Yesterday, the domestic digital Tibetan platform, Tianqiong Digital Tibetan, claimed to be hacked. It is reported that the price of digital collections on the platform has suddenly skyrocketed thousands of times, and collections with a price of tens of millions after the increase can be sold in seconds.
PART1 Tianjing Digital Tibetan Security Incident Review
According to Tianqiongshuzang users, at about 4:00 a.m. on May 17, it was found that the prices of the collections on the Tianqiongshuzang APP suddenly skyrocketed by a thousand times.
Subsequently, the platform issued an announcement saying: Because the platform has encountered a large number of malicious attacks, resulting in abnormal data, the alarm has been dealt with. For the impact, each player will be compensated with an airdrop.
Some platform users have reported that their collections have returned to their accounts and have returned to their previous state.
Before analyzing the incident, we found the official website and APP of Tianqiong Shuzang, but did not find any relevant text introduction to the platform. When I searched on the Internet, I found an article introducing the platform (article title: Tianqiong Shuzang丨Strong Return). According to the article introduction, I learned that:
1) Tianqiong Digital Collection is a digital collection platform with artwork auction qualifications;
2) The Tianqiong Data Collection platform will be officially launched in April 2022;
3) A series of collections such as “Crazy Animals” have been launched on the Tianqiong Digital Collection platform;
4) The Tianqiong Shuzang platform has its own secondary market, and the collections purchased from Tianqiong can be directly traded in its own secondary market, which can be divided into three parts: listing, buying and auction.
Tianqiong Shuzang APP listing market page
Tianqiongshuzang APP auction market page
Analysis of the causes of security incidents in PART2
According to the preliminary analysis of the Chengdu Lianan security team, the reason for this attack may be as follows: the attacker breached the platform database through traditional network security, maliciously tampered with the account balance, resulting in a large number of users’ high-priced pending orders still being able to be traded, which eventually led to abnormal data.
The Chengdu Chain Security team recommends:
1) In the process of design, implementation and deployment of domestic digital collection platforms, they should pay attention to traditional security fields such as communication and network security, host security, database security, and mobile security, and do a good job in security protection;
2) In the process of operation and maintenance of domestic digital collection platforms, the design and implementation of financial risk control should be done well to avoid large-scale capital changes without knowing it;
3) When consumers of digital collections choose a trading platform, they need to pay attention to platform compliance risks and pay attention to ensuring the safety of their own property;
4) Consumers of digital collections should be alert to speculation risks and market bubbles to avoid property damage when the bubble bursts.
How to prevent the security problems of PART3 digital collections?
What are the security risks of digital collections?
This is not the only digital collection security incident this year . It is reported that in March this year, the only art on the digital collection platform was also attacked . The servers of the Unique Art Platform were frequently attacked by illegal software and DDoS, resulting in system failures and errors in some orders.
With the rapid rise of digital collections in China, its security issues should also attract everyone’s attention. Compared with foreign NFTs, digital collections developed on the alliance chain are more in line with regulatory requirements and have higher security. But this does not mean that the security problems and hidden dangers of digital collections do not exist.
In the series of articles on the topic of digital collections that we launched yesterday, we just introduced the security risks of digital collections. Whether it is the issuer, buyer or developer of digital collections, they may face security risks, such as: technical risks, financial security risks, price speculation risks, network fraud risks, infringement rights protection risks, regulatory compliance risks, etc.
Chengdu Lian’an helps digital collection security risk prevention
Security is a necessary condition for the prosperity and healthy development of digital collections. On the premise of meeting domestic regulatory requirements, security issues are the top priority for the development of digital collections.
The digital collection itself is developed based on blockchain technology, and its business is also realized through smart contracts. Therefore, on the basis of focusing on the traditional security of digital collections, the security of blockchain should be paid more attention.
As the world’s leading blockchain security company, Chengdu Lian’an has long been concerned about the security of digital collections and alliance chains . , alliance chain, etc. to provide overall security solutions for the whole life cycle.
On the one hand, we can provide security detection for the underlying consortium chain platform of digital collections, comprehensively screen the security risks of the underlying consortium chain platform of digital collections, and provide solutions;
On the other hand, we can also provide services such as security auditing for the smart contracts of digital collections, conduct comprehensive security verification on the conventional security vulnerabilities and business logic security vulnerabilities of smart contract codes, and ensure the consistency of smart contract codes and business logic. Issue an authoritative security audit report.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/how-to-ensure-the-safety-of-digital-collections-after-another-domestic-digital-collection-platform-was-maliciously-attacked/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.