Author |
Produced by Yuxing |Vernacular Blockchain (ID: hellobtc)
Blockchain is a door to a new world. It seems to let us see a transparent and fair world. But everyone does not know that this door is also facing various attacks. What kinds of attacks are there? Today, Dabai will talk to you about attacks in the blockchain.
01 transaction malleability attack
Transaction malleability attacks are also called transaction plasticity attacks.In real life, after we knock a piece of gold into shape, although the shape has changed, the quality has not changed. That is to say, the appearance of gold has changed but it is still recognized. This characteristic is called "forgeability". " .
In the Bitcoin system, there is a similar term, "Transaction Malleability". This term is usually translated as "transaction malleability", also known as "transaction malleability", and attacks that use transaction malleability are called transaction malleability attacks.
It specifically refers to the fact that after Bitcoin transaction A is issued, before it is confirmed, the attacker modifies certain transaction data to make the unique identification of a transaction-the transaction hash changed, and form a new transaction B , If transaction B is recorded in the Bitcoin ledger first, then transaction A will be verified as illegal due to the double payment problem and thus rejected .
A realistic example is: Xiao Hei initiates a coin withdrawal from the exchange, and then the transaction of his withdrawal is broadcasted. Before his transaction was verified by the node, Xiao Hei carried out a malleable attack, which happened to happen. His new transaction is confirmed first, and the new transaction will still allow him to receive coins (recognized as if the appearance of gold has changed), but the greedy Xiaohei complained to the exchange that he did not receive the coins. The exchange took a look before The transaction to transfer coins to Xiao Hei was indeed rejected, so he sent another amount of coins to Xiao Hei. Xiao Hei felt happy in his heart. The greedy Xiao Hei was not satisfied yet, and he continued the same attack many times. Attacks, which led to a large loss of funds on the exchange.
Therefore, when the transaction cannot be confirmed, it needs to be stopped immediately. It should be based on the transaction error message on the blockchain and check whether such a transaction has been initiated within a short period of time, and then perform manual processing.
02 dust attack
"Dust" means a small amount of coins (for example, 1 satoshi is "dust", which is only 0.00000001 Bitcoin). Under normal circumstances, very few people's transaction amount will be so small, because the transaction fee has exceeded the transaction amount.
It is precisely because the "dust" is so small that it is easy to be ignored by users. This phenomenon was noticed by Xiaohei (scammers), so Xiaohei is like transferring "dust" to the user's wallet address and receiving these "dust" Dabai, the user of Dabai, did not pay attention. The dust was received by Dabai, but it has not been spent, so the "dust" is mixed with the coins ( UTXO ) received but not spent in Dabai’s original wallet address. .
The dust (blue) is mixed with the original received but unspent currency
But the problem now is not big, it's just mixed together. The real problem is to use this unspent fee . When the foolish confession uses the money to transfer money to other addresses or other transactions, it may be Using these "dust", this time the "dust" quietly ran to other user addresses along with Dabai's transaction and kept tracking.
These “dusts” are like fluorescent agents, describing the user Dabai’s behavior in a way that was followed by Xiao Hei. Xiao Hei uses these clues to guess Da Bai’s identity, and then threatens and blackmails Da Bai. . This is the dust attack.
How to avoid this kind of attack? As mentioned above, the real problem is that Dabai used unspent currency mixed with "dust". If Dabai did not spend this fee, the "dust" would not run, and Xiaohe would not be able to track it. However, we You cannot ask Dabai because these "dust" will never spend other unspent currency in that pool. Therefore, some wallets (such as Electron Cash) can mark these dust separately to remind Dabai users not to use this dust. To isolate the dust from the other unspent currency in the pool, so that you can use the unspent currency with peace of mind. Thereby effectively avoiding dust attack.
03 Witch Attack
The witch attack is also called the Sybil attack, whose name comes from the movie "Sybli" (Sybli), which tells the story of the psychotherapy of a woman with 16 personality types. The witch attack in the blockchain refers to a malicious node illegally presenting multiple identities.
This is a bit like the "hand in hand" game we played when we were young. When a new kid joins our game circle, he will hold the hand of the person next to him, and then have a better understanding of the person next to him. The same is true in the blockchain. Any network node can send a request message to join, and other nodes that receive the request message will respond immediately, replying to their neighbor node information.
However, in order to get to know more friends, some children change their masks every time so that they can go to different places to lead other children. A malicious node is like this spoofed kid. It pretends to be multiple identities, so that a large amount of blockchain network node information can be obtained for further attacks and destruction.
One way to solve the sybil attack is the proof- of- work mechanism , which uses computing power to prove that you are a node, which greatly increases the cost of the attack .
Another method is identity authentication, which can be based on a third-party reliable node authentication . It's like choosing the one with the brightest eyes among all the friends participating in the game, so as to prevent everyone from being deceived by the mask of the funny kid. Identity authentication can also be full-node authentication. This is equivalent to checking the identity of the spoofed child, which greatly reduces the chance that the spoofing child will successfully disguise multiple identities.
04 Summary
Understanding various types of attacks can enable us to better defend against them, thereby protecting our property. Let’s talk about it today. Later, there will be eclipse attacks and DDoS (distributed denial of service attacks) and other types of popular science introductions. Welcome everyone to pay attention.
What kind of attacks do you still know or want to know about the blockchain? Do you know how to defend against them ?Welcome to share your views in the message area.
▎Past issues
What types of digital asset wallets are there? How to choose?
What is the consensus mechanism known as the "soul of the blockchain"?
This article is a reissue of an old article with slight adjustments to the
original text link: Only by understanding the attack can we defend against attacks more effectively
——End——
"Sound Description: This series is only for entry-block chain science learning, does not constitute any investment advice or recommendations. If there are any errors or omissions, please leave a message to point out. 』
Dear, it’s said that 99.9% of the tasteful people have ordered "Watching"????