Últimas notícias

Fique informado

Pentagon finds concerning vulnerabilities on blockchain

11 de julho de 2022

Spotlight

Doc9 lança Guia Prático de Prompts para ChatGPT no Jurídico: Como Maximizar a Eficiência com a Inteligência Artificial

Para obter os melhores resultados com o ChatGPT no contexto jurídico, siga as dicas importantes do Guia Prático de Prompts da doc9.

28 de maio de 2024

Governo Federal apoia Rio Grande do Sul na emissão 2ª via da Carteira de Identidade Nacional

O mutirão coordenado pelo Governo do RS começou nos abrigos de Porto Alegre. Expedição da segunda via será imediata

20 de maio de 2024

As the cryptocurrency industry continues to expand and becomes an increasingly attractive target to hackers, the Pentagon has commissioned a study that has discovered some concerning vulnerabilities, detailed in an accompanying report.

Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers,” has discovered that “a subset of participants can garner excessive, centralized control over the entire system.” Indeed, the report, published on June 21 and titled.

The study, which focuses on Bitcoin (BTC) and Ethereum (ETH), was carried out by the security research firm Trail of Bits under the direction of the Pentagon’s Defense Advanced Research Projects Agency (DARPA).

According to the report:

“The number of entities sufficient to disrupt a blockchain is relatively low: four for Bitcoin, two for Ethereum, and less than a dozen for most PoS networks.” 

60% of Bitcoin traffic goes through just 3 ISPs

Related

Moreover, the report said that “of all Bitcoin traffic, 60% traverses just three ISPs,” referring to internet service providers. On top of that, “the vast majority of Bitcoin nodes appear to not participate in mining and node operators face no explicit penalty for dishonesty.”

As the analysts warn, “deploying a new node requires only one inexpensive cloud server instance – no specialized mining hardware is necessary.” This allows for the possibility of flooding a blockchain’s consensus network with new, malicious nodes controlled by a single party in what is called a Sybil attack.

Further problems include out-of-date and unencrypted protocols and software, all of which expose the network to attacks. As the report explains:

“The safety of a blockchain depends on the security of the software and protocols of its off-chain governance or consensus mechanisms.”

Careless mining pools

The report also discovered that all the mining pools its analysts tested “either assign a hard-coded password for all accounts or simply do not validate the password provided during authentication.”

As an example, the report used the practice of the global cryptocurrency mining pool ViaBTC of seemingly assigning the password ‘123’ to all of its accounts. Another mining firm, Poolin, “seems not to validate authentication credentials at all,” whereas Slushpool “explicitly instructs its users to ignore the password field.”

According to the available data, these three mining pools account for about 25% of the Bitcoin hashrate.

Cybersecurity researchers often warn of potential crypto-related weaknesses that can lead to incidents such as the one that Finbold reported in mid-April, in which an attacker managed to steal a person’s entire collection of cryptos and non-fungible tokens (NFTs) worth over $650,000 from their MetaMask crypto wallet.

Fonte: finbold

INTERNATIONAL NEWS

Crypto ID publishes international articles about information security, digital transformation, cyber security, encryption and related topics.

Please check here!

NOTICIAS INTERNACIONALES

Crypto ID publica artículos internacionales sobre seguridad de la información, transformación digital, ciberseguridad, encriptación y temas relacionados.

¡Por favor, compruébalo aquí!

O tema Blockchain tem uma coluna especial no Crypto ID. Acesse aqui e acompanhe tudo relacionado a segurança digital com foco em identificação digital, mobilidade e documentos eletrônicos aplicados a esse universo. Aproveita e dá uma olhada na coluna sobre Criptomoedas, Criptoativos e Tokenização.

Acesse aqui e saiba tudo sobre TLS, o protocolo de segurança que garante o sigilo das informações e identifica empresas, dispositivos e objetos no mundo eletrônico.