Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DerbyCon 2017 - Hacking Blockchains

Aaron Hnatiw
September 24, 2017
Technology
0
1.2k

DerbyCon 2017 - Hacking Blockchains

This talk covers the fundamentals of blockchain technology, and shows how anyone in the security industry can begin hacking and securing blockchain technology and cryptocurrencies.

Aaron Hnatiw

September 24, 2017
Tweet

More Decks by Aaron Hnatiw

See All by Aaron Hnatiw
ToorCon 2017 - How To Move Mountains
insp3ctre
0
88
CircleCityCon 2017 - Security Training: Making your weakest link the strongest
insp3ctre
0
41
Racing the Web - Hackfest 2016
insp3ctre
1
200

Other Decks in Technology

See All in Technology
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
190
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
340
MapLibreとAmazon Location Service
dayjournal
1
140
On Your Data を超えていく!
hirotomotaguchi
2
630
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
4
110
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
2
360
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
990
反実仮想機械学習とは何か
usaito
PRO
8
3k
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
280
Oracle Cloud Infrastructure:2024年4月度サービス・アップデート
oracle4engineer
PRO
1
180
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
150
Databricks:『生成AI World Cup』のご案内
databricksjapan
2
170

Featured

See All Featured
Adopting Sorbet at Scale
ufuk
67
8.6k
YesSQL, Process and Tooling at Scale
rocio
163
13k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
Automating Front-end Workflow
addyosmani
1355
200k
RailsConf 2023
tenderlove
2
540
GraphQLとの向き合い方2022年版
quramy
31
12k
The Power of CSS Pseudo Elements
geoffreycrofte
59
5k
Bootstrapping a Software Product
garrettdimon
PRO
301
110k
Debugging Ruby Performance
tmm1
70
11k
How STYLIGHT went responsive
nonsquared
92
4.8k
Fireside Chat
paigeccino
20
2.6k
Optimizing for Happiness
mojombo
370
69k

Transcript

  1. Hacking Blockchains Aaron Hnatiw [email protected] Twitter: @insp3ctre www.securitycompass.com

  2. Senior Security Researcher, Security Compass Aaron Hnatiw • College professor

    of application security • Developer • System administrator • Security consultant • Network security engineer Twitter: @insp3ctre

  3. What is this talk about? @insp3ctre

  4. Topics 1. Blockchain 2. Cryptocurrencies 3. Other uses 4. Security

    @insp3ctre

  5. What is a blockchain? @insp3ctre

  6. Literally a chain of blocks @insp3ctre

  7. A distributed ledger @insp3ctre (A high-integrity, irreversible database)

  8. Cryptocurrencies @insp3ctre

  9. Bitcoin @insp3ctre

  10. Bitcoin @insp3ctre http://nakamotoinstitute.org/literature/

  11. Requirements of Bitcoin @insp3ctre

  12. Requirements of Bitcoin 1. Private @insp3ctre

  13. Requirements of Bitcoin 1. Private 2. Anonymous @insp3ctre

  14. Requirements of Bitcoin 1. Private 2. Anonymous 3. Censorship-resistent @insp3ctre

  15. Requirements of Bitcoin 1. Private 2. Anonymous 3. Censorship-resistent 4.

    Byzantine attack resilience @insp3ctre

  16. Requirements of Bitcoin 1. Private 2. Anonymous 3. Censorship-resistent 4.

    Byzantine attack resilience 5. Decentralized @insp3ctre

  17. How It Works @insp3ctre

  18. How It Works 1. Broadcast @insp3ctre

  19. How It Works 1. Broadcast 2. Collect @insp3ctre

  20. How It Works 1. Broadcast 2. Collect 3. Proof-of-work @insp3ctre

  21. How It Works 1. Broadcast 2. Collect 3. Proof-of-work @insp3ctre

    Hash(prev_block_id, transactions, nonce) <= t?

