15,000-word report teaches you how to fight blockchain scams

SeeDAO IR Introduction : According to security data, nearly $3 billion has been lost to the crypto sector this year due to scams and security breaches. Every participant in the blockchain industry is tantamount to being in the “Great West” and is constantly exposed to the risk of privacy and property loss.

Although there have been some work in the industry to analyze blockchain fraud and security vulnerabilities, most of them are only for certain cases, or the discussion of the underlying mechanism is not deep enough. Therefore, we are delighted to bring you this 4D long article written by two experts in the field of network security, which provides you with a comprehensive and in-depth analysis of almost all current security risks and provide countermeasures.

Author of this article:

r0ckgh0st.eth: Yumingze, a graduate student in network security, a member of Conflux ToC, docking and assisting in the incubation of Web3 applications, published many papers in Lecture Notes in Computer Science, IEEE, information network security and other publications, lecturer of Seedao Web3 security course. His research interests in Web3 involve blockchain phishing analysis and prevention, blockchain supply chain attack mechanism and suppression, and he is relatively good at code auditing. Currently deeply involved in the development and integration of DID framework.

cybercaf.eth: digital nomad, member of Conflux ToC, core contributor of SeeDAO, member of SeeDAO Investment Research Association, core contributor of Web3 University, researcher in the field of Metaverse and cybersecurity.

foreword  

Since the birth of the Internet, the field of attack and defense has always been a research hotspot; after the birth of the blockchain, due to its huge wealth effect and users’ lack of awareness of security, it has attracted countless hackers to attack. In the context of the rapid development of Defi and NFT in recent years, there are more and more phishing and fraud attacks using blockchain networks, and various attack scenarios and attack methods emerge one after another.

The first half of this article describes the basics of blockchain security, focusing on the security elements that users should focus on when using blockchain-related applications. The second half sorts out the common attack cases that use blockchain to deceive users’ assets, and through the analysis of hacker attack methods, leads to protection schemes for specific attack methods.

1. Blockchain Security Fundamentals  

5,000-word

Blockchain Security Fundamentals Mind Map

According to Kirchhoff’s principle, even if the operation steps of the cryptographic system have been mastered, the cryptographic system is still secure on the premise that the key has not been leaked. In the blockchain environment, protecting wallet private keys is an important measure and prerequisite for protecting digital assets on the chain.

1.1 Private key and mnemonic security

The private key managed by the blockchain wallet software is usually a 256-bit random string. In order to facilitate the presentation of the blockchain wallet tool, the 256-bit data will be converted into a 32-byte long hexadecimal code.”0x40e667191f4497cc3ab018ceb524a32c2f4875fbfb0103322767f46f5b319244″ is the wallet private key generated by the blockchain wallet software. By importing the private key into the blockchain wallet, users can master the corresponding digital assets in the wallet. Using the elliptic curve cryptography framework, developers can use the private key data to conveniently calculate the corresponding public key information. By performing the keccak256 operation on the public key [7] and taking the last 20 bytes of the operation result, the blockchain is obtained. Wallet address. Use the ethers tool library of Ethereum to generate public and private keys, and calculate the wallet address according to the public key information. The result of running the code is shown in the following figure:

5,000-word

Method of generating wallet address from public and private keys

Considering that the hash operation has the characteristics of strong collision resistance and weak collision resistance, it is difficult for an attacker to construct two completely identical blockchain wallet addresses by random collision without mastering the private key of the wallet. In order to facilitate users’ memory and storage, the method of using a mnemonic to represent the private key of the blockchain wallet was introduced in the BIP39 improvement plan. For ease of understanding, readers can think that a set of mnemonic phrase lists consisting of 12, 15, 18, 21 or 24 words corresponds to a set of blockchain wallet private keys. When the mnemonic is kept secret, the user’s wallet private key and digital assets are safe.

When creating a blockchain wallet, mnemonic words and private key data are extremely sensitive. Before performing sensitive operations, the user checks the surrounding environment for suspicious persons, high-definition cameras, and other unsafe factors that may cause screen peeping events. Users usually need to use pen and paper or a mnemonic steel plate to record the wallet mnemonic and keep it properly (such as locked in a safe). When using the blockchain network, the user should not disclose any information related to the mnemonic phrase and private key to anyone, so as to ensure the security of the user’s digital assets.

1.2 Smart Contract Security

The emergence of smart contracts makes the Ethereum network more scalable than the Bitcoin network. Developers can easily develop DAPPs by writing smart contract codes through the SDK development tools provided by Ethereum. In Ethereum, a smart contract is a computer program whose code logic cannot be tampered with after deployment. After the smart contract is deployed, blockchain users can interact with the contract according to the code logic corresponding to the smart contract.

Before interacting with smart contracts, users should check: 1) Whether the smart contract code has been open-sourced through the blockchain browser; 2) Audit the key logic of the smart contract code (such as the smart contract method to be called), and wait for it. Make sure that the code does not maliciously use or transfer the user’s digital assets sensitive behavior before calling the smart contract method.

Invoking smart contract methods that have been certified by contract open source or have passed the security audit of well-known smart contract auditing companies can guarantee the security of digital assets held by users to a certain extent.

1.3 Blockchain wallet security

The blockchain wallet software provides its users with functions such as private key management, wallet account management, remote procedure call (RPC) node management, transaction signature, transaction management, interaction with smart contracts, and hardware wallet connection. The important role of the existence of blockchain wallet software is to provide users with a user-friendly private key container, key management system and transaction signature agent tool to ensure that users can manage private keys and blockchain transaction broadcasting tools in the absence of capabilities. On this basis, it can easily interact with the blockchain network.

Based on whether the wallet has a direct connection to the Internet, blockchain wallets are divided into 1) cold wallets; 2) hot wallets.

From the wallet operating platform, wallets can be divided into 1) PC host wallets; 2) browser plug-in wallets; 3) mobile phone wallets; 4) hardware wallets; 5) web wallets, etc.

