Overnight, BTC (Bitcoin) made a strong comeback, reversing the trend from high to low and seeing continuous gains, rallying back above the $70,000 mark. The bulls did a great job, fighting a satisfying battle! Inspired by this momentum, the entire cryptocurrency market rose, and UNI (Uniswap) also surged more than 10%, approaching the $12 mark.
Yesterday’s internal reference on June 4th mentioned a sad and alarming news: a netizen placed over $1 million in cryptocurrency assets on a certain trading platform, but unfortunately, the login credentials were stolen by hackers, who remotely accessed the account and emptied it. It is worth noting that the stolen credentials were used on different devices and IPs, and the transactions were abnormal (since the hackers did not have the withdrawal password, they could only sell the assets). These are common security measures on the web2 internet (you can try using Alipay or WeChat Pay to see if these situations would trigger system alerts and temporarily freeze your account) but surprisingly, the intrusion detection systems of the web3 global leading platforms remained silent!
If you still believe in what the leaders of certain exchanges said in the past, that it is safer to keep your coins in centralized custody rather than managing your private keys and holding coins on the blockchain, then you are naive.
A security company analyzed the incident and pointed out that besides the fact that the user’s computer browser had installed malicious plugins, there were also a lot of technical terms and explanations about Chrome plugins that ordinary people couldn’t understand. It is impossible to turn ordinary users into internet security experts. From this perspective, the security issues in blockchain will never be resolved.
Moreover, telling only half of the story will lead to a misleading conclusion that the user is solely responsible for such security incidents.
Wrong.
Jiaolian believes that a basic principle of web3 asset management should be clarified: whoever has actual control over the assets bears greater or even total security obligations and responsibilities.
This complies with the basic principle of “power-responsibility” equality in human society.
Based on this principle, we can understand why Alipay implements so many security measures for users and why banks care about user remittances and preventing telecom fraud. If we abandon this principle, Alipay or banks could simply say that users were deceived on their own and it has nothing to do with them.
Due to the super-sovereign nature of blockchain assets, the cost of bearing these security obligations and responsibilities is extremely high, often becoming an unbearable burden for centralized platforms. Therefore, it can be further deduced that one of the fundamental ideas of blockchain is to let everyone manage their own private keys and control their own assets. Each person bears their own responsibilities, which disperses the burden and cost, making blockchain feasible.
The blockchain has only been developed for a mere 15 years, and centralization and decentralization are still mixed together. The current crypto world is like the “Dark Forest” described in “The Three-Body Problem,” full of unknown dangers. For newcomers stepping into it, a single mistake can expose themselves to the “hunters” lurking in the darkness, who can take them down with a single shot.
In this article, Jiaolian proposes a “Suspicion Chain” model for blockchain security (the term also comes from “The Three-Body Problem”), to help both new and old friends identify the security risks of blockchain and survive in this chaotic world.
“Anything that can go wrong will go wrong.” – Murphy’s Law
The “Suspicion Chain” model proposed by Jiaolian for blockchain security is to organize all the links between you and your assets into a chain. According to Murphy’s Law, the security of each link in the chain is doubtful. Therefore, the longer the chain, the lower the overall security of the Suspicion Chain.
Just like determining a reference frame is necessary for calculating physical laws, evaluating the security of any Suspicion Chain requires establishing a reference frame for blockchain security. This reference frame is the shortest Suspicion Chain: managing Bitcoin with your own private key. (Jiaolian has written about the practical method for this before, you can review “How to Safely Store Bitcoin with a Private Key” (October 20, 2020)).
The shortest Suspicion Chain of managing Bitcoin with your own private key can be visually represented as follows:
Me
|
Generator (offline)
|
Private Key (paper)
|
Bitcoin blockchain
|
BTC
Or, if it is a brain wallet:
Me (private key passphrase)
|
Encoder (offline)
|
Bitcoin blockchain
|
BTC
With these two minimal Suspicion Chain models as references, we can evaluate the security risks of any other web3 security Suspicion Chain model:
1. If the number of links in the Suspicion Chain increases, the security decreases and the risk increases.
2. For a specific link, the order of security comparison is generally: non-electronic media > electronic devices, offline > online, no need to trust a third party > need to trust a third party, and so on.
