织梦CMS - 轻松建站从此开始!

火币新闻_火币资讯_火币新闻资讯_火币区块链_火币_专注于区块链新闻资讯

当前位置: 主页 > 火币新闻资讯 >

Ripple: Exchange wallets loose millions in XRP due to malici

时间:2020-08-01 05:00来源:未知 作者:admin 点击:
广告位API接口通信错误,查看德得广告获取帮助
比特币区块链浏览器okexbuy cryptookex

Crypto exchange platforms, merchants and gateways are vulnerable to malicious attacks. This occurs due to a failure to configure the XRPL when it is integrated with the exchange platform or one of the other institutions. In fact, it is a recurring error that has allowed malicious actors to empty

containing

of a platform or trader.

According to the tool dedicated to prevent and stop this kind of attack, Xrplorer, only during June 3 have been successfully stopped. On their Twitter account, the tool advised the exchanges to check their settings. Xrplorer claims that malicious actors are constantly looking for platforms that allow them to take advantage of the Partial Payments feature.

This feature is part of the XRP Ledger, as mentioned, and is one of the payment methods that allow

. The Partial Payment function allows a sent transaction to deduct the recipient’s transfer fee. That way, if a user is making a return or returning a payment, the transaction fee can be charged to the recipient and the sending user does not incur an additional expense. According to the XRPL GitHub page:

The amount of XRP used for thetransaction cost is always deducted from the sender’s account, regardless of the type of transaction. Partial payments can be used to exploit naive integrations with the XRP Ledger to steal money from exchanges and gateways.

There are clear attack scenarios that the XRPL development team has determined. For exchanges, usually a malicious attack that takes advantage of the Partial Payment vulnerability begins with a transaction that the platform receives. This transaction is usually large and has the Partial Payment notification enabled.

The transaction is accepted but the exchange receives a low amount of the specified currency. The platform reads the transaction, but only sees the field where the initial amount, the large sum of the specified currency, or the metadata field called the delivered_amount is indicated. The compromised institution proceeds to credit the malicious actor with the initial amount on an external system, despite having received a much smaller sum on the XRPL.

In the case of gateways, the malicious actors will look for a means to change the stolen funds to

(BTC),

(ETH) or a cryptocurrency in a blockchain because the transactions are irreversible upon confirmation. For exchanges, attackers could withdraw the funds directly in XRP to the XRP Ledger.

It is recommended that institutions use the delivered_amount field to process their transactions. This should be sufficient, according to the XRP Ledger page, to avoid the vulnerability. In that sense, Xrplorer’s CEO, Thomas Silkjaer, also recommends the following:

Exchanges: Don’t go live with your XRP implementation, before you have tested it. A big warning is at the very beginning of the “List XRP as an Exchange” tutorial on http://xrpl.org and yet I have cringed while watching an unidentified exchange was emptied today.

We have intercepted 3 successful partial payment exploit attacks within 1 month, caught in real-time by our systems. Exchanges, please check your implementations. There are bad actors constantly testing for vulnerabilities!

— xrplorer.com (@xrplorer)

okex (责任编辑:admin)
织梦二维码生成器
顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
用户名: 验证码:点击我更换图片
广告位API接口通信错误,查看德得广告获取帮助