ajout notes eloise

team_centralisé/notes_elo.md

@@ -0,0 +1,45 @@
+1) Access to hot/cold wallet with stolen private key
+	Exemple: BitMart
+	Source: https://support.bitmart.com/hc/en-us/articles/4411998987419-BitMart-Security-Breach-Update
+	Solution utilisée : Remplacement des adresses de déposit et mise à jour des clefs
+
+2) Compromised system/servers 
+	Exemple: Bitpoint
+
+
+3) Data leak (private key) 
+	Exemple : KuCoin
+	Source : https://www.kucoin.com/fr/news/en-kucoin-ceo-livestream-recap-latest-updates-about-security-incident
+	Solution utilisée : Abandon des hot wallet
+
+
+4) Malware/Phising 
+	Exemple: Bitstamp
+	Source: https://www.reddit.com/r/Bitcoin/comments/3bpdb4/bitstamp_incident_report_22015/
+	Solution utilisée : Ne pas ouvrir des documents word provenants de sources inconnus (le doc contenait un script VBScript qui téléchargeait un malware)
+
+5) Vulnerability in protocol
+	Exemple: Balancer
+	Source: https://cryptopotato.com/rising-defi-protocol-balancer-loses-500000-to-hacker-in-pool-exploit/
+	
+6) Bugs and Re-entrancy attack 
+	Exemple: Lendf.me, Uniswap
+	Mots clefs : Reentrancy attacks, token ERC777
+	GitHub exploit : https://github.com/OpenZeppelin/exploit-uniswap
+	Source: https://www.zdnet.com/article/hackers-steal-25-million-worth-of-cryptocurrency-from-uniswap-and-lendf-me/
+	Solution utilisée : 
+
+7) Suspected trusted insider 
+	Exemple: CoinSecure
+	Source: https://securityaffairs.com/71322/hacking/coinsecure-hacked.html
+
+8) Phishing data on fake site
+	Exemple: LocalBitcoins
+	Source: https://www.reddit.com/r/localbitcoins/comments/ak1u8m/localbitcoins_report_on_the_security/
+	Attaque : Redirection des utilisateurs vers un site de phising
+
+9) Server DNS compromised 
+	Exemple: EtherDelta
+	Source: https://www.ccn.com/cryptocurrency-exchange-etherdelta-hacked-in-dns-hijacking-scheme/
+
+Source vulnérabilités : https://resources.infosecinstitute.com/topic/security-vulnerabilities-of-cryptocurrency-exchanges/