The truth behind ETH’s sky-high transfer fees: the attacked project turned out to be a fund

On June 16, Peckshield issued a post stating that it has found the truth of three consecutive sky-high fee transfer incidents in ETH last week:

PeckShield started with the addresses starting with 0x12d8012 and 0xe87fda7 associated with the 0xcdd6a2b address as a breakthrough, further in-depth search and tracing. Finally, we found out that the address starting with 0xcdd6a2b belongs to a South Korean exchange called Good Cycle, which specializes in financial Ponzi schemes.

Therefore, hackers can relatively easily carry out ransom attacks on their server systems;

Therefore, the project party still "forbears" indifferently after suffering a huge asset loss;

Therefore, there are still users who do not know the truth and continue to make their own dreams of investing and getting rich;

Therefore, the blackmail attack plot carefully planned by hackers has a high probability of being successful.

Its official website does not have any explanations about these two abnormal transfers, but only issued a notice saying that it will upgrade the system on June 18 to enhance security.

PeckShield speculates that the possible attack methods are:

1) One of the possible attack methods: All the information of the user when registering on Good Cycle is uploaded in clear text using HTTP, which is easy to be intercepted by intercepting tools. If the user's account password and PIN code are successfully intercepted by hackers, the hacker will You can log in to the user's account to withdraw cash, because Good Cycle did not perform secondary verification on the account when logging in and withdrawing cash, resulting in loss of assets.

3) The third possible attack method: After obtaining the user's account password, the hacker can obtain the various request headers required for sending the withdrawal request according to the encryption method in the code, directly send a withdrawal request and change the withdrawal address to his own address, so as to attack the user's account.

analyze:

analyze:

When the victim turns out to be the perpetrator, the whole thing becomes dramatic.

When we thought how advanced the technology of the hackers was, we found out how low-level the loopholes of the exchanges turned out to be.

When there are no laws in place to regulate these crimes, what we see is a lot of buzz on the Internet, but no regulator can hold people accountable.

It just corresponds to one advantage of blockchain and two problems that urgently need to be solved:

The public ledger on the chain makes negative behaviors transparent, and every blockchain participant has access to the truth of the matter (provided they are willing).

The legal system of the blockchain industry and the digital asset market still needs to be improved. Otherwise, even if the responsible person can be found through the chain, there is no suitable legal weapon to solve this problem.

Polkadot launches the second phase of NPoS network

On June 18, Polkadot's official Twitter announced that it has officially entered the NPoS (Nominated Proof of Stake) phase. During this phase, the Web 3 Foundation will increase the number of active validators from 20 to 100, further decentralizing the network.

According to Polkadot's official mainnet launch roadmap, when the first phase of PoA runs smoothly and there are enough nodes participating, it will consider entering the next phase of NPoS.

After going through the third stage (Governance) and the fourth stage (Remove Sudo), the fifth stage will open the transfer function.

(Polca Roadmap)

analyze:

analyze:

Polkadot is currently launching the second phase of the main network, which uses the NPoS consensus algorithm. NPoS (Nominated Proof of Stake) is a consensus algorithm designed by Polkadot based on the PoS algorithm. Validators (Validators) run nodes to participate in the production and confirmation of blocks. Nominators (Nominators) can mortgage their tokens to obtain nomination rights. And nominate validators you trust to get rewards.

The rewards of NPoS mainly come from the additional issuance of DOT tokens, which is also the main source of inflation for DOT.

However, the real strength of Polka may not be judged until the fourth stage: the removal of the super management authority Sudo authority.

Cambodia Releases White Paper on Central Bank Digital Currency Project Bakong

The Central Bank of Cambodia stated that Bakong helps Cambodians use QR codes and mobile applications to replace traditional paper currency payments, thereby helping to reduce the dominance of the US dollar in the country, and the technology of the Hyperledger Iroha blockchain will help realize bank accounts and digital wallets. real-time fund transfers between

analyze:

analyze:

• Central bank digital currencies (DC/EP) have become a wave, driven by Libra. There are two main reasons why countries promote their own DC/EP:

• At the domestic level, since DC/EP itself is M0 endorsed by the central bank, it is equivalent to cash in circulation, thereby further reducing people's dependence on cash in sporadic consumption. In addition, the country needs to do a better job of anti-money laundering through DC/EP, and obtain control over people's daily consumption data from centralized Internet agencies and payment agencies.

OMG Network Launches Security Bug Bounty Program With $25,000 Rewards

On June 11, 2020, the Ethereum expansion project OMG Network (formerly OmiseGO) launched a code security vulnerability bounty program, with a maximum reward of 25,000 US dollars. According to the description of the vulnerability plan, the parts that need to be audited include blockchain protocols, smart contracts, block browsers, and wallets.

Most projects based on ETH generally have a common feature - the cost of modifying security vulnerabilities is too high, and the security patching of vulnerabilities can only be achieved by updating the software version agreement. In layman's terms, it is insufficient fault tolerance.

In order to prevent the occurrence of security incidents, thereby causing damage to the interests of users. Many projects improve their system architecture through bug bounty programs, thereby further improving the security of blockchain protocols and wallets, which is a manifestation of being responsible for customer funds.