For a long time, exchanges have been attacked by hackers, resulting in frequent thefts of large amounts of cryptocurrency. After each major security incident, currency prices are bound to plummet.
"After every cryptocurrency surge, 99% of hackers focus on this place." Hacker K said.
They fight collectively, forming a complete industrial chain through information collection, intrusion and lurking, "black box" currency laundering, etc. The insiders of the exchange even collude with hackers to share the stolen goods. In this place where wealth gathers, everyone is at their best. Crazy, true to form.
1. Transformation of black industry
On January 26, 2018, the Japanese cryptocurrency exchange Coincheck was hacked and NEM worth 58 billion yen (approximately 3.37 billion yuan) was stolen. Its director Yusuke Otsuka promised to compensate damaged customers. 2.7 billion yuan.
Although the attitude was sincere, it still could not calm the panic of currency speculators, and the price of Bitcoin subsequently fell by 10%.
2018年,意大利加密货币交易所BitGrail宣布,内部被盗了价值约合1.7亿美元的NANO币。
There are too many news about hackers committing abuses and exchange thefts. Nowadays, in the minds of currency speculators, apart from the sharp drop in currency prices, the most feared thing is probably hackers.
"In fact, almost all exchanges have encountered hacker attacks, and many have had security incidents, but they concealed them and dealt with them on their own," said a hacker named K.
In fact, the number of coins taken away by hackers is much higher than reported in the public news.
"This is because 99% of hackers, no matter what they did in the past, are now switching to the cryptocurrency field." Hacker K said.
Such unity of pace and unity has never happened before in the history of black industry.
The U-turn trend of black production started with the sharp rise of Bitcoin in the second half of 2017.
In October 2017, Bitcoin skyrocketed to about 30,000. Six months ago, the price of Bitcoin was only a few thousand. Since then, it has skyrocketed, and the price once reached nearly 100,000.
Since then, the focus of black production has completely shifted. "Black production is an industry that extremely calculates the input-output ratio. The skyrocketing rise of Bitcoin also means that the rate of return on each order will increase several times." A certain K said.
On the other hand, digital currency is still in a gray area, and many countries have not legalized it. Even if digital currency is stolen, many countries will not file a case and the police will not intervene.
In 2015, 3,000 Bitcoins were stolen from the "Bitcoin Piggy Bank" of a Bitcoin investment platform. The person in charge said that he had called the police, but the police believed that Bitcoin was a "virtual currency" and did not recognize its value, so they refused to file a case. .
Cryptocurrency is like a huge gold mine in a dark river, and black people can take whatever they want. There is probably no other field in the world with so much gold and no one to govern it. This is the core reason for their massive attack.
A certain K said that at present, the black industry is mainly focusing on a few places where digital currencies are concentrated: exchanges, mining pools and relatively large personal accounts.
Undoubtedly, the exchange is their favorite target. A certain K called it "one order can last a lifetime."
At that time, there were more than 8,500 large and small exchanges in the world, the vast majority of which were established in the second half of 2017. Most of these exchanges were hotbeds for hackers to commit crimes.
Large exchanges have relatively complete security measures, and the probability of successful invasion by a single soldier is extremely low - therefore, they will first practice on small exchanges.
"Exchanges that have been established for about three months are the best targets. Because their security system has not been set up yet and they have accumulated some coins." A certain K said.
"We never buy coins, we are the porters of coins." A certain K said with a smile.
2. Secret gathering
To invade a large exchange, hackers rarely fight alone. They gather in dark places, each drawing on their own strengths and cooperating seamlessly.
Hacker Air once gathered more than 10 people and prepared to launch an invasion of a top-ranked exchange, using the action code "OK Soldier".
"We have never met in person, and we don't use social media or messaging apps to communicate," Air said.
How do they connect and act in unison?
"We have a unique communication system." Air said that they release encrypted strategic deployments through some public social software.
For example, a user on Weibo posted an encrypted password, but no one followed the user and didn’t understand what it meant.
But fellow hackers will make an appointment in advance to read Weibo and decipher the password.
In addition, they often use "torrent files" to communicate.
