Blockchain exchange attacked

1. Sharing source: DTV
the centralized trading platform covers the whole trading process including account opening, recharge, automatic transfer and transaction withdrawal. That is to say, when we put our digital assets into the address of the trading platform, the trading platform becomes the trustee of our digital assets, and the control of the actual assets is in the hands of the trading platform
different from the centralized trading platform, the decentralized platform does not need to register an account. It only needs to undertake the responsibilities of asset custody, matching transaction and asset clearing, and does not need to provide non trading function, account system, kcy and legal currency exchange functions like the centralized exchange; On the other hand, in the decentralized trading platform, all operations are realized through smart contracts, and this transaction needs to wait for the confirmation of the blockchain before it is successfully completed

based on the above attributes, the decentralized platform avoids the moral hazard of the trading platform and the centralized attack of hackers to a certain extent. However, in this trading mode, the security of assets depends on the users themselves.

2. Blockchain exchange
you mean platform trading. Domestic illegal, international and mostly deceptive, you find the well-known ones. There is a special introction to blockchain network. Remember to be legal, otherwise you can't withdraw cash and it's useless to make money.

3.

Blockchain is a new technology, not a disguised form of MLM. It is just claimed by many MLM organizations as "blockchain". In fact, there is no technology. It's just a practice of MLM under the name of "blockchain". The state has issued several announcements to crack down on this kind of MLM. The following is the Xinhua news report on MLM of blockchain:

blockchain is not equal to virtual currency, but also has security risks. Behind the popularity, there is exaggeration with "ulterior motives". Only by removing the flashiness, can the blockchain return to its real application value

invest 80000 yuan, change to 800000 yuan after three months? Shenzhen police cracked a huge fund-raising fraud. Under the guise of blockchain concept and 10 times income, thousands of investors were deeply involved in the case, involving up to 307 million yuan. Under the "veil of mystery" of the blockchain, the illegal elements have taken advantage of their own tricks, and the blockchain has become a "signboard" of economic crimes such as fraud and pyramid selling

why is the blockchain repeatedly "misused" by illegal activities such as pyramid selling fraud? In addition to "unknown", what is the "function" of blockchain technology itself? Since the beginning of this year, with the increase of supervision and the cooling of currency speculation, new opportunities have been brought to the development of blockchain. How about the implementation of blockchain commercial "application" The reporter of outlook news weekly recently concted an investigation

when the three-month "capital release period" promised by the trading platform expired and the staff began to "kick" in the QQ group, Tang Haiyan, who lives in Bao'an District of Shenzhen City, realized that she might have been cheated

previously, Tang Haiyan invested 80000 yuan to buy a virtual currency called "ordinary silver coin" under the introction of her classmates“ The other side said that this currency is the most advanced blockchain technology at present, with Tibetan tea as collateral. He also showed me the "technical white paper". I didn't understand blockchain, so I didn't read it carefully. "

although she doesn't know about blockchain and virtual currency, the high investment income makes Tang Haiyan full of expectations. She told reporters that companies issuing "ordinary silver coins" will regularly split the virtual currency according to the ratio of 1:10, which means that each split will make the value of "ordinary silver coins" in the hands of investors expand 10 times. As long as after a split, her investment of 80000 yuan is equivalent to the purchase of 800000 yuan worth of "ordinary silver coins", which can be sold on the trading platform to obtain huge profits

according to the rules of the trading platform, the newly purchased "ordinary silver coin" cannot be traded immediately, and it must be frozen on the platform for three months before it can enter the "release period". However, after three months, not only did Tang Haiyan not wait for the assets to double, but the 80000 yuan frozen on the platform could not be used for trading

"other investors began to question the authenticity of this investment in QQ group. As a result, the staff of the company kicked these investors out one by one, which made me feel bad." She said

The fact also proves Tang HaiYan's intuition. At the end of March 2018, Shenzhen police detected a huge fund-raising fraud, with the amount of fraud funds as high as 307 million yuan. In this case, Shenzhen Puyin blockchain Group Co., Ltd. involved in the case issued virtual currency in the mode of "blockchain + Tibetan tea" to obtain public deposits. Tang Haiyan was one of the thousands of victims

