昨天,福布斯数字货币富豪榜Top10中唯一的中国人赵长鹏,度过了难熬的一夜。
Yesterday, the only Chinese in Top 10 of the Forbes digital money list, Zhao Chang Peng, spent a hard night.
他是全球第二大虚拟货币交易所——币安的创始人,但在昨夜,币安发生了一场刷新所有人认知的黑客攻击。币安上大量用户账户被黑。
He was the founder of the second largest virtual currency exchange in the world, the currency security, but last night there was a hacking attack to refresh everyone's knowledge. The currency was hacked into a lot of user accounts.
让大家出乎意料的是,黑客进入系统后,并未偷走账户里的虚拟货币,而是通过控制被黑账户,来操纵币价。一些币种被抛售,币价下跌;另一些币种价格被拉升,其中一种叫VIA的虚拟货币,几小时里暴涨了110倍。
Surprisingly, hackers entered the system and did not steal the virtual currency in the accounts, but managed currency prices by controlling the blacking of accounts. Some currencies were sold and their prices fell; others were raised, one of them called VIA, which jumped 110 times in a few hours.
在涨跌之间,黑客又通过在其他平台做空单方式,轻易完成了收割。受此事件影响,比特币大跌10%。以全球总计1700万个比特币计算,比特币一夜丢了170亿美元。
Between the boom and the fall, hackers easily completed the harvest by making empty sheets on other platforms. Bitcoins fell by 10% as a result of this event. In terms of a global total of 17 million bitcoins, Bitcoins lost $17 billion overnight.
虽然今日币安回应暂停提币,稳定人心,但对不少人而言,事件中最受关注的,是黑客的收割方式。黑客利用大交易所币价涨跌对其他交易所的影响,再在其他数以千计的交易所做空,完成了收割。业内从业者评价,“这是真正的去中心化攻击”。
While today’s currency response is suspended and stable, for many, the most significant concern is the way hackers harvest. Hackers use the impact of large exchange currency price hikes and falls on other exchanges, and thousands of other transactions to complete the harvest. In-house practitioners say, “it’s a real decentralized attack.”
AI财经社获悉,今天上午,币安联合创始人何一在一个群里委屈地称:“在整个交易平台出现的历史上,还是第一次一个平台发生大规模攻击,因为币安的安全壁垒高,一个币没丢却被黑出翔的。”
AI was told this morning how the founding fathers of the Union of Currency and Security vehemently said in one group: “It was the first time in the history of the entire trading platform that a large-scale attack had occurred because of the high security barriers to the currency and the fact that a single currency had not been lost but had been blacked out.”
在7*24小时运营的虚拟货币交易所中,传统金融的杠杆、做空、套利等玩法都会被平移过来。“密码学安全不代表真的安全。”一位业内从业者对AI财经社说。
In a virtual currency exchange that operates on 7*24 hours, traditional financial leverage, arbitrage, arbitrage, etc. are transferred. "Script security doesn't mean real security." An industry practitioner says to AI financially and socially.
中国币王、币安创始人赵长鹏经历了难熬的一夜
The king and founder of the Chinese currency, Zhao Chang Peng, went through a hard night.
大量黑客攻击都发生在虚拟货币交易所里。
A large number of hacker attacks took place on the virtual currency exchange.
今年1月25日,日本最大的比特币交易所Coincheck遭到黑客攻击,丢失了市值多达5.3亿美元的数字货币。黑客的作案手法是将交易所里属于客户的数字货币转移至另一个账户。
On January 25 this year, Coincheck, Japan’s largest Bitcoin exchange, was attacked by hackers, who lost up to $530 million in digital currency. The hackers’ modus operandi was to transfer digital currency belonging to their clients to another account.
