中英文模式阅读
中文模式阅读
英文模式阅读


An attack on your crypto assets is inevitable: Slam the door shut on crypto theft.

Go to the profile of Wasim Ahmad
Wasim Ahmad BlockedUnblockFollowFollowing Apr 5
BlockedUnblockFollow关注4月5日

In 2008, the Federal Trade Commission recorded identity theft at the top complaint submitted by U.S. consumers. Now, these complaints
have grown 20% higher
and many involve mobile devices. Cybercrime is a booming criminal industry raking in nearly $1.5 trillion each year globally. You might also remember that in 2008 the
Bitcoin Whitepaper
was released, effectively creating a "purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution". Given the total market cap of cryptocurrencies was over $130.3 billion as of March 1st, 2019, it's no surprise that crypto assets are subject to the same kinds of attacks we've seen in the early days of mobile banking.

Hackers and scams have been prevalent since the inception of crypto, but just how successful have they been and how have they evolved their tactics? Research shows that
自加密开始以来,黑客和诈骗一直很普遍,但是他们有多成功以及他们如何演变他们的策略?研究表明in 2018 alone over $1.7 billion in cryptocurrency was stolen by hackers, which was more than triple that in the previous year. Of that number, "$950 million was stolen from exchanges and wallet providers while the other $725 million was taken through "inside jobs," including fraudulent ICOs, exit scams, staged exchange hacks, and Ponzi schemes" according to blockchain intelligence company
,这是去年的三倍多。其中,"9.5亿美元是从交易所和钱包提供商那里偷来的,而其他7.25亿美元是通过"内部工作"获得的,其中包括欺诈性ICO,退出诈骗,分阶段交换黑客和庞氏骗局"根据区块链情报公司的说法Ciphertrace. Let's examine the evolution of crypto-jacking and derive lessons to protect ourselves moving forward.
。让我们来看看加密的演变,并从中汲取教训,以保护自己前进。

History

From 2011 to today there have been numerous headlines about hacks and scam in the crypto industry. Each of the following is an example of crypto-jacking in recent history that highlights various tactics used by hackers and fraudsters.
从2011年到今天,关于加密行业中的黑客攻击和骗局的头条新闻众多。下面的每一个都是近代历史中加密的例子,突出了黑客和欺诈者使用的各种策略。

Timeline
Timeline

2011

One of the first major cryptocurrency heists was
第一个主要的加密货币抢劫之一是the Mt. Gox hack, where $30,000 in Bitcoin was stolen. The computer of an auditor of the exchange was compromised by attackers who proceeded to manipulate the price of bitcoin on the exchange to one cent. The attackers then stole the private keys of Mt. Gox clients that were stored in hot wallets (wallets that are connected to the internet) and transfer out the Bitcoins at an artificially reduced price.
,比特币30,000美元被盗。交易所审计员的计算机遭到攻击者的攻击,他们将交易所的比特币价格操纵到1美分。然后攻击者偷走了山的私钥。 Gox客户存储在热钱包(连接到互联网的钱包)中,并以人为降低的价格转出比特币。

2012

In 2012, the
In 2012, the Bitcoin Savings and Trust investment fund shuts down and is determined to be a fraudulent Ponzi Scheme a year later having robbed is investors of an equivalent to $2.8 million. In 2016, the culprit was sentenced 18 months in prison for a classic scam in an emerging medium of exchange.
并且一年后被确定为欺诈性的庞氏骗局,被抢劫的投资者相当于280万美元。 2016年,罪魁祸首被判处18个月监禁,因为在新兴的交换媒介中存在经典骗局。

2013

As cryptocurrencies became more mainstreamed, one Bloomberg anchor had a
随着加密货币变得更加主流化,彭博的一位主持人有了一个bitcoin gift card stolen directly from live TV after the anchor displayed a close up of the digital QR code used to claim the coins. All it took was a quick-witted viewer to whip out a phone and beat the newscasters to the punch.
在锚点显示用于索取硬币的数字QR码的特写之后。所有这一切都是一个机智的观众,可以掏出一部手机,击败新闻播报员。

