全文共計3118字,預計閱讀時間15分鍾
來源 | Zdnet(轉載請注明來源)
作者 | Charlie Osborne
譯者 | 石煜倩
編輯 | 張77
今年發生了數百萬起加密貨幣被盜事件,“退出騙局”及無數與密碼犯罪相關的逮捕事件也在上演。
加密貨幣市場蓬勃發展的同時,不法分子們也企圖借此牟利。
比特幣(BTC)可能已經無法續寫前幾年1.9萬美元以上市值的輝煌了,筆者在撰寫本報告時,比特幣目前的市值約爲7200美元,但市場上除了比特幣外還存在其他各種穩定的虛擬貨幣和阿爾特幣,其中包括Ethereum (ETH),Ripple(XRP),Monero(XMR),Bitcoin Cash(BCH),和Litecoin(LTC)等,這些幣始終有忠實的追隨者,關于這些幣的交易也在不斷進行。
近年來,虛擬貨幣行業一直被人們所關注,以至于監管機構開始轉向虛擬貨幣應被視爲應納稅資産的觀點。
美國國稅局(IRS)目前正在追捕未申報其投資的加密貨幣交易員。
英國金融市場行爲監管局(FCA)今年也就哪些幣可以被視爲證券或電子貨幣闡明了其立場。
對加密貨幣持敵對態度的俄羅斯,也開始接受加密貨幣在金融市場中可以具有合法地位的事實。
對于任何形式、具有金融價值的資産,犯罪分子都會想方設法從中騙取利潤,加密貨幣也不例外。
該行業的受監管程度相當不均衡,法律也許能在當地適用,但隨著加密貨幣交易所在全球範圍內大量注冊,對密碼貨幣進行投資的風險也越來越高。
加密貨幣交易所是犯罪分子的一個共同目標。
網站本身的不足、導致熱錢包(用于存放聯網虛擬貨幣的存儲系統)暴露的系統漏洞、內部威脅以及退出騙局都可能導致交易商失去他們的加密貨幣。
一旦發現漏洞,錢包可能被洗劫一空,區塊鏈(加密貨幣交換的主幹技術)本身也可能遭受攻擊,除非加密貨幣隱藏在一個基于硬件的且沒有連接到網絡的冷錢包中,否則就會存在被網絡攻擊的風險。
下面,我們來看看2019年最值得關注的與加密貨幣相關的黑客、刑事調查、退出騙局以及數據泄露事件。
1月
新西蘭加密貨幣交易所Cryptopia遭黑客攻擊:由于某種形式的黑客攻擊,新西蘭加密貨幣交易所被迫下線,但細節尚不清楚。當時,該公司暫停交易,進行清算,估計有價值1600萬美元的資産損失。
權益證明(Proof of Stake)加密貨幣出現安全問題:在26個基于權益證明的加密貨幣中發現了安全問題。用戶有可能受到“假權益”攻擊,攻擊者破壞區塊鏈並伺機控制它們。
比特幣交易平台LocalBitcoins遭黑客攻擊:點對點加密貨幣交易平台LocalBitcoins遭受攻擊,導致屬于客戶的比特幣被盜。
對Bitgrai公司的判決:被黑客入侵的Bitgrail交易所的前所有者——由于Bitgrail交易所軟件存在漏洞造成了1.95億美元的NaNo幣被盜——被意大利一家法院命令盡可能多的賠償客戶損失,導致個人資産被沒收。
盜竊IOTA代幣的黑客被捕:歐洲刑警組織1月逮捕了一名涉嫌盜竊價值1 000萬歐元加密貨幣的罪犯。
2月
比特幣交易所Coinmama遭黑客攻擊:Coinmama交易所在今年2月被爆出有45萬個用戶的電子郵件地址和散列密碼在黑暗網絡上出售。
3月
韓國第二大加密貨幣交易所Bithumb遭黑客攻擊:據報道,Bithumb在今年3月被黑客攻擊,攻擊者成功竊取了價值約爲2000萬美元的EOS代幣和瑞波幣,這是該公司近兩年來第三起安全事件。
區塊鏈資産交易平台DragonEx以及數字資産交易平台CoinBene遭黑客入侵:這些加密貨幣交易平台在今年三月遭受網絡攻擊,DragonEx估計損失了價值100萬美元的加密貨幣,而CoinBene損失了4500萬美元。
5月
區塊鏈資産交易平台Binance遭黑客入侵:黑客對Binance加密貨幣交換平台進行攻擊,偷走了價值4100萬美元的比特幣。
歐洲最大的加密貨幣服務商之一Bestmixer.io被監管機構查封:Bestmixer.io網站在今年五月被荷蘭當局關閉。據了解,該在線服務多年來利用加密貨幣交易進行洗錢活動,總金額超過2億美元。
6月
加密貨幣錢包GateHub資金被盜:今年6月,GateHub共有18473名顧客的錢包被盜。該公司檢測到了可疑的API調用,並通過調查確定攻擊者設法訪問了包含有效訪問令牌的數據庫。該公司表示,雖然不清楚究竟有多少幣被盜,但估計被盜資産價值至少有1000萬美元。
加密貨幣平台Bitrue遭黑客攻擊:今年6月末,新加坡交易所Bitrue熱錢包因黑客攻擊損失了930萬XRP和250萬ADA,損失金額達數百萬美元。據報道,黑客利用了審查程序系統中的漏洞來竊取客戶資金。
價值2400萬歐元的比特幣盜竊案:6月末,歐洲刑警組織和歐洲檢察署在英國和荷蘭逮捕了6名犯罪嫌疑人,這些嫌疑人被指控操作了一個騙局,盜竊了價值2400萬歐元的比特幣。
7月
