区块链机密货币交易锁遭入侵,安全存在隐患。使用泰雷兹Protect server HSM加密机,多方位保护您的数据,并通过集中化管理,安全的存储密钥。
Block chain secret currency trading locks are breached, and there are security concerns.
引文部分:
Quoted part:
损失7000万美元!黑客入侵香港区块链加密货币交易所
Seventy million dollars lost! Hackers have invaded Hong Kong's block chain of encrypted currency exchange.
2023年9月,中国香港区块链加密货币交易所CoinEx的热钱包遭到黑客攻击,导致各种资产类型的总损失约为7000万美元。目前初步确定事件原因为热钱包私钥泄露,CoinEx交易所正在提供“漏洞赏金”以换取资金的归还。
In September 2023, the hot wallet of CoinEx, the Chinese block chain encrypted currency exchange in Hong Kong, was hit by hackers, resulting in a total loss of about $70 million for various asset types. It is now initially determined that the cause of the incident was the disclosure of the hot wallet’s private key, and the CoinEx exchange is offering a “fault reward” in exchange for the return of funds.
最初被窃取了价值数千美元的以太币(ETH)。随后共超过2000万美元的ETH、1000万美元的波场币(TRON)以及在其他资产类型中6000万美元的币安币(BSC)和比特币(BTC)被窃取。该加密交易所在这些热钱包中总共持有约1.15亿美元,其余资金已转移到冷钱包中以供安全保管。CoinEx声明,从加密交易所盗取的资金来自CoinEx用作储备的热钱包,平台用户没有受到影响,任何因数据泄露而遭受损失的用户将获得“100%的赔偿”。
First, thousands of dollars worth of ETH were stolen. Then more than $20 million worth of ETH, $10 million worth of TRON and $60 million worth of MON (BSC) and Bitcoin (BTC) in other asset types were stolen. The encrypted exchange held a total of about $115 million in these hot wallets, and the rest of the money was transferred to the cold wallets for safekeeping. CoinEx stated that funds stolen from the encrypted exchange came from CoinEx as a reserve wallet, that platform users were not affected, and that any user who suffered a loss as a result of the data leak would receive “100% compensation”.
此次攻击涉及的加密资产
This attack involves encrypted assets.
CoinEx公司发布声明表明正在对此次数据泄露事件进行调查。由于钱包系统的重建,包括211个区块链和737种币种,加密交易所的服务(包括存款和提款)曾一度暂停。随着重建工作的进行,服务正在逐步重新引入。CoinEx还在联系其他加密交易所,请求冻结被盗的资产。CoinEx以前从未遭受过黑客攻击,甚至不久前还将其数据泄露记录作为自我宣传的博客文章主题。除了关于数据泄露的详细信息不明确外,CoinEx尚未提供任何关于可能的黑客的信息。
CoinEx issued a statement indicating that an investigation into the data leak was under way. As a result of the reconstruction of the wallet system, including 211 block chains and 737 currencies, the services of the encrypted exchange (including deposits and withdrawals) were temporarily suspended. As the reconstruction process proceeded, the services were gradually being re-incorporated. CoinEx was also in contact with other encrypted exchanges to request the freezing of stolen assets. CoinEx had never been hit by hackers before, and even recently used its data leaks as the subject of self-advocated blog articles.
CoinEx创始人就此次事件在社交媒体上发声
The founder of CoinEx made a sound in social media about the event.
下一步,公安机关将持续贯彻落实《网络安全法》《数据安全法》及《关键信息基础设施安全保护条例》等法律法规要求,加强网络和数据安全监督检查和安全保护工作,依法打击危害网络安全、数据安全、侵害公民个人信息等违法行为,做好源头防控,坚决维护网络和数据安全。
As a next step, the public security organs will continue to implement the legal and regulatory requirements of the Cybersecurity Act, the Data Security Act and the Regulations on the Security Protection of Critical Information Infrastructures. They will strengthen their network and data security oversight inspections and security protection, combat violations of cyber security, data security and violations of citizens'personal information, in accordance with the law.
以上引文部分《损失7000万美元!黑客入侵香港区块链加密货币交易所》为原文,新闻来源科信量子公众号
The quote above, “Losing $70 million! The hacker's invasion of Hong Kong's block chain of encrypted currency exchange” is original.
以下安策解决方案部分:
The following analytic solutions component:
区块链
Block Chain
区块链存储有价值的信息,用户之间的交易记录(加密货币余额)合同协议记录资产所有权证明。
The block chain stores valuable information, and the contractual agreement between users to record transactions (encrypted currency balances) records proof of ownership of assets.
区块链面临的挑战:
Challenges in the block chain:
对账本的信任在分布式环境中至关重要
Trust in book reconciliation is crucial in a distributed environment.
分类帐的所有交易必须经过数字签名
All transactions in the ledger must be digitally signed.
