Blockchain attack

1.

One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future

of course, blockchain developers can also take some measures

one is to use professional code audit services,

the other is to understand the security coding specifications and take preventive measures

the security of cryptographic algorithm

with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks

of course, in addition to changing the algorithm, there is another way to improve the security:

refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked

security of consensus mechanism

the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc

POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)

in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow

in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction

for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene

security of smart contract

smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc

there are two aspects of the proposed measures:

one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development

the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully

security of digital wallet

there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones

there are four main countermeasures:

one is to ensure the randomness of the private key

The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with

The third is to use cold wallet

The fourth is to back up the private key

2.

Recently, Vulcan team of 360 company found a series of high-risk security vulnerabilities in EOS, a blockchain platform. It is verified that some of the vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, they can directly control and take over all nodes running on EOS through remote attacks

In the early morning of May 29, 360 reported this kind of vulnerability to EOS official for the first time, and assisted it to repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these problems are fixed

EOS super node attack: the virtual currency transaction is completely controlled

in the attack, the attacker will construct and publish a smart contract containing malicious code, and the EOS super node will execute the malicious contract and trigger the security vulnerability. The attacker then uses the super node to pack the malicious contract into a new block, resulting in the remote control of all nodes in the network (alternative super node, exchange recharge withdrawal node, digital currency wallet server node, etc.)

because the system of the node has been completely controlled, the attacker can "do whatever he wants", such as stealing the key of the EOS super node and controlling the virtual currency transaction of the EOS network; Obtain other financial and privacy data in the participating node system of EOS network, such as digital currency in the exchange, user key stored in the wallet, key user information and privacy data, etc

What's more, an attacker can turn a node in the EOS network into a member of a botnet, launch a network attack, or become a free "miner" to extract other digital currency

source: Science and Technology News

3. Both indivials and enterprises can purchase alicloud servers and develop an app. However, real name authentication is required. Personal real name certification and enterprise real name certification, after passing the certification, you can easily choose cloud computing procts. Leave a message or see the content of the blog, Lao Wei has written many detailed articles, which can help you get started.

4. It is said that they made the fresh sweet scented osmanthus by themselves. They have been taught patent research for more than ten years and published papers. It is estimated that other families do not have them...

then it seems that the proct does have the flavor of sweet scented osmanthus, but it is lighter, the color is still transparent, there is no yellow or orange in imagination, and there is no petal, high technology, Don't you understand?

5.

Osmanthus fragrans doesn't belong to Osmanthus fragrans. Cigui, also known as Huaye tree, mouse thorn; It is a plant of Ilex family. Evergreen shrubs or small trees, landscaping tree species. It is mainly distributed in the middle and lower reaches of the Yangtze River in China

There are four groups of Osmanthus fragrans, namely Dangui, Jingui, Yingui and sijigui. Among them, Osmanthus fragrans, Osmanthus fragrans and Osmanthus fragrans all bloom in autumn and are collectively called August osmanthus. Generally, it takes at least 10 years for Osmanthus fragrans seedlings to bloom in open field. For newly transplanted seedlings, it is not allowed to apply fertilizer too early. Sowing seedlings, after two years of cultivation, the next spring can be transplanted, flowering period in ten years

6. In a simple explanation, 51% attack is also called majority attack. It means that malicious miners control more than 50% of the hash rate of the blockchain network, and then attack the network and take over the blockchain network, so that criminals can reverse transactions, stop payment or prevent new transactions from being confirmed
for more information about 51% attacks, you can learn about them on the password finance network,

7. How to protect my bitcoin after bifurcation
if bitcoin really forks, as an ordinary user, the biggest risk is replay attack
what is replay attack? If bitcoin is split into one or more bitcoins, such as btc1 / btc2 / btc3, each bitcoin account will have a corresponding number of all bifurcated coins according to its bitcoin balance
because the address, private key, algorithm, etc. on each chain are the same, and the transaction format is also the same, the transaction initiated on one blockchain can be broadcast on another blockchain and may be confirmed. This is the "replay attack."
in short, when you transfer btc1, your btc2 / btc3 may also be transferred at the same time
however, at present, many forked coins have done two-way anti replay attack processing to avoid the risk of replay attack after forking.

8. Heteromorphic attack, also known as address pool pollution, refers to the intrusion and pollution of nodes between similar blockchain systems. This is an attack that most public chains are likely to face. The opportunity of this attack is that many public chains have handshake protocols with similar chains, and then the system can not identify whether the node belongs to its own chain. The attacker can use this point to collect the address of the public chain and make a malicious handshake, contaminate the address pool through the node handshake, so that the nodes of different chains shake hands with each other and push the known nodes in their respective address pools to each other, causing more nodes to contaminate each other and eventually spread to the whole network. The communication performance of the node under heteromorphic attack will decline, and the node will be blocked, which will eventually lead to the abnormality of the main network. The security of blockchain system is not only provided by technology itself, but also provided by developers. The more careful the program logic designed by developers, the lower the possibility of being broken. Therefore, if you need to develop a system, you must find a reliable development company. Xuanling technology is a reliable blockchain development company. Their strength and experience in blockchain development are trustworthy. If you have any intention, you can consult their company.

9. The result of these two attacks is that the other party's system is out of service or crashed e to information overload. But DoS attack is a single server attack, while DDoS attack is distributed multiple servers attack, the success of the attack is higher. The application of blockchain technology should be more and more, so it is necessary to understand the knowledge of blockchain. It is recommended that you go to the official website of Xuanling technology. This website has many popular science and application posts of blockchain technology, which should be of great help to blockchain learning.

10. Replay is also called replay. As the name suggests, it means that the same message or data is sent twice or more. If the receiver does not take relevant measures to continuously receive the information, it will not be able to effectively identify that the data has been received, which will bring replay vulnerability. Replay attacks mainly occur after the forking of the blockchain, because the two sides after the forking still keep the data before the forking, so the same transaction can be done on both sides after the forking, so it is difficult to distinguish whether the information has been received. Replay attack is mainly used in identity authentication, which can destroy the correctness of authentication, fish in troubled waters, enter the system and steal system data. Although blockchain is considered to be a relatively secure data storage technology at this stage, there are many ways to attack it, so it is also very important for the maintenance of the system. Xuanling technology has a lot of experience in the field of blockchain development, and they have a perfect after-sales maintenance mechanism, which can ensure the maximum security of the system.