“What we need is an electronic payment system based on cryptographic proof instead of trust… without the need for a trusted third party.” – Satoshi Nakamoto, Bitcoin White Paper
Taking the example from the previous article, placing assets (BTC in this case) on a centralized trading platform:
Me
|
Computer (-)
|
Browser (-)
|
Trading platform (-)
|
Bitcoin blockchain
|
BTC
(-) indicates deductions. The computer is an electronic device, deduct points. The browser accessing the trading platform is online, deduct points. The trading platform controls Bitcoin, which means you need to trust it as a third party, deduct points.
The security incident of the million-dollar theft in this case occurred precisely in the links of “browser” and “trading platform,” where security decreased and suspicion increased. The browser was infiltrated by malicious plugins. The trading platform did not effectively monitor abnormal states and behaviors. The combination of the two resulted in a tragedy.
Let’s give a few more examples to demonstrate the use of the Suspicion Chain:
Using a connected mobile app software wallet (non-custodial) to store BTC:
Me
|
Mobile phone (-)
|
App store, download websites (-)
|
Mnemonic backup (paper)
|
App (-)
|
Bitcoin blockchain
|
BTC
The connected mobile phone is a deduction. Apple’s security > Android’s security. The app is a deduction. Open-source, well-tested apps > new, unknown apps. Directly installing packages downloaded from unofficial sources or sent by other users should raise a red flag! If you have this bad habit, losing your coins to theft is just a matter of time.
Using mnemonic phrases to store USDT:
Me
|
Generator (offline)
|
Private Key (paper)
|
USDT blockchain
|
USDT
|
Tether company
|
Bank
|
USD, other reserve assets
|
US Treasury bonds
Surprised or not? USDT is not a real underlying asset, and the Suspicion Chain doesn’t end there! If you think stealing the private key guarantees worry-free security, then you are completely wrong.
Starting from this model, including more complex and longer Suspicion Chains, I will not mark deduction items anymore because every link is a deduction, with security risks everywhere, almost like a sieve. Haha~
Using the Metamask plugin wallet to hold WBTC (Wrapped BTC) on Ethereum:
Me
|
Browser
|
Plugin store
|
Mnemonic backup (paper)
|
Metamask
|
Ethereum blockchain
|
WBTC
|
Custodian companies (multiple)
|
Bitcoin blockchain
|
BTC
Using a Ledger hardware wallet + Metamask to hold ETH staked in Lido for yield:
Me
|
Mnemonic backup (paper)
|
Ledger hardware wallet
|
Browser
|
Plugin store
|
Metamask (no private key)
|
Lido staking website
|
Ethereum blockchain
|
stETH
|
Lido custodial network
|
ETH
And so on. I believe readers should easily comprehend and master this thinking method.
The three most important things in blockchain are what? First is security, second is security, and third is still security.
Be cautious on the ship that sails for thousands of years.
I hope Jiaolian’s Suspicion Chain thinking method can help readers improve their security awareness, avoid pitfalls, and stay on track!
(Public account: Liu Jiaolian. Knowledge Planet: reply “planet”)
(Disclaimer: The content of this article does not constitute any investment advice. Cryptocurrencies are highly risky assets with the risk of going to zero at any time. Please participate with caution and take responsibility for yourself.)
Tags:
Uniswap
Liu Jiaolian
Investment insights
Bitcoin
Personal thoughts
Source link:
https://mp.weixin.qq.com/s/dzubbPwlq-O7hgm5olqSqw
Disclaimer: The content of Bitpush.news represents the author’s views and does not constitute investment advice.
Original article link: https://www.bitpush.news/articles/6845895
Related news:
[Bitpush Daily Market Review] Bitcoin breaks above $71,000, market sentiment influenced by macro data
Ethermint (Ethsubscriptions): One Year Retrospective and Future Outlook
Bankless: Can Bitcoin Break Its All-Time High?
The never-ending debate between big and small blocks
Understanding Bitcoin OP_CAT: Why Satoshi Nakamoto brought it back