  22. How It Works 1. Broadcast 2. Collect 3. Proof-of-work @insp3ctre

    Hash(prev_block_id, transactions, nonce) <= t? t = 922724699725.9628

  23. How It Works 1. Broadcast 2. Collect 3. Proof-of-work @insp3ctre

    Hash(prev_block_id, transactions, nonce) <= t? t = 922724699725.9628 Odds of being right: 1/(2^256 - t)
 1/(≈ 0.0012 × the number of atoms in the visible universe)

  24. How It Works 1. Broadcast 2. Collect 3. Proof-of-work @insp3ctre

    Hash(prev_block_id, transactions, nonce) <= t? t = 922724699725.9628 Odds of being right: 1/(2^256 - t)
 1/(≈ 0.0012 × the number of atoms in the visible universe)

  25. How It Works 1. Broadcast 2. Collect 3. Proof-of-work 4.

    Broadcast @insp3ctre Hash(prev_block_id, transactions, nonce) <= t? t = 922724699725.9628 Odds of being right: 1/(2^256 - t)
 1/(≈ 0.0012 × the number of atoms in the visible universe)

  26. How It Works 1. Broadcast 2. Collect 3. Proof-of-work 4.

    Broadcast 5. Acceptable? @insp3ctre

  27. How It Works 1. Broadcast 2. Collect 3. Proof-of-work 4.

    Broadcast 5. Acceptable? 6. Reward @insp3ctre

  28. How It Works 1. Broadcast 2. Collect 3. Proof-of-work 4.

    Broadcast 5. Acceptable? 6. Reward 7. Next block @insp3ctre

  29. @insp3ctre https://blockchain.info/ http://www.bitcoinblockhalf.com/

  30. Altcoins @insp3ctre

  31. Altcoins @insp3ctre

  32. Altcoins • “Colored coins”: represent shares or asset; built on

    Bitcoin @insp3ctre

  33. Altcoins • “Colored coins”: represent shares or asset; built on

    Bitcoin • dogecoin: faster block time @insp3ctre

  34. Altcoins • “Colored coins”: represent shares or asset; built on

    Bitcoin • dogecoin: faster block time • litecoin: higher memory to defeat ASICs @insp3ctre

  35. Altcoins • “Colored coins”: represent shares or asset; built on

    Bitcoin • dogecoin: faster block time • litecoin: higher memory to defeat ASICs • peercoin: first proof-of-stake @insp3ctre

  36. Altcoins • “Colored coins”: represent shares or asset; built on

    Bitcoin • dogecoin: faster block time • litecoin: higher memory to defeat ASICs • peercoin: first proof-of-stake • primecoin: proof is finding special primes for science @insp3ctre

  37. Altcoins • “Colored coins”: represent shares or asset; built on

    Bitcoin • dogecoin: faster block time • litecoin: higher memory to defeat ASICs • peercoin: first proof-of-stake • primecoin: proof is finding special primes for science • darkcoin/dash: 11 different hashing algorithms strung together, trying to defeat ASICs @insp3ctre

  38. Altcoins • “Colored coins”: represent shares or asset; built on

    Bitcoin • dogecoin: faster block time • litecoin: higher memory to defeat ASICs • peercoin: first proof-of-stake • primecoin: proof is finding special primes for science • darkcoin/dash: 11 different hashing algorithms strung together, trying to defeat ASICs • monero: transactions are private @insp3ctre

  39. Altcoins • “Colored coins”: represent shares or asset; built on

    Bitcoin • dogecoin: faster block time • litecoin: higher memory to defeat ASICs • peercoin: first proof-of-stake • primecoin: proof is finding special primes for science • darkcoin/dash: 11 different hashing algorithms strung together, trying to defeat ASICs • monero: transactions are private • Zcash: zero-knowledge proofs; completely anonymous, thus very popular with ransomware @insp3ctre

