2021/08/11 區塊鏈 Poly Network 遭駭

 DeFi最大「駭」聞!跨鏈協議Poly Network遭盜6億美金,以太坊、BSC、Polygon資產遭殃

https://www.abmedia.io/20210810-poly-network-hack


駭客自問自答 

Poly Network 駭客自問自答!公開攻擊原因與過程中的心路歷程

https://zombit.info/poly-network-hackers-ask-themselves-questions/


隱藏的聊天室 Ethereum Transactions Information

https://etherscan.io/txs?a=0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963&p=33


HEX to String - https://codebeautify.org/hex-string-converter


其中一名網友就提醒駭客別動 USDT 因為已經被凍結。

https://etherscan.io/tx/0xae2442c5b5721df8c190fd8f59b53b6dc56a875fb03035ad34276a598ddf7d31


Input Data:

0x444f4e542055534520594f5552205553445420544f4b454e0a594f5520564520474f5420424c41434b4c4953544544


View Input As UTF-8:

DONT USE YOUR USDT TOKEN

YOU VE GOT BLACKLISTED


隨後被賞賜了 13.37  ETH 作為回禮。

https://etherscan.io/tx/0xdf3afc47c7914e06ddb1be19afcd769e558111d353e55273a62c4a96e6a6090f



後續便引來一堆無聊吃瓜者也向駭客尋求打賞。

https://www.blocktempo.com/poly-network-611-million-massive-cross-chain-hack/



自己Q & A, PART TWO:


https://etherscan.io/tx/0xd4ee4807c07702a3202f45666983855d7fa22eb1c230e4c1e840fc9389e54729

Input Data:

Q & A, PART TWO:


Q: WHAT REALLY HAPPENED 30 HOURS AGO?

A: LONG STORY.


BELIEVE IT OR NOT, I WAS _FORCED_ TO PLAY THE GAME.


THE POLY NETWORK IS A SOPHISTICATED SYSTEM, I DIDN'T MANAGE TO BUILD A LOCAL TESTING ENVIRONMENT. I FAILED TO PRODUCE A POC AT THE BEGINNING. HOWEVER, THE AHA MOMEMNT CAME JUST BEFORE I WAS TO GIVE UP. AFTER DEBUGGING ALL NIGHT, I CRAFTED A _SINGLE_ MESSAGE TO THE ONTOLOGY NETWORK.


I WAS PLANNING TO LAUNCH A COOL BLITZKRIEG TO TAKE OVER THE FOUR NETWORK: ETH, BSC, POLYGON & HECO. HOWEVER THE HECO NETWORK GOES WRONG! THE RELAYER DOES NOT BEHAVE LIKE THE OTHERS, A KEEPER JUST RELAYED MY EXPLOIT DIRECTLY, AND THE KEY WAS UPDATED TO SOME WRONG PARAMETERS. IT RUINED MY PLAN.


I SHOULD HAVE STOPPED AT THAT MOMENT, BUT I DECIDED TO LET THE SHOW GO ON! WHAT IF THEY PATCH THE BUG SECRETLY WITHOUT ANY NOTIFICATION?


HOWEVER, I DIDN'T WANT TO CAUSE _REAL_ PANIC OF THE CRYPTO WORLD. SO I CHOSE TO IGNORE SHIT COINS, SO PEOPLE DIDN'T HAVE TO WORRY ABOUT THEM GOING TO ZERO. I TOOK IMPORTANT TOKENS (EXCEPT FOR SHIB) AND DIDN'T SELL ANY OF THEM.


Q: THEN WHY SELLING/SWAPPING THE STABLES?

A: I WAS PISSED BY THE POLY TEAM FOR THEIR INITIAL REPONSE.


THEY URGED OTHERS TO BLAME & HATE ME BEFORE I HAD ANY CHANCE TO REPLY! OF COURSE I KNEW THERE ARE FAKE DEFI COINS, BUT I DIDN'T TAKE IT SERIOUSLY SINCE I HAD NO PLAN LAUNDERING THEM.


IN THE MEANWHILE, DEPOSITING THE STABLES COULD EARN SOME INTEREST TO COVER POTENTIAL COST SO THAT I HAVE MORE TIME TO NEGOTIATE WITH THE POLY TEAM.


討錢篇


https://etherscan.io/tx/0x4210113c4db0ec99e6f096d55902118ac24c53afb531221c3f6fc6cee701b8e4


Input Data: 0xe8bf99e698afe68891e79a84e992b1efbc8ce8afb7e4bda0e8bf98e7bb99e68891

UTF-8: 这是我的钱,请你还给我

留言

張貼留言

這個網誌中的熱門文章

Log查詢指令快速上手

通常Linux Server 只有 Terminal 視窗的時候,這時候就需要善用指令快速找到相關的Log。 實際情境是發現遭到駭客掃描,所以進行LOG查找確認。 這邊以 Apache Web Server Log 為例:  //尋找 access.log.4.gz 檔含有 '26/Jul/2021:00:23' 字串的 log zgrep '26/Jul/2021:00:23' access.log.4.gz //尋找當前目錄的所有壓縮檔案含有 '26/Jul/2021:00:23' 字串的 log zgrep '26/Jul/2021:00:23' * //尋找開頭為 access.log 的所有壓縮檔案含有"非" '52.xx.xx.92' 字串的 log zgrep -v '52.xx.xx.92' access.log* //尋找開頭為 access.log 的所有壓縮檔案含有"非" '52.xx.xx.92' 且含不分大小寫 'phpmyadmin' 字串的 log zgrep -v '52.xx.xx.92' access.log* | grep -i 'phpmyadmin' //尋找開頭為 access.log 的所有壓縮檔案含有"非" '52.xx.xx.92' 且含"非" '200' 字串的 log zgrep -v '52.xx.xx.92' access.log* | grep -v '200'
閱讀完整內容