Preference is given to blockchain wallet software distributed from official channels . Taking the browser plug-in wallet as an example, users can download and install the browser plug-in wallet from the official website, the browser application store, the official Github repository of the plug-in wallet and other channels. In the daily use process, it is necessary to regularly update the blockchain wallet, the underlying operating system, and the browser and keep their versions always up-to-date, so as to protect the security of digital assets held by users.

When using blockchain wallet software, users should set a strong unlock password to avoid password blasting attacks. Before leaving the computer, you should actively lock the screen and wallet to avoid the misuse of digital assets due to the unlocked state of the computer wallet. The auto-lock timing feature provided by the Metamask wallet is shown below.

5,000-word

The wallet is automatically locked after 5 minutes

Users should prefer hardware wallets purchased through official channels . After receiving the wallet, you need to visit the official website of the hardware wallet to verify the wallet integrity and firmware version to avoid supply chain attacks.Attacks against hardware wallets emerge in an endless stream: when using hardware wallets to sign transactions, users need to view the complete content of the transaction to be signed, verify the legality of the transaction, and avoid blind signatures to avoid illegal transaction signature attacks and loss of digital assets. .

When users receive a hardware wallet and create a blockchain account, they should perform the function of creating a wallet and generating a mnemonic multiple times. By recording the mnemonic generated by the hardware wallet and its corresponding block chain wallet address, comparing the mnemonic generated by different wallet creation operations to ensure that the random number seed used by the hardware wallet to generate the private key is safe enough, creating The private key generated by the wallet operation is sufficiently random.

Blind Signing aka Blind Signing originated from a question: If we were given a fully sealed contract, leaving only the signature page visible, would you be willing to sign the contract? My answer is no: don’t sign this contract, avoid signing the contract content that is not good for you.

In the blockchain environment, the application of hardware wallets to interact with smart contracts is similar to Blind Signing, because users cannot obtain the underlying behavior logic of smart contracts through hardware wallets when signing smart contract interactive transactions. The Ledger’s screen is very small and cannot give the user the full picture of the transaction interacting with the smart contract. If the user enables Blind Signing, it means that he has accepted that Ledger can still use Ledger to approve transactions that interact with the smart contract even though Ledger cannot show the user the full picture of the smart contract: At this point, the user has agreed to trust the transaction sent by it, Instead of choosing to verify the legality and behavior of transactions.

For more information on Blind Signing, please refer to the following links:

1.4 Trusted RPC Node

The well-known RPC node services in Ethereum mainly include Infura, Alchemy, Moralis, etc. The RPC node service providers of the BSC chain are mainly provided by the official BSC chain.

New public chain solutions that have received attention in recent years, such as Polygon, Optimism, Avalanche and Fantom’s RPC node services are mainly provided by Ankr. When blockchain users use a specific public chain, they need to add RPC node address links in their wallets. Establish a connection with the corresponding blockchain RPC node to communicate and interact with the blockchain through RPC remote calls. The role of RPC nodes is important. If there are no RPC nodes, it will be difficult for individual users to access the blockchain network.

The following figure shows the RPC node information disclosed by the Conflux eSpace blockchain network. The RPC nodeis connected through the wallet. When the user initiates transfer and smart contract interaction, the RPC agent will package the transaction and send it to the blockchain network, and finally make the transaction. Enter the blockchain in the form of blocks.

5,000-word

5,000-word

Users should choose RPC node service providers with proven security to ensure the reliability of their wallet data sources and the stability of their interactions with the blockchain network. Malicious RPC node providers may maliciously display incorrect blockchain status and record users’ on-chain activity data, seriously jeopardizing user data security.

1.5 DM and Email Security

Some attackers will launch attacks on target users by using social network private messages or sending emails, and by carefully designing phishing scenarios to convince victims that just follow the attacker’s instructions (visit a specific site, interact with a specific smart contract) interact or import the mnemonic phrase into the blockchain wallet), and get rewarded: when the victim chooses to trust the attacker, they have entered a phishing scam carefully constructed by the attacker. Due to the immutable and irreversible characteristics of blockchain transactions: after a large number of blockchain phishing attack victims discovered that their assets were transferred to the blockchain account held by the attacker due to their own negligence, the lost assets have long been irretrievable.

The figure below shows a phishing email with the goal of stealing blockchain digital assets: the user needs to register the blockchain wallet with the platform before a specific deadline (DDL), otherwise the account will be frozen (threatened). When receiving such emails, do not click on any hyperlinks or buttons contained in the emails or private messages, and process the emails after verifying the legitimacy of the email content with the official.

5,000-word

phishing email

Setting an anti-phishing code can solve the problem of phishing emails to a certain extent. The following figure shows the anti-phishing code function provided by the premint platform:

5,000-word

1.6 Development Environment Security

The environment used by developers when developing DAPP applications is the development environment, and protecting the security of the development environment is an important prerequisite for protecting the asset security of application developers and DAPP application users. DAPP applications are developed based on the blockchain network interaction framework (such as ethers, web3.js, etc.), in order to facilitate users to use DAPP, developers usually need to use the front-end framework react or vue developed based on JavaScript scripts to build the front-end of DAPP applications, which is convenient for users Directly utilize the front-end UI to directly interact with smart contracts. The front-end development framework helps the DAPP development team to easily develop the front-end system that supports the operation and use of the DAPP application.

Selecting market-proven SDKs can ensure asset security to a certain extent.

1.7 Search Engine Security

Total trust in search engine results is one of the reasons why phishing attacks are successful

A search engine is a retrieval and result display system that collects information from the Internet according to a specific strategy and uses a specific computer program. After sorting and summarizing the information, it provides users with a retrieval and result display system. A powerful tool for supporting information.

In the blockchain environment, when users need to visit the official website of DAPP, they usually use the search results of search engines as one of the references, which gives attackers an opportunity. Attackers can counterfeit the well-known DAPP platform interface UI and optimize the SEO of the counterfeit site, so that the counterfeit site appears in the first or top position of search engine results. Because of trust in search engine results, the digital assets held by users are eventually lost. A case of counterfeit DAPP entering the top position of search engine results through SOE optimization.Although Google has marked it as Ad, some users still fall for it because its results appear first in search results.

