2019年区块链项目方平台安全攻击和防范.pdf

1、区块链项平台攻击和防范客攻击数据平台简介区块链赋能TransparencySecurityBlockchainImmutabilityRed Pulse 区块链架构Knowledge+Blockchain=Phoenix 取币过程取出地址：xxxXXxxxXXXxxxXXX888.888 PHXxxxXXXxxxXXXxxxXXX888.888 PHX热钱包签名、hash播Web RequestRegular JobEC2Cloud FrontLambdaBeanstalkRDSESECRRedshiftVPCIAMMobWebFrontendxxxxxxxzzzzzJSON RPCBacke

2、ndHttps TCPP2P节点（热钱包）2018.5Release2018.6党党ChecksumRealtime log注册户 激增2018.5Release2018.6党2018.7巫攻击巫攻击https:/ math staticmethod def sigmoid(k,x):return 1.0/(-math.exp(k*x)+1.0 staticmethod def logistic_curve(k,x0,x):return(1.0/(1.0+math.exp(-k*(x-x0)-1.0/(1.0+math.exp(k*x0)*(math.exp(k*x0)+1.0)/math.e

3、xp(k*x0)2018.5Release2018.6党2018.7巫攻击2019.1假充值假充值假充值Maybe this guy figured out a way to construct a payload that makes NEO Tracker think something was transferred while it wasnt数据可视化2018.5Release2018.6党2018.7巫攻击2019.1假充值2019.3撞库攻击撞库攻击撞库攻击撞库攻击撞库攻击SELECT users_user.password,users_user.last_login,users

4、_user.is_superuser,users_user.username,users_user.first_name,users_user.last_name,users_user.email,users_user.is_staff,users_user.is_active,users_user.date_joined,users_user.id,users_user.createdAt,users_user.updatedAt FROM users_user WHERE UPPER(users_user.email:text)=UPPER()SELECT users_user.passw

5、ord,users_user.last_login,users_user.is_superuser,users_user.username,users_user.first_name,users_user.last_name,users_user.email,users_user.is_staff,users_user.is_active,users_user.date_joined,users_user.id,users_user.createdAt,users_user.updatedAt FROM users_user WHERE UPPER(users_user.email:text)

6、=UPPER(tina330web.de)撞库攻击撞库攻击撞库攻击措施登陆验证码各种复杂验证码、算术验证码、拖动验证码等强制修改密码，失效Session强制修改户密码，户必须动修改密码强制2FA强制输销户登陆状态险控制规则制定制定Risk Control 规则、动关闭取款前端指纹Frontend Finger Print，封杀更彻底动Cloud Flare屏蔽AI模式识别，动屏蔽攻击IP币安被盗2018.5Release2018.6党2018.7巫攻击2019.1假充值201