2014

Yet again Mt. Gox is hacked, this time
又一次了。这次,Gox被黑了losing a total of 650,000 BTC. Unable to recover from the loss, all trading was stopped and the exchange filed for bankruptcy. The attacker was never identified, leaving other exchange vulnerable to attack.
。无法从损失中恢复,所有交易都被停止,交易所申请破产。攻击者从未被发现,其他交易所容易受到攻击。

2015

Thousands of Dark Web users see $12 million in Bitcoin disappear during the
成千上万的Dark Web用户看到1200万美元的比特币消失了Evolution Marketplace exit scam. Deceitful folks eager to capitalize on the hype of the crypto movement are reaching all corners of the deep web.
。渴望利用加密运动炒作的欺骗性人们正在深入到网络的各个角落。

2016

It's not just Bitcoin, any cryptocurrency and altcoins can be stolen without proper protection. In 2016, $60 million was lost in
这不只是比特币,任何加密货币和山寨币都可以在没有适当保护的情况下被盗。 2016年,损失了6000万美元The DAO Attack. The DAO (Decentralized Autonomous Organization) is built on Ethereum that runs via a series of smart contracts and is governed by member voting. The purpose of The DAO was to collectively fund member projects, but instead, much of the funds were drained in code attack that exposed a loophole to allow the attacker to siphon out funds into a "child DAO". The thief was never caught.
。 DAO(分散式自治组织)建立在以太坊上,通过一系列智能合约运行,并由成员投票管理。 DAO的目的是集体资助成员项目,但相反,大部分资金在代码攻击中耗尽,暴露了漏洞,允许攻击者将资金吸入"儿童DAO"。小偷从未被抓住过。

2017

In an effort to bring price stability to cryptocurrencies, Tether released a coin that pegged one-to-one to the USD across exchanges, platforms, and wallets. In 2017 Tether announced the transfer of
为了使加密货币的价格稳定,Tether发布了一枚硬币,它在交易所,平台和钱包中与美元一对一挂钩。 2017年Tether宣布转让nearly $31 million to an unauthorized wallet. They also announced, however, that the stolen tokens would not be redeemable.
。不过,他们还宣布,被盗的代币不可兑换。

2018

Last year brought an onslaught of hacks targeted at exchanges. At the turn of the year, the price of Bitcoin skyrocketed and the popularity of crypto assets was at an all-time high. In the prior year, many exchanges and wallet providers all over the world raced to capture market share of crypto users, but many lacked necessary security measures and hackers became more savvy and determined. One such example is the Japanese crypto-exchange
去年,针对交易所的黑客行为遭到猛烈攻击。在今年年初,比特币的价格飙升,加密资产的普及率达到历史最高水平。去年,世界各地的许多交易所和钱包提供商争夺了加密用户的市场份额,但许多人缺乏必要的安全措施,黑客变得更加精明和坚定。一个这样的例子是日本的加密交换Coincheck which lost a whopping $400 million worth of crypto coins.
of crypto coins.

2019

Already early on in 2019, we see an interesting case in which
早在2019年,我们就看到了一个有趣的案例QuadrigaCX, Canada's biggest cryptocurrency exchange, lost $150 million worth of crypto supposedly due to the death of the founder, who was the only person who knew the private keys. However, there are have been uncertainties raised about the case: did the founder fake his death? Is this a case of fraud? Or did poor contingency planning cause the funds to be simply inaccessible?
据说是由于创始人去世,他是唯一知道私钥的人。然而,该案件引起了不确定性:创始人是否伪造了他的死讯?这是欺诈案吗?或者糟糕的应急计划导致资金无法进入?

Threats

Despite more awareness about security, hackers outwitted operators, and some operators outwitted customers to commit fraud. From these examples over the last few years, we can examine some common ways crypto has been stolen and outright lost:
尽管人们对安全性有了更多的认识,但黑客还是在操作员中愚弄,而一些运营商却欺骗客户进行欺诈。从过去几年的这些例子中,我们可以研究一些常见的加密被窃取和彻底丢失的方法:

  • THEFT : Traditional methods such as phishing, extortion, or fraud could subject you to identity theft.
  • HACKS : A critical detail about a coordinated heist from is that most of the incidents regarding stolen crypto have a common theme: the digital assets were kept in exchanges.
  • DEFECTS: Having your digital assets stolen is not the only way to lose money in the crypto world. Technical errors could cause funds to be locked up forever.