5,000-word

SOE optimization makes phishing sites appear in search results

The counterfeit DAPP application is the NFT trading platform x2y2, its official link is x2y2.io, and the counterfeit site is linked to x2y2market.com. Hackers usually choose domain names that are similar or related to the counterfeited DAPP to deceive and steal users’ digital assets.

1.8 Transaction Signature Security

Before starting this content, we need to clarify a concept, what is a transaction? What is a signature? When will the signature, transactions in the blockchain have the following categories.

  • Transfer transaction: such as transferring 1ETH to another wallet address

     

  • Transactions interacting with smart contracts: For example, calling the SafeTransferFrom method of the smart contract to transfer the NFT to another wallet address, which is equivalent to initiating a transaction to write a smart contract

Before all transactions are put on the chain, the transaction initiator needs to use the transaction Hash to sign the transaction. During the process of the transaction being put on the chain, the legality of the transaction is verified by authenticating the signature result. The legal transaction is packaged and put on the chain. The transaction behavior at the moment It will take effect: whether it is the transferred ETH or the transferred NFT, it will enter the target address.

In addition, there is another type of signature . For example, when logging in to the mirror, a signature is required to verify that the user has the blockchain account connected to the mirror.

The key points of ensuring transaction signature security are: 1) to ensure that the content to be signed that the user sees when confirming the transaction is in line with the user’s expectations; 2) to ensure that after the transaction signed by the user is sent, the blockchain can be executed according to the user’s expectation of the transaction . What users see is what they sign, and what they sign is what they do. Ensuring that a user-signed transaction is sent and executed as expected by the user is an important guideline for securing signatures.

Under the premise that stealing the user’s private key is fruitless: some hackers have the crooked idea of ​​stealing the signature data: by inducing users to sign unsafe transaction data: inducing users to visit the phishing page and stealing assets on the phishing page The transaction of the operation uses keccak256 to generate the data to be signed and push it to the user. If the user performs a signature operation due to negligence, the hacker will obtain the signature data that can prove the legitimacy of the transaction to the blockchain node. At this point, the hacker only needs to broadcast the signature data and the constructed transaction to the blockchain network to achieve the purpose of abusing the digital assets of the victim’s account (usually stealing NFT).

The following figure shows an insecure request to be signed. The site that initiates the request is a phishing site https://thejewsnfts.xyz. We will also explain the method of attacking it by spoofing a Twitter account later.

5,000-word

Insecure data to be signed

When the site initiates a signature request to the user, the user needs to verify the legitimacy of the site and the data to be signed, and then execute the signature operation after confirmation to ensure that the on-chain behavior performed by the signature operation meets the user’s expectations. When the message to be signed is pure hexadecimal unreadable data, the user should insist on refusing to sign.

The following figure shows a relatively safe message to be signed. By signing the message, the user can log in to the Web3 system with a blockchain wallet account:

5,000-word

The signature data used to log in to the cryptonatty system 

1.9 Blockchain Explorer

The blockchain browser provides users with a user-friendly interface for querying data on the blockchain. The Ethereum blockchain browser Etherscan provides users with on-chain transaction data query, asset transfer information query, smart contract code query, smart contract interaction, block data query, address asset analysis, computing service cost estimation, blockchain domain name parsing and other functions, using these functions,

Users can quickly obtain account balance information; conduct security audits on smart contract codes, and query on-chain transaction fees in real time. An Ethereum transaction mainly includes the following information: transaction hash, transaction status, transaction block number, transaction timestamp, transaction submission account, transaction receiving account, transaction sending amount (0.1Eth in this case), and the payment for completing the transaction. Transaction fees and unit gas costs of transactions, etc. When using the blockchain browser to query transaction data and transaction details, the blockchain browser officially developed or recommended by the blockchain should be preferred to avoid potential phishing or contract-based transactions by checking whether the transaction of the target contract is safe or not. Authorized attack.

5,000-word

Ethereum transaction example

The blockchain browser is an important tool to help blockchain users verify whether the transaction is successful: User A claims to have transferred 1 ETH to User B through the blockchain network, and the transaction verifier can ask User A to share the transaction Hash and use The blockchain browser searches and checks whether the transaction receiving account in the transaction information is B, and also checks whether the transaction sending amount field is 1ETH to verify the transaction execution. In addition, the transaction verifier can also directly check the balance change of the user B wallet address through the blockchain browser to verify whether the B address balance has increased by 1ETH.

The blockchain browser also provides the function of open source display of smart contracts, which is convenient for users to review code security before interacting with smart contracts. Users should have a way to check whether a smart contract is in an open source verified state. Users should prefer to interact with smart contracts that have completed the processing of open source verification of smart contract code. The user should audit the security of the smart contract code through the blockchain browser, and then interact with the contract after ensuring that the code does not abuse permissions or maliciously use the user’s digital assets. The display information of the smart contract that has completed the open source verification process of the smart contract code in the blockchain browser is as follows:

5,000-word

Smart contract code that completes contract authentication

2. Summary of blockchain fraud attack cases 

In this chapter, we will focus on the introduction of hackers aiming to steal blockchain digital assets, by constructing phishing scenarios to steal digital assets without mastering the user’s private key , and by analyzing the characteristics of such attacks , according to the corresponding method of 1-1, the protection scheme is given. For example, in 2.1.1, the security advice and protection scheme for DM phishing attacks are introduced immediately after DM phishing attacks. The reason for the fraud attack is obvious: since the user is trying to protect his private key and knows that the private key is very important, then I will use a more reasonable method to let the user send the digital assets to me in person.

