Chengdu Lianan: There were more than "9" more typical security incidents in December

These include:

• In terms of DApps, there was only "1" security incident on TRON this month: On December 6, the Tron Lounge DApp was attacked by a rollback transaction, with a total loss of 54653TRX.

• In terms of the public chain, a total of "4" security incidents occurred this month.

• On December 14th, VeChain officially announced that it was attacked by hackers, 1.1 billion VETs were stolen, and 6.4 million US dollars were missing. Super equity nodes have intercepted 469 addresses related to thieves in the blacklist, thus A total of about 727 million VET was frozen.

• On December 20th, 2 million NULS tokens were stolen from the official account of the NULS public chain. After the official repair of the vulnerability at 2 am, 548354.34696095 NULS have flowed into the trading market; Destroyed by permanent freezing.

• On December 30th, the IOTA mainnet of the public chain had a consensus split and could not be updated. The TPS was once close to 0. The reason was that in extreme cases, the IRI (IOTA mainnet client name) did not consider the shared value between two different bundles. Transactions; once a transaction is marked as "counted" in one bundle, it will be ignored in the next bundle. This bug caused the state of the ledger to be damaged, and the bug has been fixed.

• On December 1, Vertcoin (VTC) suffered a 51% attack. The attacker successfully replaced 603 VTC main chain blocks with his own 553 blocks. The attacker spent more than 0.5 BTC in this attack, but received The total value of block rewards is 13825VTC (0.44BTC). It is worth mentioning that the VTC public chain was also attacked by 51% in December 2018.

• In terms of wallets, "1" incident of malicious code injection occurred this month: the Ethereum wallet "Shitcoin Wallet" was suspected to be malicious JavaScript code, trying to grab data from the browser window and send it to the remote server erc20wallet.tk.

• Security incidents that occurred in other areas include:

• The Poloniex cryptocurrency exchange sent an email to inform customers that there may be a data leak. The leaked email address and password list may be used to log in to the Poloniex account; the exchange is forced to reset the password on any email address with the exchange account.

• Hackers have been found to be using a JPEG photo of famous pop singer Taylor Swift to hide malicious cryptominer MyKingz.

• According to the official announcement of 58COIN, according to user feedback, recently, unknown persons or groups have used the official name of 58COIN to mislead investors by using counterfeit websites, counterfeit communities, and counterfeit customer service to achieve phishing purposes.

In general, the number of security incidents in December decreased compared with November, and there were fewer security incidents in wallets, exchanges, and DApps, and they did not cause adverse effects.

It is worth noting that the two public chain security incidents that occurred this month, the successive "thunderstorms" of the VeChain and NULS public chains, are warning us that public chain security issues cannot be ignored, and we cannot simply think that passing the audit code is foolproof.

In view of the new situation in the current blockchain security field, "Chengdu Lianan" hereby reminds:

• The public chain should pay special attention to the occurrence of security risks. The public chain operator needs to establish a comprehensive security system in terms of code security, personnel security training, and project risk plans to improve the ability to resist attacks and reduce the risk of being attacked.

• If necessary, you can seek the cooperation of security companies, and through third-party technical support, complete infrastructure construction such as security testing and security reinforcement, and check security loopholes to avoid unnecessary losses.