X

译科技 | 比特币遭受重创:2019年最严重的密码灾难

全文共计3118字,预计阅读时间15分钟

来源 | Zdnet(转载请注明来源)

作者 | Charlie Osborne

译者 | 石煜倩

编辑 | 张77

今年发生了数百万起加密货币被盗事件,“退出骗局”及无数与密码犯罪相关的逮捕事件也在上演。

加密货币市场蓬勃发展的同时,不法分子们也企图借此牟利。

比特币(BTC)可能已经无法续写前几年1.9万美元以上市值的辉煌了,笔者在撰写本报告时,比特币目前的市值约为7200美元,但市场上除了比特币外还存在其他各种稳定的虚拟货币和阿尔特币,其中包括Ethereum (ETH),Ripple(XRP),Monero(XMR),Bitcoin Cash(BCH),和Litecoin(LTC)等,这些币始终有忠实的追随者,关于这些币的交易也在不断进行。

近年来,虚拟货币行业一直被人们所关注,以至于监管机构开始转向虚拟货币应被视为应纳税资产的观点。

美国国税局(IRS)目前正在追捕未申报其投资的加密货币交易员。

英国金融市场行为监管局(FCA)今年也就哪些币可以被视为证券或电子货币阐明了其立场。

对加密货币持敌对态度的俄罗斯,也开始接受加密货币在金融市场中可以具有合法地位的事实。

对于任何形式、具有金融价值的资产,犯罪分子都会想方设法从中骗取利润,加密货币也不例外。

该行业的受监管程度相当不均衡,法律也许能在当地适用,但随着加密货币交易所在全球范围内大量注册,对密码货币进行投资的风险也越来越高。

加密货币交易所是犯罪分子的一个共同目标。

网站本身的不足、导致热钱包(用于存放联网虚拟货币的存储系统)暴露的系统漏洞、内部威胁以及退出骗局都可能导致交易商失去他们的加密货币。

一旦发现漏洞,钱包可能被洗劫一空,区块链(加密货币交换的主干技术)本身也可能遭受攻击,除非加密货币隐藏在一个基于硬件的且没有连接到网络的冷钱包中,否则就会存在被网络攻击的风险。

下面,我们来看看2019年最值得关注的与加密货币相关的黑客、刑事调查、退出骗局以及数据泄露事件。

1月

新西兰加密货币交易所Cryptopia遭黑客攻击:由于某种形式的黑客攻击,新西兰加密货币交易所被迫下线,但细节尚不清楚。当时,该公司暂停交易,进行清算,估计有价值1600万美元的资产损失。

权益证明(Proof of Stake)加密货币出现安全问题:在26个基于权益证明的加密货币中发现了安全问题。用户有可能受到“假权益”攻击,攻击者破坏区块链并伺机控制它们。

比特币交易平台LocalBitcoins遭黑客攻击:点对点加密货币交易平台LocalBitcoins遭受攻击,导致属于客户的比特币被盗。

对Bitgrai公司的判决:被黑客入侵的Bitgrail交易所的前所有者——由于Bitgrail交易所软件存在漏洞造成了1.95亿美元的NaNo币被盗——被意大利一家法院命令尽可能多的赔偿客户损失,导致个人资产被没收。

盗窃IOTA代币的黑客被捕:欧洲刑警组织1月逮捕了一名涉嫌盗窃价值1 000万欧元加密货币的罪犯。

2月

比特币交易所Coinmama遭黑客攻击:Coinmama交易所在今年2月被爆出有45万个用户的电子邮件地址和散列密码在黑暗网络上出售。

3月

韩国第二大加密货币交易所Bithumb遭黑客攻击:据报道,Bithumb在今年3月被黑客攻击,攻击者成功窃取了价值约为2000万美元的EOS代币和瑞波币,这是该公司近两年来第三起安全事件。

区块链资产交易平台DragonEx以及数字资产交易平台CoinBene遭黑客入侵:这些加密货币交易平台在今年三月遭受网络攻击,DragonEx估计损失了价值100万美元的加密货币,而CoinBene损失了4500万美元。

5月

区块链资产交易平台Binance遭黑客入侵:黑客对Binance加密货币交换平台进行攻击,偷走了价值4100万美元的比特币。

欧洲最大的加密货币服务商之一Bestmixer.io被监管机构查封:Bestmixer.io网站在今年五月被荷兰当局关闭。据了解,该在线服务多年来利用加密货币交易进行洗钱活动,总金额超过2亿美元。

6月

加密货币钱包GateHub资金被盗:今年6月,GateHub共有18473名顾客的钱包被盗。该公司检测到了可疑的API调用,并通过调查确定攻击者设法访问了包含有效访问令牌的数据库。该公司表示,虽然不清楚究竟有多少币被盗,但估计被盗资产价值至少有1000万美元。

加密货币平台Bitrue遭黑客攻击:今年6月末,新加坡交易所Bitrue热钱包因黑客攻击损失了930万XRP和250万ADA,损失金额达数百万美元。据报道,黑客利用了审查程序系统中的漏洞来窃取客户资金。