5,000-word

Blockchain Fraud Attack Mind Map

2.1 Counterfeiting attacks

2.1.1 Introduction to DM Phishing Attacks

Using social platforms to initiate private chats to users to implement phishing attacks is a relatively simple and easy-to-implement attack: users are induced to transfer money to specific blockchain addresses or visit phishing pages through carefully constructed fraud scenarios.

The user participates in a lottery event and wins the prize. The prize is given to the user for free, but the user needs to transfer 0.02 ETH to a specific wallet as a gas fee, and the other party then forwards the winning prize to the winning user.

The following figure shows a screenshot of a case where attackers use social platforms to initiate private chats with users and implement phishing attacks

5,000-word

Fishing Scene Construction: Winning the Prize

DM Phishing Attack Analysis and Security Suggestions

Hackers hope to stun the phishers through profit. When using the blockchain, they should firmly believe that there is no free lunch.

The Ledger hardware wallet specifically states in its safe usage advice: do not interact and interact with people who send you private messages on Discord, Twitter or any other social platform, in a Web3 environment, there is no reason for anyone to connect directly through social users and send them information.

When using Discord and Twitter, you can choose to turn off the DM option or not view Twitter’s private message requests.

2.1.2 Introduction to account spoofing attacks

Implement phishing attacks by spoofing social accounts: Set the social account name, avatar, introduction and other information to similar content to the spoofed social account, and implement phishing attacks by releasing phishing links through social networks . In the blockchain environment, well-known DAPP project parties usually suffer from social account counterfeiting attacks, which seriously threatens the security of digital assets held by users.

The following figure shows a genuine social account:

5,000-word

genuine account

The following figure shows the links to phishing sites released by fake accounts through social networks

5,000-word

Fake account

Account Phishing Attack Analysis Security Suggestions

Through comparative analysis, it can be found that the successful implementation of phishing attacks needs to meet the following points:

  • Similar domain names : The domain name “thejewsnfts.xyz” is specially registered to make it look fake, while the genuine domain name is “thejewsnft.com”.

     

  • Similar Twitter usernames : In order to make fakes look real, the attackers also faked according to the Twitter username setting rules of genuine accounts. The fake account is @TheJewsETH, and the genuine account is @TheJewsNFT;

     

  • Similar Twitter nicknames : The fake account’s nickname is only “FREE MINT ALIVE” more than the genuine nickname, implying that the user’s NFT casting activity is in progress, using the user’s eagerness to participate in the activity to induce them to visit the fake account and distribute phishing through social networks The site performs the minting NFT operation;

     

  • A sufficiently realistic phishing site: The phishing site does not actually provide the function of minting NFTs, but induces users to authorize the use of high-value NFTs held by their accounts to the blockchain wallet accounts held by attackers through phishing. If the user visits the phishing site and authorizes the transaction, his authorized assets will be in the hands of the attacker;

     

  • After obtaining authorization, the attacker can directly call the SafeTransferFrom method in the NFT corresponding contract to transfer the assets.

For this attack, the main security recommendations are as follows:

  • Identify the correct social account, and search through social platforms for comparison if necessary;

     

  • Follow DAPP application social accounts through trusted sites, such as NFT project party accounts followed through premint activities, which are relatively safe;

     

  • Visiting phishing sites is not terrible, what is terrible is randomly confirming blockchain transactions initiated at phishing sites;

     

  • Remember the registration time of genuine Twitter accounts and other information that cannot be easily counterfeited.

     

  • Check the number of replies and the quality of the reply information under the account. Some counterfeit accounts will directly disable the reply function in order to prevent users from scolding them, or set to allow only specific users to reply.

2.1.3 Introduction to Domain Phishing Attacks

The implementation of domain name phishing attacks usually needs to meet certain a priori conditions:

  • Attackers hold similar domains

     

  • The attacker deploys a similar DAPP service using the domain name held;

     

  • The services deployed by attackers can be faked, making visitors mistakenly believe that they are visiting the official website;

     

  • The counterfeited site has recently held events that require the use of blockchain wallets to interact.

Around July 13, 2022, the Theirsverse NFT project endorsed by celebrities suffered a domain name phishing attack. The attacker counterfeited the genuine domain name “theirsverse.com” and registered a counterfeit domain name “theirverse.com”, in order to access the counterfeit site of users were more confident they were visiting an official website, and attackers did the following to make the site appear more authentic:

  • Copied the front-end interface deployed on the “theirsverse.com” domain name and deployed it to the web server pointed to by the fake domain name DNS;
  • The front-end logic has been modified and adjusted by refactoring the code, adding logic to induce users to authorize tokens through the blockchain wallet, and directly steal the user’s digital assets after obtaining the user’s authorization.

Through on-chain data analysis, a victim of a phishing attack was found: the digital assets lost exceeded 1.3w USD. The experience of this victim serves as an important warning for many blockchain users. The NFT issued by the Theirsverse project is holding an NFT minting event around July 13. Users can pay 0.15 ETH and mint a Theirsverse NFT.

The victimization process is as follows:

1) In order to participate in the panic buying activities in time, the victim tries to use the mobile wallet to access the official website of the project while driving;

2) Since the victim did not remember the official website domain name provided by the project party, the genuine domain name was mistakenly entered as a counterfeit domain name when entering the domain name. Since the victim was driving at this time, he did not notice the difference in the domain name;

3) The attacker specially deploys a set of code that completely clones the official website at the fake domain name, so that the victim is convinced that the website he visits is the official website of the project;

4) The counterfeit website is no different from the official website. At this time, the victim has entered the phishing trap set up by the attacker. When the blockchain wallet is not connected and the transaction authorization is performed, the digital assets are still safe at this time;

5) The victim uses the blockchain wallet to connect to the counterfeit website. The counterfeit site has the permission to view the victim’s wallet address information, and the digital assets and value held by the user have been obtained by the attacker;

6) At this time, the counterfeit site began to frequently initiate authorization requests to users;

7) The victim mistakenly thought that he was visiting the official website of Theirsverse, and the gas fee required to interact with the blockchain was extremely low. He mistakenly thought that the transaction request sent by the phishing site was a transaction to exchange Theirsverse NFT, so he clicked the confirmation button.

