Current location - Education and Training Encyclopedia - Educational institution - SAFEIS security report: sorting out the top ten theft incidents in the history of encryption and their countermeasures
SAFEIS security report: sorting out the top ten theft incidents in the history of encryption and their countermeasures
In 2008, due to various drawbacks of the centralized world, the global financial crisis broke out and then swept the world. In order to eliminate these drawbacks, Satoshi Nakamoto established the Bitcoin network, and the blockchain was born.

In order to improve the security of the whole network and transactions, the blockchain adopts distributed nodes and password technology, and all records in the chain are open and transparent and cannot be tampered with. In recent years, the blockchain has made great progress and formed a huge encryption ecology.

However, since the emergence of blockchain, cryptocurrency scams have become frequent and intensified, and cryptocurrency cannot provide sufficient security for users' funds. In addition, cryptocurrency can be transferred anonymously, which leads to frequent major attacks and thefts in the encryption industry.

The following will sort out and analyze the top ten incidents of cryptocurrency theft in the history of encryption, and six practical strategies to prevent cryptoassets from being stolen.

1.Mt. Gox was stolen.

The theft of Mt. Gox is still the biggest cryptocurrency theft in history. During the period from 20 1 1 to 20 14, more than 850,000 bitcoins were stolen.

Mt. Gox claims that the main reason for the loss is a potential vulnerability of Bitcoin network-transaction scalability, that is, the process of changing the unique identifier of a transaction by changing the digital signature used to generate the transaction.

On September 20 1 1 year, the private key of MtGox's account was leaked. However, the company did not use any audit technology to find vulnerabilities and prevent security incidents. In addition, due to MtGox's regular reuse of bitcoin addresses that reveal private keys, the loss of stolen funds continues to expand. By the middle of 20 13, 630,000 bitcoins had been stolen by hackers.

Many exchanges use both cold wallets and hot wallets to store and transfer assets. Once the exchange server is hacked, hackers can steal the encrypted assets in the hot wallet.

2. Linod's theft

Linode, an encrypted network asset custody company, mainly manages the encrypted assets of Bitcoin exchanges and giant whales. Unfortunately, these managed encrypted assets are stored in popular wallets. More unfortunately, Linode was hacked in June of 20 1 1 year.

As a result, more than 50,000 bitcoins were stolen, and Linode's customers suffered heavy losses. Among them, bitcoin, Bitcoin.cx and Gavin Andresen lost 43,000 bitcoins, 3,000 bitcoins and 5,000 bitcoins respectively.

3.BitFloor theft

20 12 in may, hackers attacked BitFloor and stole 24,000 bitcoins, all of which originated from the fact that the wallet key backup was not encrypted, which made it easy for attackers to obtain wallet keys, thus stealing huge encrypted assets.

After the theft, Roman Shtylman, the founder of BitFloor, decided to close the exchange.

4.Bitfinex was stolen

The use of multi-signature accounts cannot completely prevent the occurrence of security incidents, as evidenced by the theft of Bitfinex's huge bitcoin assets of nearly 1.2 million.

In June 2022, 20 million OP tokens were stolen due to improper use of multi-signature accounts.

5.Coincheck's theft

Coincheck, headquartered in Japan, had its NEM (XEM) token worth 530 million dollars stolen in June 20 18.

Coincheck revealed afterwards that hackers could easily access their systems due to the negligence of the personnel at that time, and because the funds were kept in hot wallets and the security measures were insufficient, hackers could successfully steal huge encrypted assets.

6. theft. Kukern

KuCoin announced in September 2020 that hackers had stolen a large number of encrypted assets such as Ethereum (ETH), BTC, Litecoin (LTC), Ripple (XRP), Stellar Lumen (XLM), Trox (TRX) and USDT.

Lazarus Group, a North Korean hacker group, was accused of being the initiator of the theft of treasury coins, which caused financial losses of $275 million. Fortunately, the exchange recovered about $270 million in stolen assets.

7. theft. Poly. com

The theft of Poly Net is one of the most serious cases of cryptocurrency theft in history. In August of 200212002, a hacker named "Mr. White Hat" took advantage of a loophole in the DeFi platform and successfully stole encrypted assets worth about 600 million US dollars on the network.