Shenzhen police investigation found that the company claimed that investors could buy and sell "ordinary silver coins" on the virtual trading platform "jucoin net" to earn a price difference

. In fact, the change of its trading price is that the company used investors' investment funds for behind the scenes operation, and once raised the price of "ordinary silver coin" from 0.5 yuan to 10 yuan, so that investors can taste some sweetness. When a large number of investors entered the market, the company continued to cash out through malicious manipulation of the price trend of "ordinary silver coin", which eventually led to the worthlessness of "ordinary silver coin" in the hands of investors

since 2018, engaging in fraud and pyramid selling under the banner of blockchain has become a common "routine" in new criminal tactics. In April 2018, Jinan police dropped a pyramid selling Gang under the guise of "western development", "national poverty alleviation", "original stocks", "blockchain" and "e-commerce", arrested more than 10 major suspects, frozen more than 100 accounts involved, and seized more than 300 million yuan of funds involved

according to Jinan police, huileyi e-commerce company designed a fake virtual disk on the Internet on the ground that the country is vigorously developing the big data instry, and released a variety of virtual currencies such as "precious currency" and "precious currency"

under the guise of giving away, they presented a certain amount of virtual currency to the New MLM staff, with the price of tens of yuan each. Then, through artificial manipulation, they appreciated the virtual currency all the way to more than 100 yuan or even hundreds of yuan, attracting people who did not know the truth to join. Finally, they "cut leeks" through the periodic fluctuation of the so-called "devaluation" of virtual currency, Finally, the purpose of seeking illegal interests is achieved

in Xi'an, a few days ago, the local police successfully cracked a huge network pyramid selling case under the banner of blockchain. According to the police, the suspect, Zheng Mou, has paid a high salary to the 9 network members, such as Zhang and Lee. Since March 28, 2018, he has gathered pyramid selling and network pyramid selling as a means to sell the virtual Datang coins at the consumption era network platform at the price of 3 yuan each, and manipulate the appreciation rate; p>

at the same time, promotion meetings were held in many cities at home and abroad to attract members. According to the development of members, 28 level agents were set up. In just 18 days, the gang developed more than 13000 registered members. At present, it has been found that the case involves 31 provinces, cities and autonomous regions in China, and the fund involved is as high as 86 million yuan

according to Tencent's 2017 pyramid selling situation awareness white paper released by Tencent security joint laboratory, in recent years, all kinds of overseas capital disk, virtual currency and ICO (initial public offering token financing of blockchain project) projects have emerged in an endless stream, which hide many risks such as illegal issuance, untrue projects, cross-border money laundering, fraud and pyramid selling, As a result, a large number of funds flow overseas. Once the market collapses, runs away or loses contact, investors often have no way to complain and the losses are difficult to recover. For example, Baichuan coin, mark coin, beta coin, dark coin, etc

the reporter of lookout Newsweek interviewed in Guangdong, Shandong, Shanghai and other places and learned that most people know that the concept of blockchain is very popular, but they "don't know where it is", and there are different opinions on the specific functions of blockchain: some people think it is used for "investment and financing", "buying and selling currency", while others think it is "a major invention of the same magnitude as the steam engine", Some entrepreneurs are even more eager to seize this "once-in-a-lifetime opportunity to get rich."

many people in the instry said that it is precisely because people have many misunderstandings about blockchain that criminals have opportunities to fish in troubled waters and mislead investors

First, blockchain is not equal to virtual currency. By the end of last year, the number of domestic ICO participants and the total volume of transactions have doubled, a large number of digital currency exchanges have fled overseas, and the agent investment mode has involved more ordinary people in high-risk investment

in many instries, we media and celebrities form interest alliances with issuers and digital exchanges to endorse and create public opinion for the "air currency" project. In December last year, nine departments including the people's Bank of China identified ICO as "suspected of illegal fund-raising, financial fraud, pyramid selling and other illegal and criminal activities"

in the interview, many people told our reporter that the existence of token has built a set of rights and interests mechanism for the development of blockchain technology, which is indispensable for stimulating the prosperity of blockchain applications“ The market practice in the past five years has proved that blockchain applications without equity mechanism are just like market economy without computers connected to the Internet and money, with greatly reced application scenarios and development speed. " An investor in Shanghai said

in fact, the token represented by bitcoin is only one of the earliest procts to verify the blockchain technology, and the two can not be equated, and the existence of token has obviously negative effects on the development of blockchain