It is estimated that 20% of Bitcoin's supply is unrecoverable. The hard truth is there have always been and always will be thieves after your wealth, the only difference is theft now happens mostly in the digital space. Cybersecurity threats are on the rise and
据估计,比特币20%的供应量是不可恢复的。事实上,在你的财富之后一直都会有盗贼,唯一的区别就是盗窃现在主要发生在数字空间。网络安全威胁正在上升crypto owners are prime targets.
.

Although there are new solutions emerging, there will be tradeoffs between security standards and ease of use. Additionally, there are a few security fundamentals that will always hold true, ever when using offline wallets.
尽管出现了新的解决方案,但安全标准和易用性之间将存在权衡。此外,在使用离线钱包时,有一些安全基础将永远成立。

Prevention

Crypto is going to continue to be targeted, so if you want to HODL your crypto assets for the long run, it is imperative to adopt pro-active preventative measures. Firstly, don't leave your crypto anywhere that is connected to the internet. Second, don't trust centralized authorities (even if you don't believe them to be a hostile actor) with custody of your coins.
加密将继续成为目标,所以如果你想长期使用加密资产,必须采取积极的预防措施。首先,不要将加密放在任何连接到互联网的地方。第二,不要相信集中管理机构(即使你不相信他们是敌对的行为者)与你的硬币保管。

Instead, use common sense and apply basic security principles like a backup to a digital vault.
相反,使用常识并将基本安全原则(如备份)应用于数字保险库。

Hardware wallets are also a great option, but remember to keep track of it and choose memorable yet hard to guess PIN. Backup your private keys and recovery phrases --- always.
硬件钱包也是一个很好的选择,但请记住要跟踪它并选择令人难忘但难以猜测的PIN码。备份您的私钥和恢复短语---总是如此。

Conclusion

We routinely store our cryptocurrency assets, for day-to-day use, in hardware/software wallets or in a centralized, online account. However, both of these approaches have significant weaknesses. In the case of wallets, if the owner loses the device, she risks permanent loss of all the assets. Wallet vendors provide 12/24-word passphrases as means of "last resort" backup. Owners store these passphrases as pieces of paper --- sometimes in a bank safe deposit box, sometimes in a sock drawer. That is a pretty odd medium to use for the highest level of security for digital money. This approach not only shifts the risk of attack on keys into the recovery phrase, but it is also subject to a whole new set of risks --- earthquakes, burglaries, mudslides and fires to mention a few factors in California alone. The paper passphrase, unfortunately, becomes an unacceptably risky single point of failure.

In the case of centralized online accounts, all of the account holders are at catastrophic risk when dedicated criminal hacker organizations target the online storage providers, which was the case with MtGox (2014), Bitstamp (2015), Bitfinex (2016) and Coincheck (2018). The delegation leaves users without direct ownership of their funds, negates one of the key principles of crypto assets and effectively forces users to fully trust a centralized storage vendor. That relegates crypto assets to same outdated setup as the legacy banking system.

As cryptocurrency investors start to invest in more and more coins, the number of accounts and wallets needed will also increase. Given the threat landscape, protecting cryptocurrency, whether for the short term or the long haul, is critical. A better solution is needed to prevent more high-profile hacks and the subsequent loss of assets --- some of it irretrievably. Learn more about how
Vault12
is changing the risk landscape with its digital custody app --- now available (beta)
vault12.com/getapp
.

Written by
Written by Kyle Graden and
and Wasim Ahmad.
.
First published at vault12.com/blog
首次发布于vault12.com/blog

Wasim Ahmad

Marketing Entrepreneur, passionate about AI, VR, ecommerce, data science, security, payments, design, hot cars, food, travel, cryptography & spy movies
营销企业家,热衷于人工智能,虚拟现实,电子商务,数据科学,安全,支付,设计,热门汽车,食品,旅游,密码学和间谍电影

  • Follow
    Follow Vault12

Vault12

Protecting the future of money
保护货币的未来

中英文模式阅读
中文模式阅读
英文模式阅读

查看英文原文

查看更多文章

公众号:银河系1号
公众号:银河系1号

联系邮箱:public@space-explore.com
联系邮箱:public@space-explore.com

(未经同意,请勿转载)
(未经同意,请勿转载)