The strange thing about the theft of Poly.com is that after the theft, "Mr. White Hat" not only kept an open dialogue with the official of Poly.com, but also returned all the stolen encrypted assets a week later. "Mr. White Hat" won a prize of 500,000 dollars and got a job opportunity to become a senior security officer of Poly Network.

8. theft 8. Cream finance

202 1, 10, a security incident occurred in Cream Finance, and hackers stole encrypted assets worth $654.38+300 billion. This is the third incident of cryptocurrency theft in Cream Finance this year. Hackers stole $37 million in encrypted assets in February 20021year, and $190,000 in August 20021year.

The theft was accomplished by a lightning loan attack. The attacker used MakerDAO's DAI to generate a large number of yUSD tokens, and also used the yUSD price predictor to complete the lightning loan attack.

9. Badger Road was stolen.

202165438+February, a hacker successfully stole the assets of several cryptocurrency wallets on BadgerDAO of DeFi project.

This event is related to phishing when malicious scripts are injected into the website user interface through Cloudflare. Hackers used the key of application programming interface (API) to steal $654.38+$300 million. API keys are created without the knowledge or permission of Badger engineers, and are used to inject malicious code into a small number of clients on a regular basis.

However, about $9 million of encrypted assets were recovered because hackers failed to withdraw funds from Badger in time.

10.Bitmart theft

202 1 12, Bitmart's hot wallet was attacked by hackers, and about 200 million dollars of encrypted assets were stolen. It was found that about $654.38 billion of encrypted assets were stolen and transferred through the Ethereum network, and nearly $654.38 billion was stolen and transferred through the Coin Security Intelligent Chain network.

Theft involves more than 20 kinds of tokens, including mainstream coins such as Bitcoin and a considerable amount of counterfeit money.

The best way to protect encrypted assets is to pay attention to the encryption protection of wallets and the safe storage of private keys, and conduct in-depth research and identification of items on the market to avoid stepping into the trap of attackers.

Due to the invariance and irreversibility of blockchain, once the wallet private key is leaked, it is inevitable that the encrypted assets will be stolen and cannot be recovered.

Six practical strategies to prevent the theft of encrypted assets;

1. Use a cold wallet

Unlike hot wallets, cold wallets are not networked, so they will not be attacked by the Internet. The private key stored in the cold wallet can effectively protect the encrypted assets.

Use a secure network

When trading or conducting encrypted transactions, only use secure networks and avoid using public Wi-Fi networks.

3. The funds are scattered in multiple wallets

Don't put your eggs in the same basket. This sentence is very useful in the fields of finance and encryption.

Distribute the encrypted assets to different wallets, which can minimize the loss when attacked.

4. Improve the security of personal equipment

Ensure that personal devices are equipped with the latest security software, prevent newly discovered vulnerabilities and network attacks, open a firewall to improve the security of devices, and prevent hackers from attacking through the security vulnerabilities of device systems.

5. Set a strong password and change it regularly.

When it comes to security, we can't underestimate the importance of strong passwords. Many people use the same password on multiple devices, applications, social media accounts and encrypted wallets, which greatly increases the probability that encrypted assets will be stolen.

In order to prevent theft, you need to establish a strong password with high security level in your wallet account. This strong password needs to be unique and get into the habit of changing it regularly. In addition, choosing two-factor authentication (2FA) or multi-factor authentication (MFA) can improve security.

6. Beware of phishing attacks

Phishing fraud through malicious advertisements and emails is rampant in the field of cryptocurrency. Be extra careful when conducting encrypted transactions and avoid clicking on any suspicious and unknown links.

You should always check and verify the information about encrypted investment and the website address, especially if the information is very tempting and unreasonable. For example, the project official chats information privately through channels such as Didcord. Of course, security incidents in which the project party Didcord is attacked frequently occur, and malicious links at this time may be in public channels rather than private chat interfaces. In this case, it is particularly important to check and verify the authenticity of encrypted investment-related information through multiple channels!

SAFEIS is an internationally renowned innovative blockchain ecological security service platform. It is based on a variety of core technologies, such as data, intelligence, network security, graphic computing and so on. With complete data processing and accurate traceability, the service targets cover many well-known companies and projects around the world.

"Making the blockchain safer" is a glorious mission, and we will practice this glorious mission and embark on a new journey.