价值2400万欧元的比特币盗窃案:6月末,欧洲刑警组织和欧洲检察署在英国和荷兰逮捕了6名犯罪嫌疑人,这些嫌疑人被指控操作了一个骗局,盗窃了价值2400万欧元的比特币。

7月

Bitpoint交易所价值3200美元加密货币被盗:位于日本的加密货币交易所Bitpoint在今年7月遭受黑客攻击,导致价值3200万美元的加密货币被盗,其中2300万美元属于该交易所的客户。

9月

以太坊初创公司被敲诈:今年9月,美国司法部逮捕了两名加密货币顾问并指控他们试图敲诈勒索一家以太坊初创公司,并威胁说,除非他们得到他们想要的报酬,否则他们会毁了这家公司。

10月

加拿大数字货币交易所MapleChange声称超过900个比特币被盗:加拿大数字货币交易所MapleChange称有超过900个比特币被盗,但客户不会得到赔偿。很快,该公司的网站和社交媒体就消失了,据此,客户有理由怀疑这是该公司自编自导的一场骗局。

尼日利亚加密钱包Satowallet疑似实施退出骗局:尼日利亚加密钱包Satowallet将100万美元的加密资产损失归咎于电信诈骗,他们说是电信诈骗者从顾客钱包里偷了钱。但是这起事件被怀疑是退出骗局。

11月

韩国加密货币交易所Upbit被黑客攻击:韩国加密货币交易所Upbit在11月份发出声明称,342000个ETH从该公司的热钱包中被盗,价值约4,850万美元。该交易所已承诺,客户将不会受到影响,资金将由Upbit资产覆盖。

Monero官方网站被入侵:11月,Monero官方网站被黑客入侵,攻击者提供恶意的Linux CLI二进制文件,篡改了原二进制文件,目的是从不知情的用户那里窃取资金。

加密货币专家Virgil Griffith被捕:Ethereum项目成员和加密货币专家Virgil Griffith在朝鲜的一个技术会议上发表了关于如何使用区块链规避制裁的演讲后被捕。如果被判违反美国法律,他可能面临长达20年的牢狱之灾。

两名黑客通过 SIM 卡交换攻击窃取 55 万美元加密货币:美国司法部指控两名男子涉嫌进行SIM卡交换攻击,目的是从目标对象手中窃取加密货币。据称,在此次案件中,来自已知受害者的超过55万美元的加密货币被盗。

庞氏骗局PlusToken:据称,PlusToken实施了一个退出骗局,带走了29亿美元的存款。目前,一些涉案人员已经被逮捕。

12月

黑客对Vertcoin区块链发动“51%攻击”:2018年12月,Vertcoin遭受了“51%攻击”,一年后,历史重演。2019年12月,黑客再次对Vertcoin区块链发动进攻,这次攻击导致了603个区块被从VTC链中移除,取而代之的是553个攻击区块,此举旨在方便黑客执行“双花”。

注释:

● 51%攻击,一种术语,代表着攻击者手中累积的算力已经超过加密货币网络中其他所有成员的总和,这意味着攻击者将能控制货币产出。

● “双花”,又名“双重支付”,指的是同一个比特币同时进行了两次支付,这是一种利用区块确认时间差的欺诈行为。

原文

Bitcoin battered: The worst crypto catastrophes of 2019

Millions in cryptocurrency stolen,exit scams,and countless arrests were made in connection to crypto criminal schemes this year.

The cryptocurrency market is booming,and with it,criminals are looking to cash in.

Bitcoin(BTC)may not have sustained the $19,000+ price tag of previous years,now coming in at roughly $7,200 at the time of writing,but there is also a variety of other stable coins and altcoins,including Ethereum(ETH),Ripple(XRP), Monero(XMR), Bitcoin Cash(BCH), and Litecoin(LTC), that maintain a loyal following and constant trade.

The industry has gained enough traction in recent years that regulators are beginning to shift towards the viewpoint that virtual coins should be considered taxable assets,with the IRS now hunting down cryptocurrency traders that do not declare their investments.The UK’s Financial Conduct Authority(FCA) also clarified its stance(.PDF)this year on what coins can be considered securities or e-money — some of which now land under the FCA’s remit.

Russia,too,known for its hostile approach to cryptocurrency,has begun to accept that cryptocurrency may have a legal position in the economy.

With any form of asset that has financial worth,criminals will look for ways to fraudulently profit and cryptocurrency is no exception. The industry is rather unregulated,with laws potentially applied locally,but with exchanges registered worldwide,investment in cryptocurrency can be a risk.

Exchanges are a common target. A weakness in a website,a vulnerability leading to exposure of a hot wallet — storage systems used to hold virtual coins that are Internet-connected — insider threats,and exit scams can all result in traders losing their cryptocurrency. Wallets,too,can be ransacked when vulnerabilities are found,and the blockchain itself,the backbone technology of cryptocurrency exchanges,may be subject to attacks . Unless cryptocurrency is stashed in a cold,hardware-based wallet that is not connected to the web,there may be a risk of cyberattack.