Bitpoint交易所價值3200美元加密貨幣被盜:位于日本的加密貨幣交易所Bitpoint在今年7月遭受黑客攻擊,導致價值3200萬美元的加密貨幣被盜,其中2300萬美元屬于該交易所的客戶。
9月
以太坊初創公司被敲詐:今年9月,美國司法部逮捕了兩名加密貨幣顧問並指控他們試圖敲詐勒索一家以太坊初創公司,並威脅說,除非他們得到他們想要的報酬,否則他們會毀了這家公司。
10月
加拿大數字貨幣交易所MapleChange聲稱超過900個比特幣被盜:加拿大數字貨幣交易所MapleChange稱有超過900個比特幣被盜,但客戶不會得到賠償。很快,該公司的網站和社交媒體就消失了,據此,客戶有理由懷疑這是該公司自編自導的一場騙局。
尼日利亞加密錢包Satowallet疑似實施退出騙局:尼日利亞加密錢包Satowallet將100萬美元的加密資産損失歸咎于電信詐騙,他們說是電信詐騙者從顧客錢包裏偷了錢。但是這起事件被懷疑是退出騙局。
11月
韓國加密貨幣交易所Upbit被黑客攻擊:韓國加密貨幣交易所Upbit在11月份發出聲明稱,342000個ETH從該公司的熱錢包中被盜,價值約4,850萬美元。該交易所已承諾,客戶將不會受到影響,資金將由Upbit資産覆蓋。
Monero官方網站被入侵:11月,Monero官方網站被黑客入侵,攻擊者提供惡意的Linux CLI二進制文件,篡改了原二進制文件,目的是從不知情的用戶那裏竊取資金。
加密貨幣專家Virgil Griffith被捕:Ethereum項目成員和加密貨幣專家Virgil Griffith在朝鮮的一個技術會議上發表了關于如何使用區塊鏈規避制裁的演講後被捕。如果被判違反美國法律,他可能面臨長達20年的牢獄之災。
兩名黑客通過 SIM 卡交換攻擊竊取 55 萬美元加密貨幣:美國司法部指控兩名男子涉嫌進行SIM卡交換攻擊,目的是從目標對象手中竊取加密貨幣。據稱,在此次案件中,來自已知受害者的超過55萬美元的加密貨幣被盜。
龐氏騙局PlusToken:據稱,PlusToken實施了一個退出騙局,帶走了29億美元的存款。目前,一些涉案人員已經被逮捕。
12月
黑客對Vertcoin區塊鏈發動“51%攻擊”:2018年12月,Vertcoin遭受了“51%攻擊”,一年後,曆史重演。2019年12月,黑客再次對Vertcoin區塊鏈發動進攻,這次攻擊導致了603個區塊被從VTC鏈中移除,取而代之的是553個攻擊區塊,此舉旨在方便黑客執行“雙花”。
注釋:
● 51%攻擊,一種術語,代表著攻擊者手中累積的算力已經超過加密貨幣網絡中其他所有成員的總和,這意味著攻擊者將能控制貨幣産出。
● “雙花”,又名“雙重支付”,指的是同一個比特幣同時進行了兩次支付,這是一種利用區塊確認時間差的欺詐行爲。
原文
Bitcoin battered: The worst crypto catastrophes of 2019
Millions in cryptocurrency stolen,exit scams,and countless arrests were made in connection to crypto criminal schemes this year.
The cryptocurrency market is booming,and with it,criminals are looking to cash in.
Bitcoin(BTC)may not have sustained the $19,000+ price tag of previous years,now coming in at roughly $7,200 at the time of writing,but there is also a variety of other stable coins and altcoins,including Ethereum(ETH),Ripple(XRP), Monero(XMR), Bitcoin Cash(BCH), and Litecoin(LTC), that maintain a loyal following and constant trade.
The industry has gained enough traction in recent years that regulators are beginning to shift towards the viewpoint that virtual coins should be considered taxable assets,with the IRS now hunting down cryptocurrency traders that do not declare their investments.The UK’s Financial Conduct Authority(FCA) also clarified its stance(.PDF)this year on what coins can be considered securities or e-money — some of which now land under the FCA’s remit.