8) The victim clicks the transaction confirmation button 3 times, and grants the WETH and gOHM tokens held in the wallet and the spend permission (at least transferable) of a well-known NFT to the blockchain contract address controlled by the attacker. At this time, the attack The user already has the authority to transfer their two ERC20 tokens, WETH and gOHM.

9) The counterfeit site still keeps popping up transaction confirmation requests . At this time, the victim realizes the abnormality and begins to reject any transaction request initiated by the site, so as not to cause more serious losses.

10) After obtaining the transfer permission, the attacker immediately transfers the WETH and gOHM tokens held by the user to his personal wallet address by running an automated script. The history of the theft of the victim’s account assets provided by the on-chain data analysis tool debank is as follows As shown in the figure:

5,000-word

After the victim was phished, the attacker’s address was authorized to spend its WETH and gOHM tokens

Domain Name Phishing Attack Analysis and Security Suggestions

Through comparative analysis, it can be found that the successful implementation of a domain name phishing attack needs to meet the following points:

  • The victim is not familiar enough with the real domain name of the site;

     

  • The domain name held by the attacker is extremely similar to the real domain name;

     

  • A service similar to the real domain name is deployed on the server pointed to by the fake domain name DNS, making visitors mistakenly believe that they are visiting the official website of the project.

For this attack, the main security recommendations are as follows:

  • Identify the correct domain name and ask other users for verification if necessary;

     

  • Use domain name aggregation services such as linktr and link3 to access the official website of the project;

     

  • Participate in mint through contracts, but some whitelisted projects need to provide hex proof, which requires a certain front-end debugging basis.

     

  • Install the Revoke.cash plugin to help users detect the authorization behavior of assets and issue alerts. As shown below:

5,000-word

revoke.cash

  • Domain names with phishing behaviors usually pop up transaction requests to users frequently: for example, if you reject the first transaction request that pops up, he will immediately play the second one, and if he refuses to play again, it will be very noisy, so don’t worry. At times, you can reject transactions initiated by the site several times to see the behavior of the site. A page that does not want to steal user assets logically will not automatically pop up transaction requests to users frequently.

By applying for a similar domain name, cloning the code logic of the target website and modifying the logic of interacting with the blockchain , attackers can profit from phishing attacks.

2.1.4 Introduction to Site Phishing Attacks

Two types of phishing transactions are typically initiated through phishing sites:

  • Induce users to transfer a specific amount of ETH to the attacker’s account; meat buns and dogs have no response

     

  • Induce users to grant the attacker account the spend permission to use their ERC20 and ERC721 tokens, etc. If the user is induced to call the SetApprovalForAll method to authorize the held NFT to the attacker’s account, the assets will be transferred immediately after the authorization is obtained.

The picture below is a counterfeit site, which is the same as the original site’s page style

5,000-word

The fake site completely replicates the interface of the official site

Site phishing attack analysis and protection scheme

Through comparative analysis, it can be found that the successful implementation of a site phishing attack needs to meet the following points:

  • Misleading visitors into thinking that they are visiting the official project website.

     

  • Observe the time of visiting the target site, well-known project parties usually configure load balancing or CDN, and the loading speed is fast; counterfeit sites are usually only deployed on a single server node, and the access speed is not guaranteed.

For this attack, the main security recommendations are as follows:

  • Use domain name aggregation services such as linktr and link3 to access the official website of the project;

     

  • Install the Revoke.cash plug-in, which can help users detect the authorization behavior of assets and issue alarms

2.1.5 Introduction to wallet counterfeiting attacks

Blockchain wallets are an important way for users to access the blockchain network: if an attacker can induce users to download and enable counterfeit wallets, and try to restore their existing blockchain wallets using a mnemonic phrase, the attacker has Opportunity to automatically steal the mnemonic or private key entered by the user into the counterfeit wallet by means of network transmission without the user’s knowledge and without the need to initiate a transaction on the blockchain, thereby mastering the user’s digital assets.

Most blockchain wallets will open source code for users to audit, which also provides certain basic conditions for attackers to conduct application counterfeiting. By downloading the open source code, a set of counterfeit wallets with the logic of stealing the user’s mnemonic words can be quickly built: only the mnemonic words are imported and the mnemonic words input by the user are sent out without providing complete wallet functions. to the capabilities of the attacker-controlled server. The characteristic of counterfeiting wallets to steal mnemonics and then steal users’ digital assets is that when assets are stolen, users cannot accurately determine the reason for the loss of assets.

Wallet counterfeiting attack analysis and protection scheme

Similar to phishing attacks: counterfeit wallets have a similar interface to genuine wallets, but with malicious behavior such as outgoing mnemonics or private keys. The similar interface is an important reason for the successful implementation of wallet phishing attacks.

For this attack, the main security recommendations are as follows:

  • Download the wallet from the official site or the official Github release repository;

     

  • Choose a well-known and market-proven wallet;

     

  • Before trying to import mnemonics, interact with the functions in the wallet. In order to save trouble, some counterfeit wallets only write the logic and processing functions for importing mnemonic phrases on the premise of copying the UI, and do not write other functions. If the user clicks the create wallet button, an error will be prompted or the interface has no response. begin to doubt;

     

  • Every time a new wallet is installed, a new set of mnemonics is generated. It is relatively safe not to import the old wallet.

2.2 Contract interaction attacks

2.2.1 Introduction to Contract Authorization Attacks

In Ethereum, blockchain users can hold tokens that conform to the ERC20, ERC721 and ERC1155 standards.

