I believe that many children's shoes are happy to see this title, and I am afraid that they will make a fortune today. But cough cough, come on, follow the editor to read the core values of socialism aloud:
We can't do illegal things, but, as a geek, it is still necessary to understand some aspects of hacking technology~~~
A few days ago, a hacker hacked into Ethereum, creating the second largest case in the history of digital currency.
Around 12:00 PM PT, an unknown hacker exploited a critical vulnerability in Parity's multi-signature on the Ethereum network to steal more than $30 million worth of Ether from three huge wallets in just a few minutes. Given a few more hours, the hacker could steal over $180 million worth of Ether.
But someone stopped them.
After hearing the siren, white hat hackers from the Ethereum community quickly organized. They analyzed the attack and realized that there was no way to reverse the behavior, but many wallets were left exposed. Time is of the essence, and now there is only one option left: hack into the remaining wallets before the attackers.
By exploiting the same vulnerability, the white hats hijacked all remaining riskier wallets and excluded accounts, effectively preventing attackers from stealing the remaining $150 million.
It looks incredible isn't it, but, you read that right.
In order to prevent hacking the bank, white hats wrote programs to preemptively hack the remaining wallets. So you are most concerned about, where is the money going? White hat hackers can never stay on their own. . . . Rest assured, once the money has been safely stolen, they will start returning the funds to their respective accounts.
This is a big deal, and it has a major impact on the world of cryptocurrencies.
It is important to understand that this vulnerability is not a vulnerability on the Ethereum side or Parity itself. Instead, it's a bug in the default smart contract code that the Parity client deploys multi-signature wallets to users.
It's all complicated, so to make this detail clear to everyone, this article is divided into three parts:
- What on earth happened? An explanation of Ethereum, smart contracts and multi-signature wallets.
- How did they do that? Technical description of the attack (specifically for programmers).
- What should we do now? The impact of attacks on the future and security of smart contracts.
If you are already fairly familiar with Ethereum and the crypto world, you can skip to the second part.
What exactly happened?
There are three components to this story: Ethereum, smart contracts and digital wallets.
Ethereum is a digital currency invented in 2013 - 4 years after the release of Bitcoin. With Bitcoin's $40 billion growth, it has become the world's second-largest digital currency by market capitalization - $2 billion.
Like all cryptocurrencies, Ethereum is a descendant of the Bitcoin protocol and improves upon Bitcoin's design. But don't be fooled: While it's a digital currency like Bitcoin, Ethereum is stronger.
While Bitcoin uses its blockchain to implement a ledger of monetary transactions, Ethereum uses its blockchain to record state transitions in a huge distributed computer. Ethereum's corresponding digital currency, ether is essentially a side effect of powering this large computer.
In other words, Ethereum is really a computer that spans the entire world. Anyone running Ethereum software on their computer is participating in the functioning of the world computer, the Ethereum Virtual Machine (EVM). Because the EVM is designed to be Turing complete (ignoring gas cost), almost anything can be expressed in a computer program.
Gas is a special unit used in Ethereum to measure how much "work" an action or series of actions has.
I want to stress that this is pretty crazy stuff. The crypto world is delighted with the potential of Ethereum, which has seen a surge in value over the past 6 months.
Smart contracts are just computer programs running on the EVM. In many ways, they're like normal contracts, except they don't need a lawyer or judge to interpret the terms. Instead, they are compiled into EVM bytecode and interpreted. With these programs, you can (amongst other things) programmatically transfer digital currency only according to the rules of the contract code.
Of course, there are some things normal contracts can do that smart contracts can't - smart contracts can't easily interact with things that aren't on the blockchain. However, smart contracts can also do things that normal contracts cannot, such as fully enforcing a set of rules through unbreakable encryption.
This leads us to understand the concept of wallets in Ethereum . In the digital currency world, a wallet is how you store your assets. You can use a secret passphrase (also known as your private key) to access your wallet.
Different types of wallets endow different security properties, such as exit restrictions. One of the most popular types is the multi-signature wallet.
In a multi-signature wallet, there are several private keys that can unlock the wallet, but only one key cannot unlock the wallet. For example, if your multi-signature wallet has 3 keys, you can specify that at least 2 of the 3 keys must be provided for successful unlocking.
For more details, please refer to here: http://igeekbar.com/igeekbar/post/277.htm
This means that if your father and your mother are both signers on this wallet, even if criminals steal the private key, they still won't have access to your funds. This is stronger security, so multi-signature is the standard for wallet security.
This is exactly the type of wallet hacked.
So what went wrong? Did they crack the private key? Are they using a quantum computer or some kind of cutting edge factoring algorithm?
No, all encryption is sound. The exploit was actually ridiculously simple: they found a programmer-introduced bug in the code that made them re-initialize the wallet, just like a factory reset. Once they do, they are free to consider themselves the new owner and withdraw money.
How did this happen?
For more details, please refer to here: http://igeekbar.com/igeekbar/post/277.htm