使用密码和其他数字签名来证明身份、真实性并强制执行读/写访问权限
Use passwords and other digital signatures to prove identity, authenticity and enforce read/write access
对私钥的安全保护
Security protection of private keys
安策提供可信密钥基础设施——HSM加密机
Anse provides a credible key infrastructure - HSM encryption machine
泰雷兹的ProtectServer Network Hardware Security Modules (HSMs) 是一款为保护密码算法密钥被非法获取而设计安全的网络型物理服务器。它的主要功能是提供为加密、签名和认证服务保护,从而保证应用系统的安全。
The ProtecServer Network Hardware Security Modeles (HSMs) of Thrace is a network-based physical server designed to protect password keys from illegal acquisition. Its main function is to provide protection for encryption, signature and authentication services, thereby ensuring the safety of the application system.
数字安全保护了用户、机器、设备、数据、基础架构、应用。能够做到可信认,完整性,可用性,机密性。仅加密是不够的,密钥是数字信任的基础。
Digital security protects users, machines, equipment, data, infrastructure, applications. It can be credible, complete, accessible, and confidential. Encryption alone is not enough, and the key is the foundation of digital trust.
使用HSM加密机的理由:
Reason for HSM encryption:
在物理防篡改硬件中安全的密钥
Secure key in physical tampering hardware
私钥不可提取
Private key not available
在安全环境中执行加解密
Implementation of decryption in the security environment
巧用硬件提供的强熵生成密钥
Coincidentally provided hardware for the production of entropy keys
通过FIPS 140-2和CC等独立认证
Independent certification through FIPS 140-2 and CC
HSM也是一直不断发展以满足新的技术需求。信任根是密码系统的基础,数字安全取决于加密和解密数据并执行签名和验证签名等功能的加密密钥。在硬件安全模块 (HSM) 等安全环境中确保这些密钥和加密功能的完整性至关重要。信任根保护数据、用户和应用程序的安全,并有助于在整个生态系统中建立信任。
HSM is also constantly evolving to meet new technological needs. Trust is the foundation of cryptographic systems, and digital security depends on encryption and declassification data and encryption keys that perform such functions as signing and authentication of signatures. Ensuring the integrity of these keys and encryption functions in security environments such as the hardware security module (HSM) is essential. Trust protects the security of data, users and applications and helps build trust throughout the ecosystem.
提供加密密钥的存储、保护和管理能力,为敏感数据和关键应用提供安全保障
Provision of storage, protection and management capacity for encryption keys to provide security for sensitive data and critical applications
ProtectServer HSMs拥有以下的特性和功能为敏感数据和关键应用提供安全保障。
ProtecServer HSMs has the following features and functions to provide security for sensitive data and critical applications.
1.高安全性
1. High security
ProtectServer Network HSM 内有高可靠执行安全加密处理的加密模块。
ProtecServer Network HSM contains encryption modules that are highly reliable for secure encryption.
设备的特点是带有防篡改高安全性的重型钢壳,为存储和处理高度敏感的信息(如加密密钥、pin和其他数据)提供最高级别的物理和逻辑保护。安全存储和处理意味着加密密钥永远不会以明文的形式暴露在硬件安全模(HSM)之外,为客户提供软件方案无法提供的安全级别,同时提供经过第三方认证机构认证,以满足行业组织的安全需求。
The equipment is characterized by high-security heavy steel casings, which provide the highest physical and logical protection for the storage and processing of highly sensitive information (e.g. encryption keys, pins and other data). Security storage and handling means that encryption keys will never be exposed in an explicit form beyond the hardware security model (HSM), providing a level of security that the client cannot provide by a software programme, and providing certification by a third-party certification body to meet the safety needs of industry organizations.
2.灵活设计方案
2. Flexible design
ProtectServer HSMs 提供了让应用程序开发人员创建自己的固件并在HSM的安全范围内执行它的内存空间,从而提供了独特的灵活性。此模块被称为Functionality Modules(FM),它提供了开发和部署定制固件的全部工具。提供了实现全功能的软件仿真器完善了灵活的开发工具,使得开发人员能够在桌面计算器上测试和调试自定义固件。模拟器还可以作为测试应用程序的工具,而不需要ProtectServer HSM。准备就绪后,开发人员只需安装HSM将通信重定向到硬件,不需要对软件进行任何更改。
ProtecServer HSMs provides unique flexibility by allowing application developers to create their own solids and implement their memory space within HSM's safe range. This module, known as Fundability Modules (FM), provides all the tools for developing and deploying customized solids. A fully functional software emulator has refined flexible development tools to enable developers to test and debugger self-defined solids on desktop calculators. Simulators can also be used as tools for testing applications instead of ProtecSer HSM. When prepared, developers simply need to install HSM to redirect communications to hardware and do not need any changes to the software.