  40. Ethereum @insp3ctre Currency and beyond...

  41. Currency: Ether @insp3ctre https://www.coinbase.com/charts

  42. EVM
 The “world computer” @insp3ctre

  43. EVM
 The “world computer” @insp3ctre Smart contracts

  44. EVM
 The “world computer” @insp3ctre Smart contracts DAOs

  45. EVM
 The “world computer” @insp3ctre Smart contracts DAOs ICOs

  46. Other uses @insp3ctre

  47. Other uses @insp3ctre

  48. Other uses • Voting @insp3ctre

  49. Other uses • Voting • Tracking digital assets @insp3ctre

  50. Other uses • Voting • Tracking digital assets • Tracking

    physical goods @insp3ctre

  51. Other uses • Voting • Tracking digital assets • Tracking

    physical goods • Commodities @insp3ctre

  52. Other uses • Voting • Tracking digital assets • Tracking

    physical goods • Commodities • “Pegged sidechains” @insp3ctre

  53. Other uses • Voting • Tracking digital assets • Tracking

    physical goods • Commodities • “Pegged sidechains” • Decentralized file storage @insp3ctre

  54. Many more... @insp3ctre

  55. Security @insp3ctre

  56. Majority ledger @insp3ctre 49% 51%

  57. Double spend @insp3ctre https://www.coinprices.io/articles/ghash-io-the-double-spend-threat

  58. Private key brute-force
 (collision) @insp3ctre

  59. Private key brute-force
 (collision) @insp3ctre 1/1461501637330902918203684832716283019655932542976

  60. Wallet correlation @insp3ctre http://xkcd.com/552/

  61. Wallet correlation @insp3ctre https://99bitcoins.com/know-more-using-bitcoin-anonymously/

  62. Wallet correlation @insp3ctre http://www.bit-cluster.com/ (Mathieu Lavoie & David Décary-Hétu)

  63. Smart contracts appsec @insp3ctre

  64. Smart contract analysis tools @insp3ctre

  65. Smart contract analysis tools @insp3ctre • Porosity

  66. Smart contract analysis tools @insp3ctre • Porosity • evmdis

  67. Smart contract analysis tools @insp3ctre • Porosity • evmdis •

    Securify

  68. Smart contract analysis tools @insp3ctre • Porosity • evmdis •

    Securify • Oyente

  69. Smart contract analysis tools @insp3ctre • Porosity • evmdis •

    Securify • Oyente • Dr. Y's Ethereum Contract Analyzer

  70. Audit @insp3ctre https://cryptoconsortium.github.io/CCSS/

  71. Audit @insp3ctre

  72. The usual suspects @insp3ctre

  73. The usual suspects @insp3ctre • Hacked website, funding address swapped

    before ICO (Coindash)

  74. The usual suspects @insp3ctre • Hacked website, funding address swapped

    before ICO (Coindash) • SQLi (Coinwallet; service shut down after)

  75. The usual suspects @insp3ctre • Hacked website, funding address swapped

    before ICO (Coindash) • SQLi (Coinwallet; service shut down after) • Insider threat (Shapeshift.io)

  76. The usual suspects @insp3ctre • Hacked website, funding address swapped

    before ICO (Coindash) • SQLi (Coinwallet; service shut down after) • Insider threat (Shapeshift.io) • Backdoor in dependency code (Cryptsy)

  77. The usual suspects @insp3ctre • Hacked website, funding address swapped

    before ICO (Coindash) • SQLi (Coinwallet; service shut down after) • Insider threat (Shapeshift.io) • Backdoor in dependency code (Cryptsy) • Spearphishing (Bitpay)

  78. The usual suspects @insp3ctre • Hacked website, funding address swapped

    before ICO (Coindash) • SQLi (Coinwallet; service shut down after) • Insider threat (Shapeshift.io) • Backdoor in dependency code (Cryptsy) • Spearphishing (Bitpay) • Wordpress hack, pivot to database access (Allcrypt)

  79. The usual suspects @insp3ctre • Hacked website, funding address swapped

    before ICO (Coindash) • SQLi (Coinwallet; service shut down after) • Insider threat (Shapeshift.io) • Backdoor in dependency code (Cryptsy) • Spearphishing (Bitpay) • Wordpress hack, pivot to database access (Allcrypt) • Web application race condition (Cryptoine)

  80. insp3ct.re/blog/blockchain-security-reference-guide/ Aaron Hnatiw [email protected] Twitter: @insp3ctre www.securitycompass.com Get started hacking

    blockchains!