The above tokens can either be actively transferred by the user to other accounts through transfer operations, or authorized to use or transfer tokens to specific addresses through authorization operations. The authorization methods introduced in the relevant ERC standards are as follows:

  • ERC20: Approve method (authorize a specific address, have the right to use a specific amount of tokens)

     

  • ERC721: Approve method (authorize a specific address, have the token permission to use a specific tokenID, forexample, a user holds 100 inkepass, and wants to sell the inkepass numbered 1 on opensea, only need to call the approve of the inkepass contract, the number will be The inkepass of 1 authorizes the seaport contract of opensea, which allows the use of its inkepass number 1 in opensea. But opensea now uses the setApprovalForAll method by default, so even if the NFT with a specific number is approved, it cannot be sold)

     

  • ERC721: setApprovalForAll method (to grant the current NFT usage right to an address, for example, a user who holds 100 inkepass and wants to sell it on opensea, only needs to call setApprovalForAll of the inkepass contract, authorize the seaport contract of opensea, and then hang it on opensea sells all its inkepass)

     

  • ERC1155: setApprovalForAll method (grant specific NFT usage rights to an address)

Authorization operations are legal in the ERC20, ERC721 and ERC1155 standards, but the issue of permission abuse was not considered when the standards were established: if a user grants the right to use the tokens he holds to a blockchain address controlled by a hacker, then all the user’s assets Will face the risk of being abused and stolen by hackers.

Analysis of Contract Authorization Attacks and Security Suggestions

The following figure shows the transaction record of the victim account authorizing gOHM tokens to the attacker account:

5,000-word

Authorized operation

By analyzing the records on the chain, the victim 0118.eth was induced by the attacker to call the approve method in the gOHM Token smart contract to grant the use of the gOHM token to the smart contract account controlled by the attacker: 0xA31573be292BD03d36DB137B6C2AB6eAA3d5e572, authorizing its transfer The number of tokens is 8.8058 (18 digits of precision). The attacker then used the smart contract account he controlled to transfer all the assets in the victim’s account to the attacker’s account starting with 0xc1a7575.

5,000-word

Transfer all of the victim’s gOHM tokens

For this attack, the main security recommendations are as follows:

  • Domain names with phishing behaviors usually pop up transaction requests to users frequently: for example, if you reject the first transaction request that pops up, he will immediately play the second one, and if he refuses to play again, it will be very noisy, so don’t worry. At times, you can reject transactions initiated by the site several times to see the behavior of the site. A page that does not want to steal user assets logically will not automatically pop up transaction requests to users frequently.

     

  • With wallets like Rabby with authorization checks , users will be prompted prominently when performing sensitive operations.

     

  • The function selector value of the SetApprovalForAll method is 0xa22cb465, and the first few digits of the interaction data with the transaction are 0xa22cb465. Be careful to confirm the security of the target contract and the credibility of the transaction originating site.

     

  • Installing the Revoke.cash plug-in can help users detect the authorization behavior of assets and issue alarms. For example, the ERC20 token authorization operation in the figure below is checked.

5,000-word

ERC20 token authorization alert

  • When authorizing the NFT operation, carefully observe the transaction details popped up by Metamask. The following figure shows that the user needs to authorize the operation of the opensea contract when he wants to sell Boki NFT. The key point is to pay attention to the permission request field “http://opensea.io may access and spend this asset”, you must make sure that the domain name users of the site starting with https are trusted, and if the permission request field pops up on the phishing site, it will be like “phishing site domain name may access and spend this asset”, if you find the domain name in the When you can’t believe it, be sure to refuse the deal. If necessary, you can also click the contract in “You are allowing the following contract to access your funds”, and go to the blockchain browser to query the behavior and operation of the target address. If there is malicious behavior (such as frequent transfer of user assets), it will be rejected. It must be rejected if it is a private address and not a contract address.

5,000-word

ERC721 authorization interface

  • When authorizing ERC20 tokens, you also need to observe the transaction details. The following figure shows the transaction request to authorize https://app.primex.finance to use the WETH held by the user. Make sure that the user of the site domain name starting with https is trusted. And if the permission request field pops up on the phishing site, it will be like “The domain name of the phishing site can access and use this maximum amount”, if you find the domain name you can’t trust, you must refuse the transaction. If necessary, you can also click the contract in “You are allowing the following contract to access your funds” (circled in red), go to the blockchain browser to check the behavior and operation of the target address, if there is malicious behavior (such as frequent transfers) User assets) will be rejected, if it is a private address instead of a contract address, it must be rejected.

5,000-word

Authorize the contract to use the ERC20 tokens held by the user

2.2.2 Insecure contract signature attacks initiated by phishing sites

The content of this section is very important. The target of the attacker is the NFT that the user has authorized to the Opensea contract Seaport. As shown in the figure below, this type of NFT has completed step 1:

5,000-word

Authorize

Users can view the NFTs they authorize to the Seaport contract on Etherscan, which are all targets that attackers want to steal:

See, the following NFTs are the targets of attackers, because these NFT users have authorized Opensea to use them, and they can use the Confirm listing operation in the above picture at any time. With just one signature, the listing can be listed and the listing amount can be reduced:

5,000-word

NFTs authorized to OpenSea are targeted

Introduction to Insecure Signature Attacks Launched by Phishing Sites

Hackers can also construct legal signature data based on open source contract code, and induce users to sign, allowing attackers to profit from signatures. The consequences of this attack are serious: attackers can buy the victim’s holdings at a very low price. NFTs. The basic implementation process of this attack is as follows:

Some attackers will use airdrop NFT to carry out attacks, and some will directly distribute phishing sites, and arrange a button (such as the mint button) on the page to attract users to click, the user will click, and the signature will be hit.

