Talk about blockchain network security starting from the hacker attack on Binance held on May 8
On May 8, the famous cryptocurrency exchange Binance suffered hacker attacks. At present, over 7,000 Bitcoins have been stolen.
According to the information disclosed by Binance, the exchange found “large-scale security vulnerabilities” on May 7. These vulnerabilities caused hackers to be able to access the user application API keys, two-factor authentication code and other information. According to a transaction published in a security notice, the hacker has taken away Bitcoins worth of about USD 41 million from Binance Exchange.
In the digital currency industry chain, an exchange is undoubtedly a core link of the chain. It serves as a hub linking the project party to ordinary investors and has great promotion effects on the development of the whole industry. When the prices of virtual coins go up, to attack an exchange becomes profitable. According to relevant statistics, on the average, a hacker can obtain USD 10 millionafter the hacker successfully intrudes into an exchange. As one of the exchanges with the highest transaction scales in the world, Binance Exchange suffered a great loss from the intrusion.
Now let us look at the thieveries at exchanges that have happened in recent years:
In 2014, 850,000 Bitcoins worth of USD 12 billion were stolen from the world’s largest Bitcoin exchange Mt. Gox. However, Mt. Gox, which used to be the world’s largest Bitcoin exchange, had to file for bankruptcy because it failed to pay deposit holders when their deposits matured. Mt. Gox has been going through bankruptcy proceedings in Japanese and American courts. So far, people still do not know where their money has gone.
In December 2017, Youbit as a Korean Bitcoin exchange suffered hacker attacks, lost 17% of its digital currency and declared bankruptcy.
In January 2018, Japan’s largest cryptocurrency exchange suffered hacker attacks, lost a lot of NEM worth of USD 530million and the NEM was illegally transferred to other exchanges. The market value of NEM used to rank 8th among the global digital currencies. Affected by the thievery, the value of NEW suddenly dropped by 20% within 5 hours, which triggered a universal slump of global digital currencies.
By analyzing these events, we can find that the hidden security hazards being faced by the exchanges mainly come from the following several aspects:
（1）Viewing from the exchange platform angle, because the systems have bugs, they may be attacked by hackers. The attack is probably some short-term behavior. However, it is possible that some long-term hidden security hazards may break out together to cause property loss.
（2）Security problems of hot wallets. Hot wallets are the wallets connected to the internet. On the contrary, cold wallets are the wallets not connected to the internet.
（3）In addition, privacy information of users is also facing multiple threats. For example, steal data by taking advantage of security vulnerabilities, intruding into a wallet and obtaining the administration rights, gain privacy information of users by taking advantage of users’ weak security awareness and using phishing websites or gain privacy information of users and even the private keys of exchange platforms by placing viruses, Trojans and backdoor programs in the machines of the transaction platform maintenance personnel or developers, etc.
It is believed that the Binance thievery was probably caused by long-term APT infiltration of hackers.
Advanced Persistent Threat (APT) is in essence a targeted attack. It is a prolongedtargeted cyberattack method aiming at a specific target. Before APT attacks are launched, precise information on the business processes and target systems of the attack objects is collected. In the collection process, the attackers will actively find out the vulnerabilities of the credit receiving systems and application programs of the attack objects, establish the networks needed by the attackers by using the vulnerabilities and then attack by taking advantage of zero-day vulnerabilities.
As for prevention of cyberattacks and APT attacks, Trias has taken security as its foundation since the Trias project was established, and it has built a blockchain security network based on trusted computing.
The purpose of Trias is to build a universal decentralized trusted computing platform to implement a trusted software execution environment and ensure that correct software can generate expected output with correct input, a decentralized trusted software development, operation and maintenance system with auditability and traceability to guarantee the verification and traceability of software behavior, finally ensure that correct native application programs are executed in correct universal platform environments and the security strength of blockchain 2.0 smart contracts. By further using the token economic model, Trias makes hash power and software ecology operate healthily, orderly and securely, implements the order dispatch of trusted software in trusted execution environments and finally realizes trusted, reliable and unified programing on the full platform.
- Security and transmission mechanism of Trias
To understand the security system of Trias, you must first understand what Trust Execution Environment (TEE) is. TEE is not far away from us. The security of iPhones loved by people is ensured by using TEE. By definition, Trust Execution Environment (TEE) can offer a secure area to ensure that sensitive data are stored, processed and protected in this isolated trusted area. For example, when you touch a fingerprint identifier of an iPad, the processor of the hardware will transfer the relevant data to a secure area to have them processed rather than reading them.
Many companies have launched their own TEEs such as Intel SGX, Intel TXT, TPM and ARM TrustZone after they saw the success of Apple products. TEE plays a very great role in the system confidentiality and integrity as it were.
Based on this, Trias has proposed a heterogeneous TEE system, i.e. a TEE technology system supporting different manufacturers. Every node within the Trias network must have a TEE environment, which to a great extent reduces hidden data security hazards greatly from the very beginning.
Based on TEE, Trias has introduced trusted transmission networks, enabled each node with a TEE environment to validate the trustworthiness of the other node and propagate the results to the other nodes through the gossip protocol. Thus, all the TEE consensus nodes form a credit relation network. This process is repeated constantly to select the nodes at which lies are most difficult to be told. Distribute smart contract programs to them and then form a robust and efficient operation environment.
Doing like this brings many benefits. First, it supports multiple TEE technologies and makes it easier for a node to join the network. In other words, to be a node of Trias, the node must have a TEE environment, there is no type restriction on it and avoid overdependence on a single TEE technology at the same time. Second, besides the obvious transmission efficiency improvement by using the gossip protocol, building a small-world network and selecting trustworthy high-quality nodes improve the consensus efficiency.
2. The 3-layer hash power system of leviatom in the Trias architecture
It can be reduced to a 3-layer logical hash power system:
(1) Compatible with different TEE protocols and collect the trustworthiness states of adjacent nodes.
(2) Propagate the collected trustworthy information by using the gossip protocol.
(3) Execute the contract code by using the local TEE environment.
In short, the first-layer hash power node is responsible for examining and recording historical information. The second-layer hash power node is responsible for summarizing the information collected in the first-layer hash power node and then propagating the information. If any node wants to lie, it needs a lot of nodes that can cooperate with it and provide incorrect credit endorsement for it, which is called “accomplice contract breach”. This threshold is very high and the contract breach is almost impossible. According to the trustworthiness value ranking of the second-layer hash power nodes, establish the Trias Node Ranking List. A few nodes with the highest trustworthiness values will become the third-layer nodes and they will generate a consensus on the final execution results.
In a distributed system, the current industrial application and the academic circles have fully proved that the classical PBFT is a method with the best average performance to prevent the malicious behavior of internal nodes or node failure when the total number of nodes is not too many. Therefore, after the third-layer nodes are selected, the support of the finally formed consensus is the improved PBFT.
To sum up, Trias has gone ahead of its peers in optimizing the blockchain security technology and performance and achieved outstanding innovation. We believe that Trias will be able to build a more secure, more stable and more rapid blockchain system in the near future.
As for the event in which Binance suffered hacker attacks, the trusted computing network built by Leviatom in the Trias architecture can maintain an independent program whitelist for each node, which can actively prevent exception programs from being loaded and effectively stop network security attacks such as APT.