史上最大加密资产失窃案日前迎来转机。据媒体报道,跨链互操作协议Poly Network 8月10日表示,黑客攻击智能合约,转移了3.02亿枚USDT(泰达币)、5.5万枚ETH(以太坊)、2000枚比特币等资产,总损失达6.1亿美元。但随后的,媒体报道称,攻击者已通过BSC、以太坊和Polygon返还了目前价值超过3.42亿美元的代币。
According to media reports, the trans-chain interoperability agreement Poly Network and on 10 August, hackers attacked smart contracts, transferring more than 302 million USDTs (Tedaco), 55,000 ETHs (Etheria) and 2,000 bitcoins, to a total of $610 million. But, according to media reports, the attackers have returned more than $342 million worth of money through BSC, Ethio and Polygon.
这是目前DeFi(去中心化金融)行业史上最大的一场资产盗窃案,事件发生后,网络安全板块股价持续走高,截至8月12日午间,东方通涨超15%,飞利信涨超12%、数字认证涨7.68%、神州泰岳涨4.35%。
This is the largest asset theft in the current history of the DeFi (decentralized finance) industry. After the incident, the stock price of the Internet security plate continued to rise, rising by more than 15 per cent in the east, 12 per cent in the early afternoon of 12 August, 7.68 per cent in digital certification, and 4.35 per cent in Taryo, Shinzhou.
值得一提的是,这一事件发生后,也引发业内对DeFi安全性的担忧。慢雾科技统计被黑事件档案库数据显示,仅今年上半年,涉及DeFi安全的事件就有50起,占整个区块链生态78起较大安全事件超六成比例。
In the first half of this year alone, there were 50 incidents involving DeFi, which accounted for more than 60% of the 78 large safety incidents in the entire block chain.
黑客已归还部分资产
& nbsp; hackers returned some of their assets
被盗原因:用于跨链签名的私钥被泄漏,或签名程序有逻辑漏洞
8月10日,Poly Network 协议部署在以太坊、币安智能链、Polygon三条网络上的智能合约同时遭到攻击,黑客转移了3.02亿枚USDT、5.5万枚ETH、2000枚比特币等资产,总损失价值6.1亿美元。
& nbsp; , 10 August, Poly Network agreement to deploy three smart contracts on the Etheria, the currency security smart chain, Polygon network were attacked at the same time, and hackers transferred 302 million USDTs, 55,000 ETHs, 2,000 bitcoins, etc., with a total loss of $610 million.
当晚,Poly Network 在推特呼吁交易所等加密企业将黑客地址列入黑名单。其中,发行USDT的公司Tether表示,已经冻结Poly Network盗币案中3300万美元USDT。
That evening, Poly Network hacking addresses by encrypted businesses such as Twitter calls for the exchange to be blacklisted. The company that issues USDT, Tether, said that $33 million had been frozen in the PolyNetwork theft case.
关于此次事件发生的原因,安全公司BlockSec发布分析报告称,可能为用于跨链签名的私钥被泄漏,或者签名程序有逻辑漏洞导致签署出攻击交易。
With regard to the reasons for the incident, the security company BlockSec issued an analysis report that it was possible that the private key used for cross-chain signatures had been leaked or that there were logical gaps in the signature process leading to the signing of an assault transaction.
另一家安全公司慢雾则发布认为,攻击者通过精心构造的数据修改了以太坊跨链合约中的keeper为攻击者指定的地址,并非由于keeper私钥泄漏导致事件发生。
Another security company, Mist, published the view that the attackers had modified, through carefully constructed data, the address designated by Keeper for the attackers in the Taiwan Cross-chain Contract, not because of the leak of the keeper private key.
不过,就在被盗事件后不久,黑客已通过BSC、以太坊和Polygon返还了目前价值超过3.42亿美元的代币。该黑客表示,攻击只是为了好玩,选择Poly Network是因为跨链攻击很火。
However, shortly after the theft, hackers returned more than $342 million worth of coins through BSC, Ethio, and Polygon. The hacker said that the attack was just for fun, and that Poly Network was chosen because the cross-link attack was hot.
DeFi安全性引发担忧
> > > security causes concern > >.
分析:黑客退款也无助于投资人对其安全性做出负面判断
analysis > : hacker refunds do not help investors to make negative judgements about their safety
这一事件发生后,市场对DeFi的安全性更为担忧。北京市竞天公诚律师事务所李力在一篇文章中表示,DeFi主要指在以太坊等可编程的公有区块链网络上搭建的,以加密货币价值锚定、借贷、互换等类金融活动为功能目标,由系列智能合约和应用程序共同构成的区块链应用项目。
After this incident, the market became more concerned about the safety of DeFi. In an article, Li Li, a rival law firm in Beijing City, stated that DeFi was mainly built on a network of programmed public blocks such as the Taiku, with the functional objective of encrypting financial activities such as monetary value anchoring, lending, swapping, etc., with a series of smart contracts and applications.
“不依赖于任何主体的管理能力和信用水平,单纯依靠投机套利、风险对冲等博弈模型构建产品的交易结构和金融逻辑,这是DeFi跟传统金融服务最根本的区别,也是其核心价值所在。李力称。
“Doesn't depend on the managerial capacity and credit levels of any subject, but solely on speculative arbitrage, risk hedges, etc., to construct the trading structure and financial logic of the product, which is the most fundamental difference between DeFi and traditional financial services and its core value.
正是由于其特殊属性,DeFi极易成为黑客攻击的重点,慢雾科技统计被黑事件档案库数据显示,仅今年上半年,涉及DeFi安全的事件就有50起,占整个区块链生态78起较大安全事件超六成比例。
It is precisely because of its special characteristics that DeFi is highly vulnerable to hacking, and statistics on slow-mortization technology, according to the Black Incident Archive, show that in the first half of this year alone, there were 50 incidents involving DeFi's security, accounting for more than 60 per cent of the 78 larger security incidents in the entire block chain ecology.
中南财经政法大学数字经济研究院执行院长盘和林对贝壳财经记者表示,在业内,这场攻击的烈度要比业外更强烈,大量投资机构改变了对DeFi看法,很多投资人望而却步,已经进入的投资机构有退出想法,信仰逐渐崩塌。如今还有一丝余地,那就是历史上对DeFi的攻击,曾有黑客退款,而现在这起事件,黑客也觉得拿钱烫手,所以有归还意愿,那么本次攻击可能会最终平稳度过,但即便如此,黑客退款也无助于投资人对其安全性做出负面判断。
The Executive Director of the Digital Economy Institute of the University of Central and Southern Finance and Law said to shell journalists that, within the industry, the attack was more intense than outside the industry, that a large number of investment agencies had changed their perception of DeFi, that many investors had turned their backs, that the investment agencies that had entered had ideas to withdraw, and that faith had collapsed. There was still room for a historical attack on DeFi, with hackers returning money, and that hackers were willing to pay back, and that the attack might eventually end well, but even so would not help investors to make negative judgements about their security.
新京报贝壳财经记者 潘亦纯 编辑 陈莉 校对 危卓
, financial reporter and nbsp; , financial reporter >; , financial reporter > strong> ; , editor Chenli
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论