pfe-blockchain/team_centralisé/notes_elo.md

1. Access to hot/cold wallet with stolen private key Exemple: BitMart Source: https://support.bitmart.com/hc/en-us/articles/4411998987419-BitMart-Security-Breach-Update Solution utilisée : Remplacement des adresses de déposit et mise à jour des clefs

2. Compromised system/servers Exemple: Bitpoint

3. Data leak (private key) Exemple : KuCoin Source : https://www.kucoin.com/fr/news/en-kucoin-ceo-livestream-recap-latest-updates-about-security-incident Solution utilisée : Abandon des hot wallet

4. Malware/Phising Exemple: Bitstamp Source: https://www.reddit.com/r/Bitcoin/comments/3bpdb4/bitstamp_incident_report_22015/ Solution utilisée : Ne pas ouvrir des documents word provenants de sources inconnus (le doc contenait un script VBScript qui téléchargeait un malware)

5. Vulnerability in protocol Exemple: Balancer Source: https://cryptopotato.com/rising-defi-protocol-balancer-loses-500000-to-hacker-in-pool-exploit/

6. Bugs and Re-entrancy attack Exemple: Lendf.me, Uniswap Mots clefs : Reentrancy attacks, token ERC777 GitHub exploit : https://github.com/OpenZeppelin/exploit-uniswap Source: https://www.zdnet.com/article/hackers-steal-25-million-worth-of-cryptocurrency-from-uniswap-and-lendf-me/ Solution utilisée :

7. Suspected trusted insider Exemple: CoinSecure Source: https://securityaffairs.com/71322/hacking/coinsecure-hacked.html

8. Phishing data on fake site Exemple: LocalBitcoins Source: https://www.reddit.com/r/localbitcoins/comments/ak1u8m/localbitcoins_report_on_the_security/ Attaque : Redirection des utilisateurs vers un site de phising

9. Server DNS compromised Exemple: EtherDelta Source: https://www.ccn.com/cryptocurrency-exchange-etherdelta-hacked-in-dns-hijacking-scheme/

Source vulnérabilités : https://resources.infosecinstitute.com/topic/security-vulnerabilities-of-cryptocurrency-exchanges/