The risk of digital currency Wallet
Yin Zhentao, deputy director of the law and Finance Research Office of the Financial Research Institute of the Chinese Academy of Social Sciences, said that digital currency faces two risks. The first is the technical level. Digital currency relies on blockchain technology and a system, which will make it suffer from security impact, such as hacker attacks on computer systems. We have seen many practical problems in this process
Zhao Zhanzhan, a special researcher of intellectual property research center of China University of political science and law, believes that digital currency has anonymity, quickness and irrevocability. In addition, bitcoin and other digital currencies have high circulation in the world, so many criminals use digital currency as a new money laundering channel. Moreover, there are many different ways to realize money laundering through digital currency. Generally speaking, the probability of new money laundering being found and investigated is lower than before. Many countries have no effective means and technology to combat money laundering through digital currency. These factors lead to criminals prefer this way of money laundering
digital currency is a kind of unregulated and digital currency, which is usually issued and managed by developers and accepted and used by members of specific virtual communities. The European Banking authority defines virtual currency as a digital representation of value, which is not issued by the central bank or authorities, nor linked with legal currency. However, because it is accepted by the public, it can be used as a means of payment, or it can be transferred, stored or traded in electronic form
according to the notice on preventing the financing risk of token issuance, there is no approved digital currency trading platform in China. According to China's digital currency regulatory framework, investors have the freedom to participate in digital currency transactions at their own risk
warm tips: the above information is for reference only. Before investing, it is recommended that you first understand the risks existing in the project, and understand the investors, investment institutions, chain activity and other information of the project, rather than blindly investing or mistakenly entering the capital market. Investment is risky, so we should be cautious when entering the market
response time: December 11, 2020. Please refer to the official website of Ping An Bank for the latest business changes
[Ping An Bank I know] want to know more? Come and see "Ping An Bank I know" ~
https://b.pingan.com.cn/paim/iknow/index.html
very large
in the field of blockchain and virtual currency, such cases of losses caused by the security of exchanges occur frequently, causing great economic losses to users. The security experts of Juhui ggfx also gave a hint: there are still many loopholes in the current digital currency trading platform, for example, the most common are the following six kinds:
the first kind: denial of service attack
denial of service attack is the most important attack against the digital currency trading platform at present. Through denial of service attack, the attacker makes the trading platform unable to access normally, Because users can not accurately distinguish the degree of attack, it often causes panic asset transfer, which brings some loss
the second kind: phishing
even the best technical measures at present can not make the digital currency trading platform avoid phishing attacks. Some hackers and outlaws can confuse digital currency investors by means of fake domain names or fake pages, while ordinary investors can't identify the authenticity, so it's easy to cause asset losses
the third: Hot wallet protection
many digital currency trading platforms use a single private key to protect the hot wallet. If hackers can access a single private key, they can crack the hot wallet related to the private key. For example, in the attack on yapizon of Seoul stock exchange in 2017, the attackers stole hot wallets from the trading platform twice in a year, resulting in a total loss of nearly 50% of the assets of the trading platform and eventually leading to the bankruptcy of the trading platform
Fourth: internal attack
e to the lack of perfect risk isolation measures or ineffective supervision on the authority of employees, the digital currency trading platform also has employees' self-monitoring and stealing, and some employees with operating authority of the platform use internal trust to seek ill gotten gains for themselves. For example, in 2016, the event of employees stealing bitcoin on shapeshift caused a total loss of US $230000 to the trading platform by stealing and reselling sensitive information to others
the fifth: software vulnerability
the software vulnerability of digital currency trading platform includes single sign on vulnerability, OAuth protocol vulnerability, etc. At present, all countries have laws requiring banks or other financial institutions to implement information security measures to protect customers' deposits. However, e to the fact that the blockchain field is still in its infancy, there is a lack of such specifications for encrypting digital assets. Therefore, it is not accidental that many trading platforms have a large number of loopholes in the absence of security constraints
sixth: transaction malleability
Technical supporters of blockchain often think that blockchain transactions are highly secure because they are recorded on records that are said to be unchangeable, but each transaction needs to have a corresponding signature, and the records can be temporarily forged before the final confirmation of the transaction. Mt. GOx, which once accounted for 80% of the world's total transactions, was hacked to submit code changes to the public ledger before the initial transaction was released, resulting in a loss of 473 million US dollars< br /> &# 160;
