网络与信息安全学报 (Feb 2023)
Overview of blockchain assets theft attacks and defense technology
Abstract
Since Satoshi Nakamoto’s introduction of Bitcoin as a peer-to-peer electronic cash system, blockchain technology has been developing rapidly especially in the fields of digital assets transferring and electronic currency payments.Ethereum introduced smart contract code, giving it the ability to synchronize and preserve the execution status of smart contract programs, automatically execute transaction conditions and eliminate the need for intermediaries.Web3.0 developers can use Ethereum’s general-purpose programmable blockchain platform to build more powerful decentralized applications.Ethereum’s characteristics, such as central-less control, public and transparent interaction data guaranteed by smart contracts, and user-controlled data, have attracted more attentions.With the popularization and application of blockchain technology, more and more users are storing their digital assets on the blockchain.Due to the lack of regulatory and governance authority, public chain systems such as Ethereum are gradually becoming a medium for hackers to steal digital assets.Generally, fraud and phishing attacks are committed using blockchain to steal digital assets held by blockchain users.This article aims to help readers develop the concept of blockchain asset security and prevent asset theft attacks implemented using blockchain at the source.The characteristics and implementation scenarios of various attacks were effectively studied by summarizing the asset theft attack schemes that hackers use in the blockchain environment and abstracting research methods for threat models.Through an in-depth analysis of typical attack methods, the advantages and disadvantages of different attacks were compared, and the fundamental reasons why attackers can successfully implement attacks were analyzed.In terms of defense technology, defense schemes were introduced such as targeted phishing detection, token authorization detection, token locking, decentralized token ownership arbitration, smart contract vulnerability detection, asset isolation, supply chain attack detection, and signature data legitimacy detection, which combine attack cases and implementation scenarios.The primary process and plans for implementation of each type of defense plan were also given.And then it is clear which protective measures can protect user assets in different attack scenarios.
Keywords