去年12月,韩国的交易所Youbit被黑客攻击,这是它在一年内遭受的第二次攻击,导致近17%的资产被盗。在上一次攻击中,它已丢失4000个比特币。12月的这次攻击让这家交易所直接关门大吉。
Last December, South Korea’s exchange, Youbit, was hit by hackers, the second time in a year, resulting in the theft of nearly 17% of its assets. In the last attack, it lost 4,000 bitcoins.
而早在2014年,日本的Mt. Gox交易所也曾有85万个比特币被盗,其中交易所自有10万个,其余75万个是客户所有,最终这家交易所也被迫申请破产。
As early as 2014, the Mt. Gox Exchange in Japan also had 850,000 bitcoins stolen, of which the Exchange had 100,000, the remaining 750,000 were owned by customers, and the Exchange was eventually forced to apply for bankruptcy.
为什么交易所如此容易受到攻击?
Why is the exchange so vulnerable?
交易所集中了大量的账号和数字资产 ,自然是黑客攻击的首选。
The exchange has a large pool of account numbers and digital assets, which naturally are the first choice for hacking.
“攻击手法就跟网站被攻击是一样的。”区块链从业者李宁告诉AI财经社,“交易所是中心化的,有服务器有账号。这些服务器上各种软件,都有可能存在被利用的漏洞。”
"The attack was the same as the attack on the site." Lining, a block chain operator, told AI F.B.E., "The exchange is central, with a server with an account number. There is a risk that there are loopholes in the software on these servers."
黑客攻击这些交易所还有现成的工具。“黑客可以直接撞库,获得大量用户账号密码。”一位安全界人士对AI财经社介绍,“如果掌握一些底层漏洞,也可以拿下各种服务器,掌握大量的用户账号密码。这些库在黑产界到处都有,是现成的。以前很多大公司都被爆过大规模数据泄漏。”
Hackers attack these exchanges with ready-made tools. "Hackers can crash directly into the vault and get a large number of user account codes." A security expert introduced to A.B.E.A., "If you have some bottom holes, you can take down all kinds of servers and have a large number of user account codes. These banks are all over the black industry. They're off-the-shelf.
现在也有交易所在探索去中心化之路,但一切还在初期建设中。“还没有看到成熟的去中心化交易所,需要解决高频交易问题。”从业者对AI财经社说。这是底层区块链技术一直面临的性能挑战。
There are now exchanges exploring the path to decentralisation, but everything is still in the early stages of construction. “There is not yet a mature decentralized exchange, and there is a need to address high-frequency transactions.” Practitioners say to AI financially and socially. This is the performance challenge that bottom block chain technology has been facing.
在日本最大的比特币交易所Coincheck被攻击的事件中,Coincheck方面表示,所有被偷的数字货币都被放在了联网的钱包里。
In the case of the attack on Coincheck, the largest Bitcoin exchange in Japan, Coincheck indicated that all stolen digital money had been placed in an online wallet.
无独有偶,去年12月被攻击的韩国Youbit交易所,也是把数字货币都存放在了联网的热钱包中。而此前有媒体报道,美国主要数字货币交易所Coinbase表示,其网站上98%的数字货币都放在线下,称之为“冷”储存钱包。
Unsurprisingly, the Korean Youbit Exchange, which was attacked last December, also kept digital money in a hot wallet on the Internet. Earlier, media reports reported that Coinbase, the main United States digital currency exchange, said that 98% of the digital money on its website was on the line, calling it a “cold” wallet.
冷热钱包最大的区分在于是否联网。冷钱包是不连网的钱包,也叫离线钱包;热钱包是保持联网上线的钱包,也称在线钱包。一般而言,冷钱包不联网会比热钱包更安全。
The biggest difference between cold and hot wallets is whether they are connected or not. Cold wallets are unconnected wallets, also called offline wallets; hot wallets are wallets that keep online, or online wallets.