Xiao Wei, chief engineer of network blockchain, told this reporter that the myth of ICO's sudden wealth shakes the R & D concentration of blockchain technical talents, and the myth of "sudden wealth" with hundreds of times of return tests the patience of blockchain technical R & D talents“ Many of the "comrades in arms" in the circle who used to do research and development of blockchain technology have gone to issue coins, and now few of them can insist on doing research and development and application of technology. "

Xu zewei, Secretary of the Party committee of Beijing Internet Finance Instry Association, said that under the background of China's ban on ICO, many domestic start-ups promoting blockchain applications are "selling dog meat with sheep's pawn" and financing through concept packaging of worthless tokens“ ICO has polluted the good atmosphere of innovation and entrepreneurship, and created a kind of speculative proct. Many young people are not thinking about entrepreneurship, but are thinking about issuing money, which makes us have the illusion of getting rich overnight. "

at present, more and more people in the instry begin to think about whether the development of blockchain must rely on the issuance of tokens to achieve incentives. Guo Dagang, Secretary General of Beijing Internet Finance Instry Association, told this reporter that the so-called incentive mechanism is only the theoretical basis for the project party to issue tokens for itself. Huo Xuewen, director of Beijing Municipal Bureau of financial work, also believes that if blockchain does not get rid of the dilemma of issuing currency, it will never find a legal landing mechanism

secondly, blockchain is not omnipotent and its security is at risk. Blockchain is generally considered to achieve three functions:

first, the data stored on the blockchain can not be tampered or forged, and the data has high credibility and credibility; Second, the whole process of the transaction can be traced, which can achieve accurate responsibility tracking; Third, the embedded smart contract in the blockchain can be executed automatically based on the contract, so as to improve work efficiency and rece the risk of default. It is generally believed that blockchain has broad application prospects in finance, logistics, trade and other fields

in fact, blockchain is not omnipotent, and its function has many limitations. It is generally believed that, according to the characteristics of cryptography, in order to tamper or falsify in the blockchain, more than 51% of the nodes need to be controlled in theory. When there are enough nodes in the blockchain, it is difficult to tamper with the trust creation mechanism widely participated by the public

However, in reality, digital currency exchanges are frequently attacked or even stolen. On June 20, 2018, bithumb exchange of South Korea announced on its official website that the exchange had been attacked by hackers and stolen 35 billion won, about 32 million US dollars of cryptocurrency

Ji Xinhua, known as the first generation of "hackers" in China, said that the blockchain will continue to face attacks, and the process of uploading data to the blockchain is prone to information leakage. Some people in the instry worry that once the super computing power of quantum computing is realized, it will also have a direct impact on the blockchain

Zhao Yao, a special researcher of the Institute of finance of the Chinese Academy of Social Sciences, told this reporter that the academic community has confirmed as early as 2013 that the blockchain is not perfect and there are many "cheating" strategies. As long as there are enough economic incentives, controlling attacks of more than 51% nodes does not only exist in theory

Zeng Guang, Secretary General of Shenzhen Internet Finance Association, said that the blockchain technology itself does not have the ability to do so

4.

