Delivery
0 comments 0 comments DeFi attack damage again: Difference between hacking and exploit [Opinion]
Hacking vs Exploit
"A black hat hacker is a criminal who enters a computer network with malicious intent," explains an expert at cybersecurity firm Kaspersky. do. They use malware, steal passwords, and exploit code vulnerabilities for "selfish" or "ideological" reasons. On the other hand, white hat hackers, also known as "ethical hackers" or "good hackers," do the opposite. According to Kaspersky, "they deploy exploits to computer systems and networks to identify security flaws and provide recommendations for remediation." Because of the way cryptocurrency networks work, it's often unclear who is launching an attack. Users are displayed as long gibberish strings of numbers and letters, their pasts boiled down to a series of transactions leading to their addresses. Such a system also has certain advantages. Even if the platform doesn't know who the "customer" is, all transactions are recorded on-chain and anyone can verify which coin belongs to whom. This is how DeFi exploits often get bogged down. Exchanges used as on/off ramps to the crypto economy can blacklist stolen coins, rendering such coins of zero utility or value. That may be why stolen funds were returned in some of the most famous exploits. Last August, for example, hackers at Poly Network returned most of the $610 million they stole, describing it as a "white hat hack" to expose a dangerous bug. This may amount to revision of history. So is it an afterthought excuse for an attack that ultimately didn't work? That may be about to happen again. I don't know the intentions of the person who launched the attack on Wormhole, but Wormhole is asking you to accept the $10 million trade-off. In some ways, the system favors the attacker. When code is used literally, ignoring the purpose for which it was written, engineers call it an "exploit." Code takes precedence over human action, so human errors, such as typos leading to wrong transactions, or gaping gaping security flaws, are explained as natural processes in code. Only when the code is rewritten or broken does the attack reach the level of what is called a "hack". There is an important technical difference between this hack and the exploit. In the gaming industry where these terms originated, "hacking" a game to gain an unfair advantage may be frowned upon, and "exploiting" finding loopholes in a game may be something to brag about. It's probably safe to say that the attack on Wormhole wasn't planned or intended by Wormhole. There is a mistake in the code that has been overlooked and is being resolved. It may have something to do with the “fundamental security limitations of bridges” that Ethereum creator Vitalik Buterin pointed out in a blog a few weeks ago. The attackers conducted a series of transactions in such a way that the wormhole's smart contract confused the rogue wETH with the real thing. There was a loophole that could be exploited by someone with vast knowledge and time. Some might see this attack as a contribution to the overall knowledge of cryptocurrencies. He argues that such a process could ultimately lead to "unhackable code," as any smart contract could be "a bounty offer worth millions of dollars for bugs." There are even people So it's worth asking yourself if the terminology the crypto industry uses to describe its myriad vulnerabilities (risks stacked on top of each other) contributes to the great hacking industry. deaf. I wonder if we are easily ambiguous in the definition of words. |Translation and editing: Akiko Yamaguchi, Shigeru Sato|Image: Shutterstock|Text: Calling a Hack an Exploit Minimizes Human Error
CoinDesk Japan Editorial Department
Last Update: CoinDesk Japan