For example, they spread many torrent files for downloading movies on the Internet and embed passwords in the torrent files. Hackers intercept the password and obtain the next strategic plan.
"We will all communicate strategic plans through some public and disguised methods." Air said.
Wouldn't it be more dangerous in a public way?
"Many communication software are centralized and will be monitored centrally. However, these public contents are released in a decentralized manner and are difficult to monitor, but more secure." Air said.
Even after the later cases occur, if you try to track them down again, you will undoubtedly be looking for a needle in a haystack by searching for "encrypted information" among the torrent files and social networking sites.
Maybe, in the torrent you download the movie, there are "shocking secrets" embedded by hackers.
The division of labor among hackers is also extremely clear.
"We generally divide it into three stages: data collection, intrusion, and monetization." Air said.
Those who collect information should not only look for website loopholes in the early stage, but also find out the details of the exchange.
For example, you need to know how many people there are, what habits each employee has when setting a password, and even the birthday of each person or family member. "Many people use family members' birthdays as passwords."
The accumulation of these materials will later provide intruders with a large amount of intelligence and nutrients. The process of hacking into exchanges and invading other websites is also the control backend.
A certain K's strategy is that after the invasion is successful, he will stay put and "wait until the fish grow larger, and then catch them."
They are like hunters in the dark, waiting until their prey is plump before shooting.
Generally, they steal coins in two ways:
① One is to find the "coin pool" of the exchange, which is the center where the exchange stores coins, and transfer the coins away.
②Another way is to find the account passwords of some user wallets and change the withdrawal address to your own.
The Bitcoin theft case from Coincheck in Japan at that time fell into the former category.
The second method is difficult to identify. The exchange will not admit that it has been hacked, but will say that the user accidentally leaked the account password, resulting in the currency theft.
It is also difficult for users to provide evidence. Therefore, in this case, the user usually pays the bill or the two parties negotiate.
"We will only steal mainstream digital currencies, such as Bitcoin, Ethereum, Litecoin, etc." Air said that this is because although many digital currencies claim to be decentralized, in fact, the power of life and death of the currency is It is still in the hands of the issuing company.
"We once stole an altcoin that was rising rapidly, but the issuing company directly invalidated the stolen coin." Air said, which is equivalent to everyone's busy work in vain for several months.
3. The story of Ethereum
On June 17, 2018, The DAO, a distributed autonomous organization that crowdfunded more than $150 million, suffered a hacker attack, resulting in the theft of 3.6 million Ethereum coins. In order to punish the hackers, the developers of Ethereum conducted a hard fork operation.
All transaction data is recorded on the blockchain. The so-called hard fork is to fork back to a node before the hacker transferred the currency.
This is equivalent to all records of coins stolen by hackers being invalid.
However, such a hard fork is unacceptable to many people in the Ethereum community.
“Doesn’t this prove that Ethereum can be artificially interfered with?” Some people who adhere to liberal and decentralized beliefs are opposed to this operation.
As a result, they resolutely refused to accept the hard fork, insisted on guarding the original chain, and renamed it "Ethereum Classic" (ETC). This is why we often say that etc is the real Ethereum chain.
The chain that is hard forked is called Ethereum hard fork (ETH).
Just today, Ethereum’s founder Buterin also tweeted that under special circumstances, a hard fork “rescue” operation is a good choice for early blockchains.
"Ethereum is like this. If you steal a small currency, it will be invalid for you in minutes." Air said with a slight sarcasm, saying that cryptocurrency is decentralized. As a result, "Isn't it just a game for a few people?"
4. Black box coin laundering
After the coins were stolen from the hacker's account, the theft did not end. After many hackers stole the bitcoins, they directly isolated the wallet from the Internet. "If you don't have the Internet, you can't find us."
After a few years, when the incident has calmed down, they can then cash it out. Some bold hackers will directly convert the stolen coins into money and real estate.
"Although the currency is anonymous, when it is connected to the real world, it will leave clues." Air said that a foreign hacker friend of his was caught in this way, so he is extremely cautious.
A new method began to appear, which is "coin laundering".
"After transferring it to the wallet, immediately go to a small exchange, then buy another currency, and then transfer it to another address wallet." Air said that this is equivalent to "washing" hands.