Russia,too,known for its hostile approach to cryptocurrency,has begun to accept that cryptocurrency may have a legal position in the economy.
With any form of asset that has financial worth,criminals will look for ways to fraudulently profit and cryptocurrency is no exception. The industry is rather unregulated,with laws potentially applied locally,but with exchanges registered worldwide,investment in cryptocurrency can be a risk.
Exchanges are a common target. A weakness in a website,a vulnerability leading to exposure of a hot wallet — storage systems used to hold virtual coins that are Internet-connected — insider threats,and exit scams can all result in traders losing their cryptocurrency. Wallets,too,can be ransacked when vulnerabilities are found,and the blockchain itself,the backbone technology of cryptocurrency exchanges,may be subject to attacks . Unless cryptocurrency is stashed in a cold,hardware-based wallet that is not connected to the web,there may be a risk of cyberattack.
Below,we take a look at some of the most noteworthy cases of hacking,criminal investigations,exit scams,and cryptocurrency-related breaches over 2019.
JANUARY:
Cryptopia:New Zealand’s Cryptopia cryptocurrency exchange was pulled offline due to some form of hack,but details are scant. Trading was suspended and the firm went into liquidation.Estimates suggest that up to $16 million may have been lost.
Proof of Stake:Security issues were found in 26 forms of cryptocurrency opening up users to “Fake Stake” attacks,crashing blockchains and giving attackers the opportunity to seize control of them.
LocalBitcoins:An attack taking place on the peer-to-peer cryptocurrency market platform led to the theft of Bitcoin belonging to customers.
Bitgrail sentence:The previous owner of hacked exchange Bitgrail — which lost $195 million in Nano coins — was commanded by an Italian court to return as much in customer funds as possible,leading to the seizure of assets.
