amaury_joly/pfe-blockchain
1
0
Fork 0
mirror of https://etulab.univ-amu.fr/v18003685/pfe-blockchain.git synced 2024-02-26 02:14:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'noteCentralised' into 'develop'

Browse Source 
ajout notes eloise

See merge request v18003685/pfe-blockchain!7
This commit is contained in:
ROTONDO Eloise
2023-02-18 13:20:02 +00:00
parent 9697315e68 75bb3ae197
commit bdcba890a8
1 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
team_centralisé/notes_elo.md Normal file
View File

@ -0,0 +1,45 @@
1) Access to hot/cold wallet with stolen private key
Exemple: BitMart
Source: https://support.bitmart.com/hc/en-us/articles/4411998987419-BitMart-Security-Breach-Update
Solution utilisée : Remplacement des adresses de déposit et mise à jour des clefs
2) Compromised system/servers
Exemple: Bitpoint
3) Data leak (private key)
Exemple : KuCoin
Source : https://www.kucoin.com/fr/news/en-kucoin-ceo-livestream-recap-latest-updates-about-security-incident
Solution utilisée : Abandon des hot wallet
4) Malware/Phising
Exemple: Bitstamp
Source: https://www.reddit.com/r/Bitcoin/comments/3bpdb4/bitstamp_incident_report_22015/
Solution utilisée : Ne pas ouvrir des documents word provenants de sources inconnus (le doc contenait un script VBScript qui téléchargeait un malware)
5) Vulnerability in protocol
Exemple: Balancer
Source: https://cryptopotato.com/rising-defi-protocol-balancer-loses-500000-to-hacker-in-pool-exploit/
6) Bugs and Re-entrancy attack
Exemple: Lendf.me, Uniswap
Mots clefs : Reentrancy attacks, token ERC777
GitHub exploit : https://github.com/OpenZeppelin/exploit-uniswap
Source: https://www.zdnet.com/article/hackers-steal-25-million-worth-of-cryptocurrency-from-uniswap-and-lendf-me/
Solution utilisée :
7) Suspected trusted insider
Exemple: CoinSecure
Source: https://securityaffairs.com/71322/hacking/coinsecure-hacked.html
8) Phishing data on fake site
Exemple: LocalBitcoins
Source: https://www.reddit.com/r/localbitcoins/comments/ak1u8m/localbitcoins_report_on_the_security/
Attaque : Redirection des utilisateurs vers un site de phising
9) Server DNS compromised
Exemple: EtherDelta
Source: https://www.ccn.com/cryptocurrency-exchange-etherdelta-hacked-in-dns-hijacking-scheme/
Source vulnérabilités : https://resources.infosecinstitute.com/topic/security-vulnerabilities-of-cryptocurrency-exchanges/