Security incidents occur frequently in digital currency exchanges. How much do you know about the top 10 security risks?
The Exchange Security Team of the CSA GCR Blockchain Security Working Group analyzed the security incidents that occurred on the exchange in the past few years, and summarized the ten main security risks according to the frequency of security incidents and the degree of capital loss.
[Original author] Deng Yongkai, Huang Lianjin, Tan Xiaosheng, Ye Zhenqiang, Yu Xiaoguang, Cosine (in alphabetical order)
[auditing expert] Chen Dahong, Zhao Yong
1
Advanced Persistent Threat (APT: Advanced Persistent Threat)
Risk description: Advanced Persistent Threat (English: Advanced Persistent Threat, abbreviation: APT), also known as Advanced Persistent Threat, Advanced Persistent Threat, etc., refers to a hidden and persistent computer intrusion process, usually carefully planned by some personnel, targeting Specific goals. It is usually motivated by business or politics, targeted at a specific organization or country, and requires a high degree of concealment for a long time. Advanced long-term threats include three elements: advanced, long-term, and threat. The high-level emphasis is on the use of sophisticated malware and techniques to exploit vulnerabilities in the system. The long term implies that an external force will continuously monitor a specific target and obtain data from it. Threats refer to attacks planned by humans. The high-level long-term threat of digital currency exchanges is generally that hackers accurately collect the business process and target system of the attacker before the attack. During the collection process, the attack will actively explore the vulnerabilities of the identity management system and applications of the attacked object, and use emails and other phishing methods to install malicious software, wait for the opportunity to mature, and then use 0-day vulnerabilities or exchange processes Attack on the vulnerability. The more well-known APT hacker teams targeting digital currency exchanges include CryptoCore (also known as: Crypto-gang", "Dangerous Password", and "Leery Turtle" successfully stolen 200 million US dollars) and Lazarus (about 500 million stolen) USD).
2 Distributed Denial of Service
(DDOS)
Risk description: Distributed denial of service attack DDoS is a special form of denial of service attack (DoS). It is a distributed and coordinated large-scale attack method. A single DoS attack generally uses a one-to-one approach. It uses some flaws in the network protocol and operating system, and uses deception and camouflage strategies to carry out network attacks. The website server is flooded with a large amount of information that requires a reply, which consumes network bandwidth or system. Resources cause the network or system to be overloaded and paralyzed and stop providing normal network services. Compared with a DoS attack initiated by a single host, a distributed denial of service attack DDoS is a group behavior initiated simultaneously by hundreds or even thousands of hosts that have been invaded and installed with the attack process. Digital currency exchanges are often attacked by DDOS.
3
Insider Attack (Insider Attack)
Risk description: Exchange internal personnel use loopholes in the company's internal security procedures to guard and steal; or use loopholes in procedures and security controls to launch attacks after leaving the exchange.
4 API security risk issues
Risk description: Exchanges generally open APIs for order query, balance query, market price trading, price limit trading, etc. If API security is not well managed, hackers can use API security loopholes to steal funds. The general possible API security vulnerabilities are as follows:
(1) APIs without authentication
must have authentication and authorization mechanisms. Industry-standard authentication and authorization mechanisms (such as OAuth / OpenID Connect) and transport layer security (TLS) are essential.
(2) Code injection
This threat has many forms, but the most typical ones are SQL, RegEx and XML injection. When designing the API, you should understand these threats and make efforts to avoid them. After the API is deployed, continuous monitoring should be carried out to confirm that no vulnerabilities are caused to the production environment.
(3) Unencrypted data It
may not be enough to only rely on HTTPS or TLS to encrypt the data parameters of the API. For personal privacy data and fund-related data, it is necessary to increase other application-level security, such as Data Masking, Data Tokenization, XML Encryption, etc.
(4) Data in the URI
If the API key is transmitted as part of the URI, it may be attacked by hackers. When the URI details appear in the browser or system logs, the attacker may access sensitive data including API keys and users. The best practice is to send the API key as the Message Authorization Header, because this can avoid logging by the gateway.
(5) API Token and API Secret are not well protected.