The following process shows how the attackers target Opensea to phishing users:

  • Attacker airdrops small image NFTs to victim addresses

     

  • The attacker makes a high bid (usually above 1 WETH) for the airdropped NFT

     

  • The user chooses to accept the attacker’s bid, but the authorization fails on Opensea (the reason is that the NFT’s contract only allows a specific address to perform authorization, such as the onlyOwner modifier)

     

  • The user goes to the “NFT project official website” to inquire about the reason (this “official website” is often displayed on the NFT page on Opensea), and the “official website” first searches the connected wallet address for all NFTs authorized by the user to allow Opensea to use (sell)

     

  • The “official website” has arranged various pits, such as the Free mint button, such as the Stake button, etc., all to guide users to sign. The signature data is constructed according to the signature logic (already open source) of the NFT listed by Opensea (accept and The contract to verify the user’s signature is Opensea’s official SeaPort smart contract, but the signature request is initiated to the user through a phishing site, and the data to be signed is constructed by the attacker and provided to the user)

     

  • Once the user performs the signature operation, the NFT held by the previous search will be sold in Opensea at the price of 0 ETH

     

  • The script deployed by the attacker will automatically snap up the user’s NFT listed for sale at a very low price;

     

  • At this point, the user’s NFT assets are gone.

Analysis of Insecure Signature Attacks Initiated by Phishing Sites and Security Suggestions

SeaPort is a smart contract used by the official Opensea exchange, but narotunft.com that initiates the signature request is a phishing site for the attacker: the data to be signed provided by the phishing site is beneficial to the attacker, by setting the selling price in the signature data to 1 (unit Not 1ETH but 1ether, which is equivalent to buying the NFT that the user has placed an order for at almost no cost), inducing the user to sign (after signing, the corresponding NFT will be listed for sale at a low price) and finally profit. The user does not authenticate the source of the signed data (phishing site) and the legality of the data content when implementing the signature operation, which is an important reason for the successful implementation of the attack.

5,000-word

Insecure pending order signature

For this attack, the main security recommendations are as follows:

  • Install revoke.cash, and users will be prompted to pay attention when a phishing site initiates an unsafe pending order request. It can be seen that since the boki in the experimental account is not authorized to Opensea, it will not appear in the alarm reminder.

5,000-word

  • When the site initiates a signature request to the user, the user needs to verify the legitimacy of the site and the data to be signed, and then execute the signature operation after confirmation to ensure that the on-chain behavior performed by the signature operation meets the user’s expectations. When the message to be signed is pure hexadecimal unreadable data, the user should insist on refusing to sign.

2.3 Remote control attacks

2.3.1 Trojan Horse Attack Cases

By inducing users to execute executable programs with malicious behaviors, they can remotely control the user’s computer. If there are digital assets in the user’s computer, the direct transfer is the characteristic of hackers implementing remote control attacks through phishing.

Remote control attacks are mainly divided into two types: 1) malicious program attacks; 2) remote control software password cracking attacks.

  • In the first type of attack, the attacker mainly distributes malicious code through social networks and induces users to click to control the user’s host. If there is Metamask in the user’s computer and it is not locked, the assets can be transferred directly; if it is locked, the unlock password entered by the user can be stolen through the keyboard hook, and the private key can be cracked with this password.

     

  • The second type of attack mainly utilizes the vulnerability introduced by some remote control software when introducing security features: the controlled host can be controlled by cracking the session password. In the blockchain scenario, some users need to run RPC nodes by themselves in order to use the blockchain. In order to easily grasp the running status of the nodes at any time, they need to configure a remote control tool to view the status of the controlled host in real time and update the configuration file. The session control passwords set by most users are weak passwords, and the default session passwords provided by remote control tools are also easy to be cracked by attackers. When the session password is cracked, the attacker will directly take over the control authority of the controlled host and steal the blockchain digital assets.

Some time ago BoxMrChen encountered this kind of attack

Phishing executable program attack analysis and security advice

Running unsafe exe programs, scripts, and setting weak unlock passwords are the main reasons for the above attacks.

Security recommendations for the above attacks are as follows

  • Make good use of sandboxes and virtual machines. Do not open files received from any user directly. Use the sandbox to observe whether a remote connection is initiated (IP connection, as shown below):

5,000-word

The remote control tool has the behavior of connecting to the remote host 185.106.92.91

  • Metamask sets a strong unlock password. This password is used to encrypt the private key of the wallet. If a password that is too weak is guessed and cracked by hackers, the user’s private key is also insecure.

     

  • Don’t just take a Windows computer and run the exe file, or unzip the zip file and run the executable program in it right away.

     

  • Important assets are stored in hardware wallets.

     

  • Preference is given to using a Mac as the host.

     

  • Install antivirus and firewall

2.3.2 0day attack

It is usually an undisclosed application-type vulnerability, which can be exploited by attackers to achieve remote overflow and execute arbitrary commands to control the user’s computer. After controlling the user’s computer, query the information of the locally installed wallet and try to transfer assets.

0day attack analysis and security advice

  • Update the system version in time

     

  • Update browser plug-in versions in a timely manner

5,000-word

  • Wallet set strong unlock password

2.4 Private Key Scanning Attack

When developing code, some developers directly store their wallet private keys in plaintext in the developed application code due to lack of security awareness. Attackers can directly use the API of open source platforms such as Github to write automatic scanning scripts. After matching and obtaining the private key, the digital assets held in the target account are quickly detected and transferred.

For this attack, the main security recommendations are as follows:

  • Make good use of the .gitignore file and put the private key configuration information into the .env file to avoid being pushed to Github. The following figure shows the default when using hardhat to generate a DAPP project.gitignore file

     

5,000-word

  • Register a new wallet specially for project development. For example, I can use Metamask for on-chain interaction, and the development wallet can use Rabby Wallet, so that the development account can be isolated from the account that uses the blockchain every day at the mnemonic level. It is also very convenient to import the wallet private key in Rabby Wallet into Metamask for development. Even if the private key is lost, the assets of the development account will be lost.

     

  • Do not recharge any mainnet assets into the development account, only store testnet assets.

2.5 Supply Chain Attacks

Supply chain attacks in the blockchain mainly include the following categories:

  • Development environment supply chain attack, code poisoning

     

  • Hardware Wallet Supply Chain Attacks: Express Substitution, Firmware Tampering

     

  • Software wallet supply chain attack: adding malicious code to steal user mnemonics, directly adding backdoors, etc.

