新火科技研究员:Multichain或已失去MPC多签控制权,攻击者并非普通黑客_虚拟币交易所平台,数字货币,NFT
BlockBeats 消息,7 月 7 日,新火科技研究员 0xLoki 在社交媒体上发文表示,Multichain 或已因为某些不可抗力失去对 MPC 多签地址资产的控制权,而不是简单的被攻击。他指出 Multichain 异常资金流动有以下 4 个特点: 1. 资产转移持续时间很长,说明转移者并不着急; 2. 资产转移前进行了 2USDC 的小额测试说明转移者有可持续的转移能力; 3. 每种资产转移到了独立钱包,之后没有进一步行为(如转移到交易平台、Swap、混币); 4. 接收钱包是完全干净的,甚至 Gas 都没有。 基于上述特点,他推导认为: 1. 转移者有充足的时间,考虑到 MPC 的技术特点,转移者很可能通过某种方式完全取得了超过阈值的私钥分片的控制权; 2.「攻击方式」非常简单,就是单纯的转账操作,没有合约,还有测试,攻击者大概率不是黑客; 3. 转移者并未进行进一步的处置和变现,操作人可能没有绝对的决定权。 0xLoki 判断 Multichain MPC 多签控制的资产已经不受控制,相对应的,被控制部分分片的持有人如果持有其它超过阈值的 MPC 或者多签分片,这些资产和合约全部都可能不受控制,因此需要立刻检查所有和 Multichain 合约/跨链资产相关的风险暴露,并关注接收地址接下来会做些什么。 此外,0xLoki 还表示,MPC 没有问题,但是由一个自然人保管超过阈值的分片,并且处于加密货币活动被禁止或者不被保护的司法辖区,这是有问题的。原文链接
: xinhuo technology researcher or attacker who has lost control over multiple signatures is not an ordinary hacker. xinhuo technology researcher or attacker who has lost control over multiple signatures is not an ordinary hacker. Blockchain network news month, xinhuo technology researcher posted on social media that he has lost control over multi-signature address assets because of some force majeure instead of being simply attacked. He pointed out that abnormal capital flow has the following characteristics: the long duration of asset transfer indicates that the transferor is not there. The small-scale test conducted before the urgent asset transfer shows that the transferor has sustainable transfer ability. After each asset is transferred to the independent wallet, there is no further behavior, such as transferring to the trading platform. The mixed currency receiving wallet is completely clean or even not. Based on the above characteristics, he deduced that the transferor has enough time to consider the technical characteristics. It is very likely that the transferor has completely obtained the control right of the private key fragment that exceeds the threshold in some way. The attack mode is very simple, that is, the simple transfer operation does not exist. There is also a test of the contract. There is a high probability that the attacker is not a hacker and has not made further disposal and liquidation. The operator may not have the absolute right to judge that the assets under multi-signature control are out of control. If the holders of the corresponding controlled segments hold other over-threshold or multi-signature segments, all of these assets and contracts may be out of control. Therefore, it is necessary to immediately check all the risk exposures related to the cross-chain assets of the contract and pay attention to what the receiving address will do next. In addition, it is also reported. There is no problem, but the fragments that exceed the threshold are kept by a natural person and are in a jurisdiction where cryptocurrency activities are prohibited or unprotected. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。