IOTA arrest:Europol arrested a man from the United Kingdom on suspicion of stealing €10 million in IOTA cryptocurrency.
FEBRUARY:
Coinmama:Coinmama was made aware that 450,000 email addresses and hashed passwords of users were up for sale on the Dark Web.
MARCH:
Bithumb:Bithumb reported another security incident,the third in two years. It is believed that cyberattackers may have stolen up to $20 million in EOS tokens and Ripple.
DragonEx, CoinBene:The cryptocurrency exchanges were subject to cyberattacks,leading to an estimated loss of $1 million in cryptocurrency by DragonEx,and $45 million by CoinBene.
MAY:
Binance:Cyberattackers compromised the Binance cryptocurrency exchange platform and made off with $41 million in Bitcoin.
Bestmixer.io:Bestmixer.io was seized by European police. The online service is thought to have laundered over $200 million in cryptocurrency throughout the years.
JUNE:
GateHub:Ledger wallets belonging to 18,473 customers were compromised. Suspicious API calls were detected and an investigation concluded the attacker(s)managed to access a database containing valid access tokens. It is still not known exactly just how many coins were stolen,but estimates suggest that at least $10 million was taken.
Bitrue:Singaporean exchange Bitrue lost 9.3 million in XRP and 2.5 million in Cardano(ADA)from its hot wallet,worth millions of dollars. A hacker exploited a vulnerability in review process systems to steal customer funds.
€24 million Bitcoin heist:Six arrests were made in the UK and the Netherlands by Europol and Eurojust. The suspects are alleged to have operated a scam that netted them €24 million in Bitcoin(BTC).
JULY:
Bitpoint:Japan-based cryptocurrency exchange Bitpoint was subject to $32 million in cryptocurrency theft,$23 million of which belonged to the organization’s customers.
SEPTEMBER:
Ethereum startup extortion:Two cryptocurrency consultants were arrested and charged by the DoJ based on claims the pair attempted to extort an Ethereum startup,threatening to destroy the business unless they were paid what they wanted.
EtherDelta charge:A hacker best known for attacking TalkTalk was also indicted for an attack in 2017 on cryptocurrency exchange EtherDelta.
OCTOBER:
MapleChange:Canadian crypto trading post MapleChange said that over 900 BTC had been stolen,but customers would not be refunded — and very quickly thereafter,the firm’s website and social media presence vanished. Foul play is suspected.
Satowallet:Satowallet blamed Telegram scammers for the loss of $1 million,stolen from customer wallets. An exit scam is suspected.
NOVEMBER:
Upbit:South Korean cryptocurrency exchange Upbit said that 342,000 in Ethereum(ETH)had been stolen from the firm’s hot wallet,worth roughly $48.5 million. The exchange has promised that customers will not be impacted and the funds will be covered by Upbit assets.
Monero:The official Monero website was compromised to deliver a malicious Official Linux CLI binary,tampered to steal funds from unwitting users.
North Korea talks:Ethereum project member and cryptocurrency expert Virgil Griffith was arrested after giving a talk at a technology conference in North Korea about how the blockchain could be used to circumvent sanctions. If found guilty of breaking US law,he may face up to 20 years behind bars.
Crypto theft, SIM-swapping:The DoJ charged two men for allegedly conducting SIM-swapping attacks in order to steal cryptocurrency from high-value targets. Over $550,000 in cryptocurrency from known victims was allegedly stolen after phone numbers were hijacked to gain access to victim wallets.
PlusToken:PlusToken allegedly performed an exit scam,walking away with $2.9 billion in deposits. Some individuals suspected of being involved have been arrested.
DECEMBER:
Vertcoin:Vertcoin suffered a 51% attack in December 2018,and a year later, history repeated itself. This attack resulted in 603 blocks being removed from the VTC chain and replaced by 553 attacker blocks in order to perform double-spending.
– END –
數據觀微信公衆號
數據觀
公衆號:cbdioreview
官網:www.cbdio.com