If hackers can obtain API Token and API Secret of customers or even super users, the security of funds becomes a problem.
Without effective detection of the use of the API, hackers may use the API to transfer multiple accounts and multiple transactions. If the real-time security detection of API cannot judge this kind of attack, there will be losses.
5
False Top-up problem (False Top-up)
Risk description: Fake recharge refers to the problem of incorrect entry of the account caused by the lack of rigorous inspection of the transaction when the logic on the chain is wrong or when the exchange chain is connected with the chain.
6 Exchange hot wallets store too much funds and become hacker targets
Risk description: The exchange hot wallet stores too much funds and becomes a hacker's target. This risk is related to the vulnerability of the exchange hot wallet's IT system, the use of insecure storage methods to store private keys, and low security awareness. Hackers use methods including but not limited to the following:
malicious link phishing to collect user information. Hackers place malicious links to guide users to click, thereby collecting users' login credentials.
The database was attacked and the private key was leaked. The exchange database stores its hot wallet private key, and hackers attack the database. After obtaining the database data, transfer funds through the private key stored in the database.
IT system vulnerabilities. There are loopholes in the exchange's own system. After hackers gain control of the IT system through their free loopholes, they directly transfer funds through the IT system.
Staff guards and steals. Ex-employees transfer their assets through the back door they left behind when they resign.
7 51% attack
(also called hard fork attack, or double spend attack)
Risk description: 51% attack, also known as Majority attack. This attack is to achieve double spending by controlling network computing power. If the attacker controls more than 50% of the computing power in the network, he can reverse the block and perform reverse transactions to achieve double spending while he controls the computing power. Double spend on the same transaction or even roll back past historical transactions.
8 Unsafe document handling
Risk description: This risk is related to the unsafe handling of documents. This includes downloading links or attachments to external e-mails, which is a phishing attack in the traditional sense; it also includes KYC (real name verification) files uploaded by exchange users that have not undergone security processing. In malicious code hiding images, this method is also called steganography. Attackers hide malicious code and instructions in seemingly harmless images for execution. This risk has a certain relationship with the APT risk. Generally speaking, a single email cannot attack you. It must be based on the email, and other interactions can be generated on it, such as inputting content after clicking the link, running/opening the file, when the above actions are required , There is a risk.
9 DNS
domain name hijacking
Risk description: DNS service is a basic service of the Internet. In DNS query, multiple servers are required to interact. All the interaction process depends on the server to obtain correct information. In this process, access requirements may be hijacked.
There are many ways to hijack access requirements:
use routing protocol loopholes to hijack DNS domain names on the network. For example, BGP protocol loopholes (for two ASs that have successfully established a BGP connection, the BGP protocol will basically unconditionally believe the information from the other AS, including the IP address range that the other party claims to have), intercepting the traffic of the victim , And return the wrong DNS address and certificate.
The hijacker controls one or more authoritative servers of the domain name and returns an error message.
The recursive server caches and poisons, and injects a large amount of toxic data into the recursive server, causing the corresponding information of the domain name to be tampered with.
Invade the domain name registration system, tamper with domain name data, and mislead users' access.
The above-mentioned attacks will redirect the user's visit to an address controlled by the hijacker. Using a fake certificate to log in users who do not know the truth, if the user ignores the browser’s certificate invalidity risk warning and continues to start the transaction, the funds in the wallet will be stolen.
10 Third-party security
Risk description: When using a third-party service: the
exchange is hacked
because the third-party service uses its own configuration error; the exchange is hacked
because of the vulnerability of the third-party service ; the third-party service is used to phish, poison, and cause transactions The
exchange was hacked because the third-party service was hacked.
Cases and countermeasures for each risk are described in detail in the white paper; they
can be downloaded for detailed reading on the official website of the Cloud Security Alliance Greater China at https://c-csa.cn/research/results-detail/i-1604/.
* There are some improprieties in this article, please contact the CSA GCR Secretariat to give Yazheng!
Contact email: [email protected]
For more information about the Blockchain Security Working Group,
please check the official website of CSA Greater China. *