attack processing to avoid the risk of replay attack after forking.
if bitcoin really forks, as an ordinary user, the biggest risk is replay attack
what is replay attack? If bitcoin is split into one or more bitcoins, such as btc1 / btc2 / btc3, each bitcoin account will have a corresponding number of all bifurcated coins according to its bitcoin balance
because the address, private key, algorithm, etc. on each chain are the same, and the transaction format is also the same, the transaction initiated on one blockchain can be broadcast on another blockchain and may be confirmed. This is the "replay attack."
in short, when you transfer btc1, your btc2 / btc3 may also be transferred at the same time
however, at present, many forked coins have done two-way anti replay attack processing to avoid the risk of replay attack after forking.
7. Heteromorphic attack, also known as address pool pollution, refers to the intrusion and pollution of nodes between similar blockchain systems. This is an attack that most public chains are likely to face. The opportunity of this attack is that many public chains have handshake protocols with similar chains, and then the system can not identify whether the node belongs to its own chain. The attacker can use this point to collect the address of the public chain and make a malicious handshake, contaminate the address pool through the node handshake, so that the nodes of different chains shake hands with each other and push the known nodes in their respective address pools to each other, causing more nodes to contaminate each other and eventually spread to the whole network. The communication performance of the node under heteromorphic attack will decline, and the node will be blocked, which will eventually lead to the abnormality of the main network. The security of blockchain system is not only provided by technology itself, but also provided by developers. The more careful the program logic designed by developers, the lower the possibility of being broken. Therefore, if you need to develop a system, you must find a reliable development company. Xuanling technology is a reliable blockchain development company. Their strength and experience in blockchain development are trustworthy. If you have any intention, you can consult their company.
8. The result of these two attacks is that the other party's system is out of service or crashed e to information overload. But DoS attack is a single server attack, while DDoS attack is distributed multiple servers attack, the success of the attack is higher. The application of blockchain technology should be more and more, so it is necessary to understand the knowledge of blockchain. It is recommended that you go to the official website of Xuanling technology. This website has many popular science and application posts of blockchain technology, which should be of great help to blockchain learning.
9. Replay is also called replay. As the name suggests, it means that the same message or data is sent twice or more. If the receiver does not take relevant measures to continuously receive the information, it will not be able to effectively identify that the data has been received, which will bring replay vulnerability. Replay attacks mainly occur after the forking of the blockchain, because the two sides after the forking still keep the data before the forking, so the same transaction can be done on both sides after the forking, so it is difficult to distinguish whether the information has been received. Replay attack is mainly used in identity authentication, which can destroy the correctness of authentication, fish in troubled waters, enter the system and steal system data. Although blockchain is considered to be a relatively secure data storage technology at this stage, there are many ways to attack it, so it is also very important for the maintenance of the system. Xuanling technology has a lot of experience in the field of blockchain development, and they have a perfect after-sales maintenance mechanism, which can ensure the maximum security of the system.
10. I use Duoo cloud. I have downloaded Android version and IOS version, and this is the lowest quoted cloud on the market. I can see all kinds of free scripts from it
points can be obtained from direct missions: land of demonization, bounty mission, dark cave and cave plunder. Among them, the land of demonization and bounty missions give more, so you must finish all the activity every day. Only when you have activity can you enter the land of demonization to brush experience and integral gems.
points can be obtained from direct missions: land of demonization, bounty mission, dark cave and cave plunder. Among them, the land of demonization and bounty missions give more, so you must finish all the activity every day. Only when you have activity can you enter the land of demonization to brush experience and integral gems.
Hot content