开年第一案 被盗8000万美元的Orbit Chain事件是怎么一回事？

According to the monitoring of its security risk monitoring, early warning and blocking platform, Beijing time, the project suffered an attack loss of at least about $10,000. According to the analysis, the hacker's address launched a small-scale attack as early as days ago, and the source of the transfer fee for the other addresses stolen was a cross-chain bridge platform. Users can use various encrypted assets of different blockchains on one chain. Now the project has suspended the cross-chain bridge contract and communicated with hackers about this security incident. The security team conducted the following analysis at the first time. The incident analysis was mainly that the attacker directly called the function of the contract to transfer the assets. Through further analysis of the code of the function, we can find that the function adopted the method of verifying the signature to ensure the security and legality of the loan. Verifying the signature is a common security mechanism in blockchain transactions to confirm whether the initiator of the transaction has sufficient authority and control. In the function, it can be ensured that only the signature can be verified. Only authorized users or contracts can successfully call this function and transfer assets. After entering the signature verification function, we can observe that the function returns the number of signatures, which is very important for verifying the legality and security of the transaction. By returning the number of signatures, the compliance and authenticity of the transaction can be verified to a certain extent. According to the specific implementation, the number of signatures may be compared with a preset threshold to determine whether the conditions for executing the transaction are met, and then the number can be judged. Whether the amount is greater than or equal to the loan if the conditions are met can be known from the data on the chain that there are a total of address values for managing the contract. In summary, the reason for the incident is that the server that tends to keep the administrator's private key is cheated. According to the data on the chain, hackers have launched attacks on the project as early as the beginning, and the amount stolen by hackers is relatively small and will be sent to the remaining hacker addresses. As a transaction fee, several other hacker addresses have successively attacked the project, tracked the funds as of press release, and transferred the stolen funds to the above five addresses as shown in the following figure. In five independent transactions, each transaction was sent to a new wallet, with a stable currency of 10,000 US dollars, 10,000 pieces of about 10,000 US dollars and 10,000 pieces of about 10,000 US dollars to track the flow of funds. This cross-chain bridge security incident once again gives us security enlightenment and reminds us that we are setting up. Security should always be the primary consideration when considering and implementing the blockchain system. First, we need to pay attention to the security of the code. Contract code is the core component of the blockchain system. Therefore, when writing and reviewing contract code, we should follow the best practices and security standards to avoid common security vulnerabilities and attack vectors. Secondly, authentication and identity verification are very important. In the blockchain system, ensuring that only authorized users or contracts can perform key operations is to prevent unauthorized access and asset flow. The key to the loss is to adopt powerful authentication mechanism, multi-signature and authority management, which can effectively limit access rights and ensure that only authorized entities can conduct sensitive operations. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

注册有任何问题请添加 微信：MVIP619 拉你进入群

文章转载注明 网址：https://netpsp.com/?id=61925