zoukankan      html  css  js  c++  java
  • Hacker Exploits Flaw in Decentralized Bitcoin Exchange Bisq to Steal $250K

    https://www.coindesk.com/hacker-exploits-flaw-in-decentralized-exchange-bisq-to-steal-250k

    Decentralized exchange (DEX) Bisq rang the alarm bells last night after a hacker exploited a significant software flaw to steal more than $250,000 worth of cryptocurrency from users.

    Bisq, which allows users to exchange crypto anonymously, abruptly disabled trading late Tuesday night after it uncovered "a critical security vulnerability."

    At the time, the exchange did not release any information regarding the nature of the flaw or whether user funds were safe. But 18 hours after it halted trading, Bisq said it took the "unprecedented" step after finding an attacker was exploiting a flaw in the software to steal cryptocurrency from other users.

    "About 24 hours ago, we discovered that an attacker was able to exploit a flaw in the Bisq trade protocol, targeting individual trades in order to steal trading capital. We are aware of approximately 3 BTC and 4,000 XMR stolen from 7 different victims. This is the situation as we know it so far," Bisq said in a statement to CoinDesk.

    The value of the crypto stolen was roughly $22,000 worth of bitcoin (BTC) and $230,000 worth of monero (XMR), according to CoinDesk data at press time. In total, that comes to more than $250,000.

    To carry out the thefts, the attacker was able to set other users' default fallback address – the destination to which crypto is sent to if a trade fails – to their own. Posing as a seller, they would start a trade with a buyer and simply wait for the time limit to run out. Rather than going to the legitimate owner, the digital assets arrived with the attacker, along with the buyer's payment and security deposit too.

    See also: Binance’s DEX Now Supports AML Compliance Via CipherTrace

    The flaw in question came as part of a recent update to the trading protocol, which was designed to improve decentralization and remove trusted third parties from the platform.

    Bisq managed to fix the flaw by 12:00 UTC Wednesday and told CoinDesk just before publication that trading had just resumed again.

    Bisq released onto testnet back in late 2018 as an exchange structured as a decentralized autonomous organization (DAO). It works in much the same way as other DEXs, but users can trade anonymously as there are no registration or identity verification requirements.

    With the platform based on a distributed network, each user effectively acts as a node. Although Bisq's developers had suspended trading, the exchange's decentralized nature means users could override the suspension should they wish.

    See also: New Crypto Exchange Altsbit Says It Will Close Following Hack

    In most cases of an exchange hack, the attacker can be booted off the trading platform for good. Not so with Bisq. One of the DEX's associated developers told CoinDesk that although the flaw was fixed, there was nothing to prevent the attacker – whose identity cannot be known – from accessing and trading on the platform again.

    "Anyone can use Bisq, there is no censorship," the developer said. "Just like anyone can use bitcoin, there is no way to ban someone from bitcoin."

  • 相关阅读:
    Mysql 批量插入数据的方法
    sql server 多行合并一行
    跨服务器多库多表查询
    OPENQUERY用法以及使用需要注意的地方
    C# 判断操作系统的位数
    rpc介绍
    JavaScript decodeURI()与decodeURIComponent() 使用与区别
    UNIX 时间戳 C#
    C# winform javascript 互调用
    oracle 实例名和服务名以及数据库名区别
  • 原文地址:https://www.cnblogs.com/dhcn/p/12663578.html
Copyright © 2011-2022 走看看