跌宕起伏 Blast生态Munchables遭黑客攻击分析

According to the monitoring of anti-money laundering analysis platform, the eco-game platform was attacked by hackers. It is understood that the winning project has just been announced recently. After the attack, it has dropped sharply from $10,000 to more than $10,000. About this incident, the security team analyzed the attacker's address at the first time, and the contract vulnerability was analyzed. After investigating the cause of the attack, the chain detective said that it was stolen or hired a DPRK disguised as a developer. Fresh hackers said that four different developers hired by the team were related to the exploiters, and they were probably the same person. They recommended jobs to each other, regularly transferred money to the same two exchange deposit addresses and recharged each other's wallets. After analysis, the security team found that this attack was mainly caused by the North Korean hacker developer's contract using the contract upgrade function to pre-set his mortgage account book, and then called the function to propose an attack flow attack in the contract. In the preparation stage, the hacker developer pre-creates an implementation contract with a back door and pre-sets the hacker's own mortgage account book to the maximum value. In the attack stage, the attacker calls the function to take out. Because the hacker has already set the mortgage account book check in the attack preparation stage, it is simply bypassed and stolen. After that, it is further explained on social media that sharing the private key is to help security personnel recover the user's funds, specifically, it includes the private key holding of US dollar encrypted assets. The private key of and the owner's private key containing the rest of the funds were anxious when the project parties and users were worried. In the afternoon of Beijing time, the attacker returned all 10,000 pieces to a multi-signed wallet. By the time of posting, the stolen funds had been returned and sent to the multi-signed contract. Half an hour later, the founder announced on the platform that the core contributors had obtained 10,000 dollars of funds through multi-signature, namely 10,000 pieces stolen and 10,000 pieces left in the agreement, with a current value of 10,000 dollars. Thanks to the former developers for choosing to finally return all the funds. Without any ransom, this announcement indicates that all users' funds are safe and will not be locked. All related rewards will also be updated in the next few days. At the same time, those affected by the attack have also announced the safety of funds. All of them have been retrieved from the developer and will be transferred back so that users can withdraw money. Although we don't know the reason why hackers return funds for the time being, this experience has once again sounded the alarm bell of security and made us deeply realize the importance of security. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

注册有任何问题请添加 微信：MVIP619 拉你进入群

文章转载注明 网址：https://netpsp.com/?id=56608