找回密码
 立即注册
首页 区块链新闻 查看内容
  • QQ空间
  • 回复
  • 收藏

Upbit是2019年黑客攻击的第七大加密货币交易所

wuya 2019-11-28 12:49

 

 

最近的Upbit黑客事件清楚地提醒我们,将密码存储在交换器上是危险的。我们探讨了今年发生的七起重大黑客事件,每一次都比上一次更大胆。的教训吗?不是你的钥匙,不是你的密码。


1月15日,在发现一个“安全漏洞”并造成“重大损失”后,Cryptopia陷入了黑暗。整个1月的其余时间,一直到2月,天都很黑,几乎没有声音。该网站声称,在警方调查这起估计价值1600万美元的黑客事件期间,它无法置评。


目前还不清楚Cryptopia是如何被黑客入侵的,但调查人员在8月份发现,Cryptopia将用户的资金集中在一个包罗万象的钱包中。新西兰交易所试图在黑客攻击后纠正其船只,甚至在3月份短暂恢复了交易服务。但是这次的复兴并不是注定的:该交易所在5月份进行了清算,10天后申请破产。


在3月24日的一次黑客攻击中,新加坡的DragonEx损失了一笔“未披露”的用户资金。该公司最初拒绝透露具体损失金额,但几天后通过telegram透露,它在安全漏洞上损失了700万美元。DragonEx似乎没有像其他交易所一般在2019年承诺给用户全额退款。相反,它表示正在制定一项“初步赔偿计划”,将用缆绳或龙币等额补偿受害者损失的资金。


今年3月,黑客以Bithumb为目标,收购了1300万美元的EOS,而这家韩国交易所后来得知,它在XRP中丢失了620万美元。这起盗窃案发生前不到一年的时间里,又发生了一起大规模的黑客攻击:2018年底,涉案金额达3100万美元。Bithumb怀疑黑客是内线,因为它发现了一个从钱包里“不正常的取款”。该交易所声称在黑客攻击中没有损失用户资金。


今年5月,黑客从Binance窃取了价值4070万美元的7000比特币。这家全球交易量最大的交易所在其热门钱包中发现了一个漏洞,不过它声称,在黑客攻击时,只有2%的资金在该钱包中。资金迅速通过一个越来越小的钱包网络转移,因为黑客试图洗掉他们被盗的硬币。其中一些资金最终变成了菲亚特。作为回应,Binance将存款和取款服务关闭了一周,以加强安全协议。该交易所于5月15日重新开放服务。它承诺向用户退还其应急基金。


新加坡比特鲁交易所(BiTrue exchange) 6月份损失了420万美元的用户资金。黑客以XRP(401万美元)和ADA(23.18万美元)为目标,利用BiTrue的内部用户访问审查流程进行攻击。利用他们所学到的知识,黑客将930万XRP和250万ADA转移到不同的交易所。BiTrue表示,它与合作伙伴交易所合作冻结了这些资金,并进一步承诺向所有受影响的用户退款。


日本Bitpoint交易所在7月份的一次黑客攻击中损失了2800万美元,5万名用户受到影响。目前尚不清楚黑客是如何攻破Bitpoint的安全系统的,不过这迫使Bitpoint暂停交易一个月。黑客入侵后不久,Bitpoint的母公司Remixpoint承诺向受影响的用户提供补偿。Bitpoint支持的五种加密货币(比特币、比特币现金、以太、莱特币和XRP)的交易在8月份重新启动。


厄普比特是最新的黑客攻击受害者,在2019年11月26日的协调世界时9点损失了4900万美元。一个“异常交易”在几分钟内导致了342,000以太损耗。该交易所说,损失并非来自用户资金,它已暂停所有功能至少两周。


随着这一年的结束,这些黑客行为代表着交易所和用户用他们的私人和公共钱包承担的巨大而不确定的风险。2020年会带来什么?希望密码生态系统中更少的大人物能减少损失。

 

The recent Upbit hack is a stark reminder of the danger of storing your crypto on an exchange. We explored seven major hacks that happened this year, each one bolder than the last. The lesson? Not your keys, not your crypto.

Cryptopia went dark on Jan. 15 after it discovered a “security breach” with “significant losses.” It stayed dark, and mostly silent, through the rest of January and deep into February. The site claimed it could not comment during the police investigation of the estimated $16 million hack.

It is not clear how Cryptopia was hacked, but investigators discovered in August that Cryptopia had been pooling users’ funds in a catchall wallet. The New Zealand exchange tried to right its ship after the hack and even briefly reopened trading services in March. But the revival was not meant to be: the exchange went into liquidation in May and 10 days later filed for bankruptcy

DragonEx of Singapore lost an “undisclosed” amount of user funds in a March 24 hack. It initially declined to estimate how much but days later it revealed over telegram that it lost $7 million in the security breach. DragonEx did not appear to promise users a full refund, as other exchanges generally did in 2019. Instead, it said it was working on a “preliminary compensation plan” that would reimburse victims’ lost funds in Tether or Dragon Token equivalent. 

Hackers targeted Bithumb in March for $13 million of EOS and the South Korean exchange later learned it was missing $6.2 million in XRP. The heist came less than a year after another massive hack: $31 million in late 2018. Bithumb suspects that the hack was an inside job as it spotted an “abnormal withdrawal” from one of its wallets. The exchange claims it lost no user funds in the hack.

Hackers stole a massive 7,000 bitcoin haul worth some $40.7 million from Binance in May. The world’s largest exchange by volume found a vulnerability in its hot wallet, though it claims that only 2 percent of total funds were in that wallet at the time of the hack. Funds quickly moved through a network of smaller and smaller wallets as hackers tried to wash their stolen coins. Some of the funds were eventually turned into fiat. In response, Binance shuttered deposit and withdrawal services for a week to beef up security protocols. The exchange reopened services on May 15. It pledged to refund users from its emergency fund.

Singapore’s BiTrue exchange lost $4.2 million of its users’ funds in June. Hackers targeted XRP  ($4.01 million) and ADA ($231,800) in a breach that exploited BiTrue’s internal user access review process. Using what they learned, the hackers then transferred 9.3 million XRP and 2.5 million ADA into different exchanges. BiTrue says it worked with partner exchanges to freeze those funds and further promised to refund all users affected.

Japanese exchange Bitpoint lost $28 million in a July hack that hit 50,000 users. It is not known how the hackers breached Bitpoint’s security, though it forced Bitpoint to halt trading for a month. Soon after the hack, Bitpoint’s parent company, Remixpoint, promised to reimburse affected users. Trading in Bitpoint’s five supported cryptos (bitcoin, bitcoin cash, ether, litecoin and XRP) started up again in August. 

Upbit is the latest hacking victim after losing $49 million at 9:00 UTC on November 26, 2019. An "abnormal transaction" resulted in a 342,000 ether loss in a few minutes. The exchange said that the loss didn't come from user funds and that it has suspended all functions for at least two weeks.

As the year winds down, these hacks represent the massive - and precarious - risks exchanges and users take with their private and public wallets. What will 2020 bring? Here's hoping for fewer losses from fewer big names in the crypto ecosystem.

    来自: coindesk