Below,we take a look at some of the most noteworthy cases of hacking,criminal investigations,exit scams,and cryptocurrency-related breaches over 2019.

JANUARY:

Cryptopia:New Zealand’s Cryptopia cryptocurrency exchange was pulled offline due to some form of hack,but details are scant. Trading was suspended and the firm went into liquidation.Estimates suggest that up to $16 million may have been lost.

Proof of Stake:Security issues were found in 26 forms of cryptocurrency opening up users to “Fake Stake” attacks,crashing blockchains and giving attackers the opportunity to seize control of them.

LocalBitcoins:An attack taking place on the peer-to-peer cryptocurrency market platform led to the theft of Bitcoin belonging to customers.

Bitgrail sentence:The previous owner of hacked exchange Bitgrail — which lost $195 million in Nano coins — was commanded by an Italian court to return as much in customer funds as possible,leading to the seizure of assets.

IOTA arrest:Europol arrested a man from the United Kingdom on suspicion of stealing €10 million in IOTA cryptocurrency.

FEBRUARY:

Coinmama:Coinmama was made aware that 450,000 email addresses and hashed passwords of users were up for sale on the Dark Web.

MARCH:

Bithumb:Bithumb reported another security incident,the third in two years. It is believed that cyberattackers may have stolen up to $20 million in EOS tokens and Ripple.

DragonEx, CoinBene:The cryptocurrency exchanges were subject to cyberattacks,leading to an estimated loss of $1 million in cryptocurrency by DragonEx,and $45 million by CoinBene.

MAY:

Binance:Cyberattackers compromised the Binance cryptocurrency exchange platform and made off with $41 million in Bitcoin.

Bestmixer.io:Bestmixer.io was seized by European police. The online service is thought to have laundered over $200 million in cryptocurrency throughout the years.

JUNE:

GateHub:Ledger wallets belonging to 18,473 customers were compromised. Suspicious API calls were detected and an investigation concluded the attacker(s)managed to access a database containing valid access tokens. It is still not known exactly just how many coins were stolen,but estimates suggest that at least $10 million was taken.

Bitrue:Singaporean exchange Bitrue lost 9.3 million in XRP and 2.5 million in Cardano(ADA)from its hot wallet,worth millions of dollars. A hacker exploited a vulnerability in review process systems to steal customer funds.

€24 million Bitcoin heist:Six arrests were made in the UK and the Netherlands by Europol and Eurojust. The suspects are alleged to have operated a scam that netted them €24 million in Bitcoin(BTC).

JULY:

Bitpoint:Japan-based cryptocurrency exchange Bitpoint was subject to $32 million in cryptocurrency theft,$23 million of which belonged to the organization’s customers.

SEPTEMBER:

Ethereum startup extortion:Two cryptocurrency consultants were arrested and charged by the DoJ based on claims the pair attempted to extort an Ethereum startup,threatening to destroy the business unless they were paid what they wanted.

EtherDelta charge:A hacker best known for attacking TalkTalk was also indicted for an attack in 2017 on cryptocurrency exchange EtherDelta.

OCTOBER:

MapleChange:Canadian crypto trading post MapleChange said that over 900 BTC had been stolen,but customers would not be refunded — and very quickly thereafter,the firm’s website and social media presence vanished. Foul play is suspected.

Satowallet:Satowallet blamed Telegram scammers for the loss of $1 million,stolen from customer wallets. An exit scam is suspected.

NOVEMBER:

Upbit:South Korean cryptocurrency exchange Upbit said that 342,000 in Ethereum(ETH)had been stolen from the firm’s hot wallet,worth roughly $48.5 million. The exchange has promised that customers will not be impacted and the funds will be covered by Upbit assets.

Monero:The official Monero website was compromised to deliver a malicious Official Linux CLI binary,tampered to steal funds from unwitting users.

North Korea talks:Ethereum project member and cryptocurrency expert Virgil Griffith was arrested after giving a talk at a technology conference in North Korea about how the blockchain could be used to circumvent sanctions. If found guilty of breaking US law,he may face up to 20 years behind bars.

Crypto theft, SIM-swapping:The DoJ charged two men for allegedly conducting SIM-swapping attacks in order to steal cryptocurrency from high-value targets. Over $550,000 in cryptocurrency from known victims was allegedly stolen after phone numbers were hijacked to gain access to victim wallets.

PlusToken:PlusToken allegedly performed an exit scam,walking away with $2.9 billion in deposits. Some individuals suspected of being involved have been arrested.

DECEMBER:

Vertcoin:Vertcoin suffered a 51% attack in December 2018,and a year later, history repeated itself. This attack resulted in 603 blocks being removed from the VTC chain and replaced by 553 attacker blocks in order to perform double-spending.

END

数据观微信公众号

数据观

公众号:cbdioreview

官网:www.cbdio.com