Recently, Vulcan team of 360 company found a series of high-risk security vulnerabilities in EOS, a blockchain platform. It is verified that some of the vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, they can directly control and take over all nodes running on EOS through remote attacks

In the early morning of May 29, 360 reported this kind of vulnerability to EOS official for the first time, and assisted it to repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these problems are fixed

EOS super node attack: the virtual currency transaction is completely controlled

in the attack, the attacker will construct and publish a smart contract containing malicious code, and the EOS super node will execute the malicious contract and trigger the security vulnerability. The attacker then uses the super node to pack the malicious contract into a new block, resulting in the remote control of all nodes in the network (alternative super node, exchange recharge withdrawal node, digital currency wallet server node, etc.)

because the system of the node has been completely controlled, the attacker can "do whatever he wants", such as stealing the key of the EOS super node and controlling the virtual currency transaction of the EOS network; Obtain other financial and privacy data in the participating node system of EOS network, such as digital currency in the exchange, user key stored in the wallet, key user information and privacy data, etc

What's more, an attacker can turn a node in the EOS network into a member of a botnet, launch a network attack, or become a free "miner" to extract other digital currency

source: Science and Technology News

5.

at present, the vast majority of digital currency transactions are concted in exchanges. Among the numerous exchanges, bitfinex, binance, okex and so on are well-known

However, bitcoin and other digital currencies, as decentralized assets, have to be traded in a centralized exchange, which seems to have hidden contradictions and dangers

1. Problems and challenges of stock exchanges=“ //www.yuanxue365.com/en/img_fd039245d688d43fdf16c83b761ed21b0ff43bbf ">

in February 2014, Mt. GOx, the world's largest bitcoin exchange at that time, was stolen 850000 bitcoins, and the price of bitcoin suffered a" cliff "crash on that day. Later, it was revealed that Mt. GOx was in fact a thief, and only 7000 bitcoins were actually stolen

in August 2016, bitfinex, the largest U.S. dollar bitcoin trading platform, suffered a security vulnerability, resulting in the theft of 120000 bitcoins, which was worth $65 million at that time. If converted into the price in December 2017, it would be worth nearly $2 billion

on December 19, 2017, South Korea's youbit exchange was attacked by hackers and lost 4000 bitcoins, and the exchange declared bankruptcy

on December 21, 2017, the Ukrainian liqui exchange was stolen 60000 bitcoins, and the unit price of bitcoin plummeted by US $2000

in 2018, such a drama will only continue

in addition to the threat of hackers, traditional exchanges also have some inherent shortcomings, such as lack of supervision and inefficiency. The security of the exchange for investors can only rely on its own credit, and the cost of running is very low. The stock exchange is regulated at the national level, but there is no such sword of Damocles on the top of the digital currency exchange. Moreover, in an exchange, the same order can only be submitted to one exchange. After the user places an order, the funds used for the transaction will be frozen and can only wait for the completion or cancellation of the transaction. These are undoubtedly inefficient

All in all, the problems of exchanges are the problems of centralization

2. Decentralization of exchanges=“ //www.yuanxue365.com/en/img_86d6277f9e2f070889a173c9e224b899a801f257 ">

(1) the progress of the exchange itself

the upgrade of security means is various. At present, the best use is cold wallet, that is, to keep the digital currency in the offline U disk. At the end of 2017, when the YouTube exchange was attacked, 75% of its assets were withdrawn into the cold purse in time to avoid greater losses. However, it seems to be a helpless way to protect the online assets by offline means. Of course, there should be many other methods, which will not be repeated here

(2) the representative of cross ledger transaction is ripple network, and the operating company is ripple labs, which is a semi centralized system. Ripple is a decentralized clearing agreement. In order to solve the high cost and delay of inter-bank clearing, its base currency is XRP. Ripple network can connect all kinds of assets, such as US dollar, RMB, Japanese yen, bitcoin, etc. to its own network. In this system, U.S. dollars or bitcoin can be converted into reborn currency, and then reborn currency can circulate freely in the network, just as a highway is built between various assets. Due to the support of major banking institutions, the reborn currency achieved nearly 300 times growth in 2017