2.5.1 Development Environment Supply Chain Attack

With the gradual expansion of front-end development framework application scenarios, more and more front-end framework security vulnerabilities have been disclosed. In July 2022, the well-known NFT whitelist receiving platform premint was attacked by hackers, and the hacker was in the front-end code of the premint platform. Injecting malicious JS scripts to implement phishing attacks: Implemented by tricking the user into signing a transaction that grants NFT usage rights to the attacker’s wallet address. The consequences of this attack were severe. To compensate users for their losses, premint paid victims more than 340 ETH.

Some gray industries use open source code to cooperate with supply chain attack methods, and use package management to distribute malicious blockchain development frameworks. Using malicious frameworks, hackers can directly steal the account private key of DAPP developers, seriously affecting users and developers. Digital asset security.The following figure shows the blockchain development framework polluted by the total supply chain. Hackers can directly extract the wallet mnemonics used by developers and send them to the Amazon cloud server controlled by the hackers. The security of digital assets poses a serious threat.

5,000-word

steal mnemonic

Development environment supply chain attack analysis and security advice

When developers choose a blockchain SDK development kit, they need to analyze the compliance and security of the development framework to avoid using SDK development kits contaminated by supply chain attacks. By checking the data integrity of the components included in the development framework and the security of the software package content distribution network, it is possible to prevent malicious JS scripts from being injected into the actual business logic of the DAPP running website due to supply chain attacks or front-end framework vulnerabilities. Causes the risk of code pollution, and effectively guarantees the security of digital assets held by DAPP users.

2.5.2 Software and hardware wallet supply chain attacks

On August 4, 2022, a large-scale user loss event occurred in the well-known public chain Solana. A large number of users claimed that their SOL and SPL standard tokens were transferred to specific four Solana wallets. Then Solana official security researchers found that, The incident of currency theft is related to Slope, a blockchain wallet that supports Solana: Slope wallet illegally uses the sentry monitoring service, and any user behavior and operation data will be uploaded to Slope’s official server and recorded: When the user creates the Solana wallet, The mnemonic and private key corresponding to the wallet are uploaded to the server in plaintext. Security researchers detected the existence of plaintext transmission of user privacy information in the Slope wallet through packet capture. The behavior is as follows:

5,000-word

Whether the wallet is newly created or imported by the user, its private key will be sent to the Slope wallet server for storage

Software and hardware wallet supply chain attack analysis and security advice

If the private key is lost, the asset is out of the user’s control, it just lacks a point in time to trigger the theft. In the case of the Slope wallet attack: whether the wallet is newly created or imported by the user, its private key will be sent to the Slope wallet server for storage.

The supply chain attack of hardware wallets is also the same. Halfway through, someone replaces an identical wallet, but the possibility that the firmware has been tampered with also exists.

The security recommendations for the above security attacks are as follows:

  • Choose a well-known and market-proven wallet

     

  • Buy hardware wallets from official channels to avoid Li Gui Li Kui

     

  • When using a hardware wallet to create an address, generate the mnemonic several times to see how random the mnemonic is. Some attacks use the random number seed of the hardware wallet to make it easy for attackers to generate the same private key and steal it. Get user assets.

     

  • Shop for hardware wallets with resistance to supply chain attacks, such as ledger and keystone

5,000-word

Ledger Live detects hardware wallets

2.6 Case Analysis of NFT Phishing Attacks

This should be the last case of this article. It is a very interesting phishing encountered every day. The attacker first distributed a phishing link through Twitter. After entering, a pop-up window will pop up to connect to the wallet, and then request authorization. The source code of the site.

5,000-word

Phishing site background configuration logic

The site has two business logics for stealing users’ digital assets:

1) NFT is sold at a price of 0.02 ETH, but the 0.02 ETH paid will be directly transferred to the hacker’s account;

2) Detect the NFT assets held in the connected wallet. Once the minimum transaction price of the NFT in the last 7 days is greater than 0.1 ETH, the user is induced to authorize the attacker’s account to have the right to transfer the corresponding NFT, and then transfer the NFT to the attacker after authorization. account and cash out.

3. Conclusion  

The reason for writing this article came from a discussion in the SeeDao investment research union. Zhouzhou raised a question about how to implement the phishing attack introduced in 2.2.2 and the reason why it was successful: It happened that I was summarizing related cases recently. I also encountered some phishing attacks implemented in this way in daily use, and I answered it based on my own understanding. After discussion, everyone thought it was necessary to organize a related attack method and security advice for your reference. This is the reason for this article. Special thanks to SeeDao and Zhouzhou for their proposals.

There are more and more attacks using the blockchain network to implement phishing, deception and fraud, and various attack methods emerge one after another. Going back to the source, many phishing attacks are actually implemented through a combination of simple attacks. They attack users by taking advantage of the user’s anxiety to participate in activities and hope to make more profits through Web3.

The attack cases described in this article are basically what I and some Web3 deeply involved users encounter daily. All the materials are screenshots and used by myself. In order to publish this article, I wrote it for two days, but it took more than 2 months to accumulate and organize the materials. I originally hoped to meet you in another form (maybe a paper), but I found this kind of article The practicality is strong, and the timeliness is not suitable for publication in the paper. But in the future, I will continue to explore and publish related content in a more general way. References to other people’s content in this article have basically been put in through external links, and I would like to thank the relevant authors for their efforts in building a more secure Web3 environment.

As a student majoring in network security, I am also deeply honored and responsible. Mastering the Dragon Saber method should allow us to better punish evil and promote good. Summarizing the existing attack cases, let everyone have a heart of prevention, it should be able to reduce the loss and probability of victims to a certain extent. Just like when Nice discord was fishing, I also stopped many netizens in the group who visited the target site. I think their losses were reduced to a certain extent, so that everyone was very happy. Security research and protection often need to start with a small thing in order to support the on-chain system that has been developed for many years and continues to develop.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/15000-word-report-teaches-you-how-to-fight-blockchain-scams/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-09-22 23:14
Next 2022-09-22 23:16

Related articles