If a small exchange connects two accounts, wouldn't it reveal another clue?
"There is a competitive relationship between exchanges. Moreover, they will not leak user transaction data." Air said that if you want to be more safe, you can go to a few more exchanges.
The exchange is like a "black box", and the flow of money and coins becomes difficult to trace. In addition, there are some small exchanges that exist for the purpose of money laundering for black products.
"We will reach a private agreement, he will help us launder the currency, and we will pay him the transaction fee." Air said that nowadays, small exchanges like this can live a very prosperous life.
It is in this way that black producers "clean" a large amount of coins and then liquidate them.
In addition, mining pools and personal accounts will also be attacked by the black industry army.
Today, cryptocurrencies tend to be centralized and are beginning to gather in the hands of a few people.
These people are also becoming key targets of hackers.
Air said that they are trying to obtain the account numbers and passwords of these big guys on the exchange through various methods such as credential stuffing and phishing.
In addition, it is also a common method to fake the website of an exchange and then ask users to log in and enter their account and password.
"Almost all exchange websites have been forged." said the relevant person in charge of the big data security company Zhichuangyu.
The hacker army is full of tricks. For them, stealing coins is a dimensionality reduction attack. They can also steal bank cards, let alone coins?
5. Interest whirlpool
The currency circle is a mixed bag, where interests converge. The darkness and greed of human nature collide fiercely here, and the situation is tense. Recently, a certain K's business has been so good that it is too good to take over. A friend or a friend of a friend came to him through connections and wanted to He went to attack "friendly businessmen".
"The purpose was to paralyze the other party's website, and they immediately spread the news that a certain exchange was hacked and a large number of accounts were stolen," said a certain K.
For users, the biggest fear is that their coins are stolen, so they are vigilant about security incidents.
Once a hacker intrusion is exposed, the exchange will lose a large number of users, or even lose them permanently.
This is undoubtedly the best way to defeat your competitors.
The most direct way for hackers to paralyze exchanges is DDOS attacks.
The official name of DDOS attack is "distributed denial of service".
Let’s give an example to explain it in a simple way:
For example, a restaurant only has 10 seats, but hundreds of people come in at once pretending to be diners. They occupy seats but do not order, making it impossible for normal customers to enter.
"We have monitored data and found that one of the top five exchanges in the world has suffered DDOS attacks of more than 300G 16 times in half a year." The relevant person in charge of Zhizhi Chuangyu revealed.
The peak traffic of Taobao's Double Eleven is 1600G, which is equivalent to 1/5 of the Double Eleven traffic, which shows how big it is.
Sixth, guarding and stealing
However, the deepest darkness in this circle does not actually come from hackers, but from insiders.
On February 24, 2014, Mt. Gox, the world's largest Bitcoin exchange operator at the time, said that 650,000 Bitcoins had been stolen by hackers.
In the end, the police intervened and found that only 7,000 Bitcoins were stolen, and the rest were taken away by insiders.
"Many small exchanges came to us and told us to leave a back door for us to steal the coins and then share the profits." Little K said that this kind of business involving internal and external collusion has become more and more common recently. Some are insiders, and some are even It’s the exchange itself.
A few months ago, a certain K cooperated with a ghost in a foreign exchange and "stole 300 Bitcoins, and we got 50% of the money."
"The insider will weigh the amount of theft in his mind. The purpose is to make the exchange dare not speak out, dare not call the police, and suffer a loss." A certain K said.
With this single transaction, tens of millions of dollars were earned, and the financial freedom in a certain K’s mind was achieved.
For hackers, such business is welcome. Why not open the door and confront the thief?
"This is the center of a whirlpool." Air said that the interests are too concentrated, and hackers, insiders, and arbitrageurs are all swarming in, revealing their true colors.
"Near the whirlpool, you will see all the ugliness in the face of profit." Air said that after seeing everyone go crazy for profit, he no longer believed in "human nature is good."
As the cryptocurrency wave continues to surge, hackers’ counterattack will be extremely fierce.
In the future, the black industry chain for cryptocurrency will become increasingly complete, and by then 99% of users will be insecure. #BTC #黑客