3.方便管理
3. Management-friendly
图形用户界面(GUI)易于理解和操作,简化了用户和HSM设备交互,方便对HSM设备管理和密钥管理。紧急的管理任务,例如密钥修改、添加和删除,可以在远程安全地执行,从而降低管理成本和响应时间。
A graphical user interface (GUI) is easy to understand and operate, simplifying interaction between users and HSM devices, and facilitating the management and key management of HSM devices. Emergency management tasks, such as key modification, addition and removal, can be performed remotely and safely, thereby reducing management costs and response times.
4.高性能和扩展性
4. High performance and expansion
ProtectServer Network HSM能供快速执行密钥运算。专门的加密电子设备——包括一个专用的数据密码微处理器、内存和一个真正的随机数生成器(RNG)——从主机系统中卸载加密处理,释放它来响应更多的请求。
ProtecServer Network HSM can perform key operations quickly. Special encryption electronic devices – including a dedicated data password microprocessor, memory and a real random number generator (RNG) – remove encryption from the mainframe system and release it to respond to more requests.
ProtectServer Network HSM可广泛的用于对称和非对称密钥处理,以满足各种安全应用程序处理需求,其速度可达每秒1500个RSA -1024签名操作。所包括的双网络接口可允许HSM集成在相同或不同的子网上,并在不同的网络之间共享,以保护多个业务域或在单个网络中提供冗余。此外,高水平的可扩展性,可靠性、冗余和增加的吞吐量很容易实现,因为可以协同工作的HSMs的数量没有限制,或者可以管理的密钥的数量没有限制。
ProtecServer Network HSM can be used extensively for symmetrical and asymmetric key processing to meet the processing needs of various security applications at a speed of up to 1,500 RSA-1024 signatures per second. The two network interfaces included allow HSM to be integrated on the same or different sub-networks and shared across different networks to protect multiple domains or provide redundancy in individual networks. Moreover, high levels of scalability, reliability, redundancy and increased vomiting can easily be achieved because there is no limit to the number of HSMs that can work together, or there is no limit to the number of keys that can be managed.
5.便利性
5. Accessibility
智能卡为安全备份、恢复和传输加密密钥提供了最高的安全性和管理便利性。升级可以在工作区域完成,避免到安全机房操作的过程。ProtectServer HSMs还支持通过兼容的PIN Pad输入关键组件。
Smart cards provide the highest level of security and management convenience for secure backup, recovery and transmission of encryption keys. Upgrades can be done in the working area, avoiding the process of operating in a secure machine room.
6.多因素的身份验证
6. Multi-factor identification
ProtectServerHSM支持多重身份验证。此身份验证方案通过要求记忆令牌PIN和由110OTP令牌随机生成的6位数字增加了另一层安全性。
ProtecServerHSM supports multiple identifications. This authentication program adds another layer of security by requiring memory sign PIN and randomly generated six-digit numbers from 110OTP.
7.高可用性
7. High availability
除了ProtectServer 3 HSM提供的特性和功能外,Protect Server 3+HSM还使用双可插拔交流电源来帮助高可用性数据中心防止停电,并通过提供将设备连接到两个独立电源的能力,以防止其中一个电源可能发生的故障来实现业务连续性。这提供了必要的灵活性,以执行维护或更换一个有故障的电源或电源供应,以保证您的设备将继续运行。
In addition to the features and functions provided by ProtecServer 3 HSM, ProtecServer 3+HSM also uses a double plug-in exchange power source to help high-availability data centres prevent power outages and to provide business continuity by providing the capability to connect equipment to two stand-alone power sources in order to prevent a possible failure of one of them. This provides the flexibility necessary to perform maintenance or replacement of a malfunctioning power source or supply to ensure that your equipment will continue to function.
安策方案可在以下几个方面保护区块链:
The Anse programme can provide a chain of protected areas in the following areas:
提供强大的身份和身份验证以访问区块链
Provide strong identification and identification for access to block chains
PKI体系为设备提供数字身份,即证书
The PKI system provides a digital identity, i.e. a certificate, for the equipment
STA为人类提供全自动高安全的身份验证服务
STA provides a fully automated high-security identification service for humans
保护核心区块链技术
Protection of core block chain technology
在FIPS 140-2 3级硬件中安全地生成、使用和存储加密密钥,包括 RSA、ECC椭圆曲线(secp256k1、Ed25519 等)
Securely generated, used and stored encryption keys, including RSA, ECC elliptical curves (secp256k1, Ed25519 et al.) in FIPS 140-23 hardware
签署智能合约以证明其来源
Sign an intelligent contract to prove its origin.
使用 BIP32 的分层确定性钱包支持
Supported with a stratification wallet using BIP32
保护存储在区块链内外的数据以提供交易的机密性
Protection of data stored inside and outside the block chain to provide confidentiality of transactions
保护整个区块链网络的通信
Protect communication throughout the block chain network
生成和安全存储用于TLS和SSL网络连接的加密密钥
Generate and securely store encryption keys for TLS and SSL network connections
另有可供编程的功能模块(FM),以安全地执行自定义加密或添加自定义区块链算法
There are also functional modules (FM) available for programming to safely implement custom encryption or add custom block chain algorithms
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论