由于之前的教训,如今发币平台和交易所都对专业、安全的离线钱包有更迫切的需求。不过,即使是冷钱包也依然有风险,数字资产最好能分散存储。但分散存储的问题在于效率降低、成本提升。而一些交易所出于流通和成本考虑,经常会集中存放,这自然会带来风险。
However, even cold wallets remain at risk, and digital assets are best stored on a decentralized basis. But the problem with decentralized storage is less efficient and more costly.
“交易所的资产交易记录都是可查的,很容易找到这些大额资产地址。”李宁告诉AI财经社,“更为严峻的是,这种交易所,在安全意识上就是有问题的。”币圈导师李笑来前天接受媒体采访时也认同这一点。
“The records of the exchange's asset transactions are readily available, and it is easy to find these large asset addresses.” Lining told AI, “More serious, such exchanges are security-conscious.” Lee, who smiled the day before yesterday, agreed to this.
李笑来甚至表示过对比特币私钥的担心。他认为除了交易所的问题,比特币私钥本身也有被破解的可能性。
Lee laughs about even the fears of the Bitcoin private key. He believes that, in addition to the exchange problem, the Bitcoin private key itself has the potential to be broken.
“很多人不知道,比特币私钥其实是相当于公开的,虽然很低很低的概率才可能被破解。但你稍微有点数学常识就知道,万分之一的概率,并不意味着非要试过一万次才可能出现……那么多的价值,放在一个地址里,我是不敢的。别说现在不敢,2011 年就不敢。后来 2013 年给赵东投资的时候,我是用三个 2011 年的老钱包拼起来,构成对他的投资额的。”
"Many people don't know that Bitcoin's private key is actually the equivalent of a public one, though a very low probability is likely to be broken. But you know a little bit of mathematical common sense that a one-thousand probability doesn't mean that you have to try 10,000 times to make it happen... so much value in one address, I wouldn't dare. Don't worry about it now, I wouldn't dare in 2011. When I invested in Zhaodong in 2013, I put together three old wallets in 2011, which constituted his investment."
在昨晚币安被攻击之后,黑客的套利方式让人对虚货币产生了更多质疑。
After the attack on the currency last night, the arbitrage of hackers raised more questions about the counterfeit currency.
目前,虚拟货币交易所是7*24小时运营,传统金融的杠杆、做空、套利等玩法都会平移过来。“而且,现有交易所没有监管,全看交易所自己的能力。币丢了也没有法律保障。”行业内人士对AI财经社表示。
Currently, the Virtual Currency Exchange operates on a 7* 24-hour basis, with traditional financial leverage, arbitrage, arbitrage, and so on. “And, the existing exchanges are not regulated, depending on the exchange’s own capabilities.
做多做空金融交易工具的出现,让币价大幅度波动成了一些做庄做局者乐见的局面。这可能会让币圈出现一批不论涨跌都能收割的人,也让普通参与者面临更大的被宰割风险。
The emergence of more than one means of financial transactions makes the price of money highly volatile to the liking of some players. This may expose the currency circles to a collection of people who can harvest, regardless of whether they rise or fall, as well as ordinary participants to a greater risk of being slaughtered.
“数字货币容易被操纵是个明显的事实,在传统对冲基金中都被玩烂了的手法,可能会在这里一一上演。”币圈一位不愿具名的人说。
“The ease with which digital money can be manipulated is a clear fact, and has been played out in traditional hedge funds, and may be played all over here.” A man in the currency circle says he does not want to be famous.
此次黑客的操纵可能也会引发效仿。新的收割手段不再需要盗取、转移数字货币,只需要拉动币价产生高位震荡,在多个平台下注做空单、做多单即可。
This hacker manipulation may also trigger emulation. The new harvest means no longer need to steal or transfer digital money, but simply to pull currency prices to produce high shocks, and to make empty and extra orders on multiple platforms.
在虚拟货币交易尚未迎来去中心化的时刻,收割套利者已经完成了去中心化之路。
At a time when virtual currency transactions have not yet begun to centralize, the reapers have completed the path to decentralisation.
发表评论