When bitcoin was first launched, a bitcoin could not buy a hamburger, but now a bitcoin can buy a car, which is the violence of virtual currency. The virtual digital currency led by bitcoin has let many investors see the dawn{ RRRRR}
we all like to save money, at most for a fixed period. A few people buy stocks, let alone virtual digital currency
the biggest risk of digital currency is instability. It is not a currency recognized by the International Monetary Fund. Bitcoin can not be traded directly, nor can it be used to buy things directly, because the number of bitcoin is limited. Therefore, many people feel that it is necessary to invest
and now many countries prohibit the transaction of virtual currency, because digital currency helps money laundering. Many people launder money through digital currency to evade supervision. Once the government finds it illegal, it will be unfavorable for the trend of digital currency
there is a lot of uncertainty in digital currency, and the biggest fear is the collapse of the whole system. In the end, there is nothing left, so there are risks in investment
American Stock Research Society points out: different styles of strategies have different requirements for back testing, such as multi factor stock selection or trend strategy. The following points should be noted:
1. Distinguish the data in the sample from the data out of the sample, which is very similar to machine learning. The data in the sample is used for training, and the data out of the sample is used for verification the purpose of this is to avoid the over fitting trap
2. Income distribution: look at the income distribution of all transactions after your back test, and see whether your income source is a few times of large income or a few times of small income if it comes from a large return, your return will fluctuate greatly, and the firm offer will often fail to achieve your effect
3 if you have a parameter that is too sensitive to adjust, it will have a great impact on the revenue, and the situation of your real offer and the simulated offer are also likely to be different
strictly speaking, this kind of strategy avoids some common pitfalls, and it is relatively easy to achieve back testing and real offer
JD quantitative has recently launched some technical indicators of tongdaxin, which are not bad. You can go and have a look, and you should learn a lot< br />
1. Security risk of running environment
the core file of encrypted digital currency Wallet - private key / mnemonics is stored on the terminal device, whether it is PC or mobile terminal, if the terminal device appears unsafe phenomenon, it has a very high security risk for private key / mnemonics
at the beginning of design, a secure digital wallet can avoid the possibility of private key / mnemonics being stolen e to the running environment. The security problems of the running environment on the terminal mainly include virus software, operating system vulnerabilities and hardware vulnerabilities
2. The security risk of network transmission
the security of network transmission is more reflected in the ability to resist man in the middle attack. Man in the middle attack means that the attacker creates independent contact with both ends of the communication and exchanges the data they receive, so that both ends of the communication think that they are talking directly with each other through a private connection, but in fact the whole conversation is completely controlled by the attacker
although most digital wallet applications use the HTTPS protocol to communicate with the server, the man in the middle attack method is to get the content of the HTTPS protocol by installing a digital certificate in the user terminal
a secure digital wallet needs to be able to scan the legality of all the digital certificates in the terminal, check the proxy settings in the network transmission process, and ensure the security of the basic network communication environment
in the development of digital wallet, whether to use two-way verification for communication verification at the network transmission level is also an important criterion to measure the security of a digital wallet application
3. The security risk of file storage mode
for the private key / mnemonics of digital wallet, the storage mode of terminal device also needs to be paid attention to in the security design. The access right of private key / mnemonic file directory, the form of private key / mnemonic file storage and the design of encryption algorithm all need to be strictly designed
when we analyze the security of several mainstream digital wallets, we find that even the well-known digital wallets are random in the storage of private key / mnemonic words. There are both plaintext storage and encrypted storage, but the decryption key is fixed in the code, which can not play any role in security defense
4. The security risk of the application itself
the security risk of the application itself mainly focuses on the security defense of the application installation package itself
whether the application installation package has the ability of anti tampering is a very core technical ability. In addition, memory security, anti debugging ability, life cycle management of private key / mnemonics, security of debugging log and security of development process also need to be enhanced
5. Security risk of data backup
if the mobile application can be backed up, it can use the machine with more powerful computing performance to brutally crack the private key / mnemonics. For example, if android:allowBackup Property is set to allow backup, then the backup mechanism of the system can be used to back up the application data files, and the private key / mnemonics of the encrypted digital currency will be backed up to the external media, which breaks the security boundary design of the operating system from another direction
for the majority of users, the security of digital wallet also means the security of wealth, so we must be careful when choosing digital wallet.