(3) decentralized exchange

some teams try to use blockchain technology to build a decentralized exchange. This kind of decentralized exchange, to some extent, is an extension of cross ledger trading

bitshares is the most representative of early rising projects. It builds a blockchain development platform with servers scattered all over the world. Even if some of them are attacked, the system will not collapse. Anyone can transfer money and borrow money freely on this platform, and can also quickly build a centralized exchange based on this platform. In order to ensure stable value, bitstocks also require three times of digital assets as collateral. At present, bitstocks are running fairly well

later, with the development of Ethereum and smart contract, the x x protocol came into being. This is an open protocol running in the Ethereum blockchain and a decentralized exchange in the Ethereum ecosystem. The agreement has attracted many investors. At present, it has completed financing and started to build open source software tools and infrastructure. Of course, there are many competitors. Ether Delta, IDEX and oasis DEX are trying to provide similar functions. Moreover, it is a smart contract system based on Ethereum, which only supports erc20 token. If other smart contract public chains start to rise, the demand will be reced

in addition, there are some teams that are entering, such as the domestic road seal agreement, looping (LRC) in English. They adopted a design similar to the X protocol, and also introced a fast payment function similar to the lightning network. It is characterized by trying to match multiple exchanges, the user's order can be broadcast to multiple exchanges, and completed by different exchanges. Moreover, the user can still use the account funds after placing an order, and the user's behavior of transferring part or all of the funds is equivalent to partial or total cancellation. To some extent, it improves the breadth and timeliness of the transaction. However, this system seems to have damaged the "power" of the existing exchanges. Whether we can persuade everyone to play together will be a difficult problem

At present, there is still a long way to go for the construction of decentralized exchange. In 3-5 years, traditional exchange will still be the main battlefield of digital currency

However, in the future, it is worth looking forward to let the decentralized digital currency get rid of the shackles of centralization

6.

Let's suppose villagers Lao Wang and Xiao Li. Lao Wang borrowed some money from Xiao Li, who wrote it in an IOU signed by both parties. A few days later, Lao Wang denied the existence of borrowing money and claimed that Xiao Li forged the paper. Xiao Li can't argue because he finds it difficult to prove that Lao Wang actually owes him money

in this example, Lao Wang and Xiao Li are two nodes

now assuming the same scenario, there are many pairs of people trading with each other in the village. The only evidence for each pair is the IOU. If one party fails, it will be difficult to do so. Seeing this scene, the village head came up with a solution. He suggested using a common notebook for the whole village to record all the transactions. Due to the high prestige of the village head, the villagers unanimously decided to let the village head keep this important transaction book. Each transaction, the villagers go to the village head's home, let the village head witness and record, each transaction is written into a notebook, and then safely saved. That notebook can be called a database

because this notebook is very important, the village head locked it in the safe. However, there are always some problems. Sometimes, the village head will accidentally sprinkle ink on the paper, making some transaction records illegible. This is called a single point of failure. The thief knows that there is an important notebook in the safe of the village head's house. He tries his best to steal it. This is called hacking

until one day, the village head's son owed others a lot of money, so the village head secretly deleted his son's debt entry. In this way, the village head's son "does not owe money."

when the villagers knew this, they began to question the fairness and authority of the village head. So some people put forward a new idea:

abolish the power of the village head, which is called decentralization. Let all villagers keep a notebook, and the transaction records are copied and distributed, which is called distributed database. Therefore, if there are n people in the village, there are n notebooks, that is, n nodes. Every time there is a trade between any two people, all the people in the village get together and record it in their notebooks. And no one can cover the sky. This is called decentralization

they also decided that they would never delete the mentioned transactions from their notebooks, which is irreversible. For example, Lao Wang borrowed a sum of money from Xiao Li before, but in the twinkling of an eye, he wants to return the money. Then the transaction book will not delete the previous borrowing record, but write a new repayment record, so there are two records

next, let's try to break this rule. What if we bribe Lao Wang to change his notebook? It's not feasible, because the next time the villagers meet, they find that Lao Wang's notebook is different from everyone else's, so the villagers notice that Lao Wang may be engaged in an indescribable transaction, and decide to abolish Lao Wang's transaction record and kick Lao Wang out of the organization

What if you try to bribe all the villagers? It's too expensive

the characteristic of this model is that greedy people need to pay a lot to attack the rules. He will find it more profitable to follow the rules

a smart child in the village suggested that each transaction data be called "block" and linked into a "chain" in chronological order, which is called blockchain