In the past, the price of cryptocurrency, such as a roller coaster, has attracted many amaranths to enter the market, and it has also affected the information security industry. A large number of engineers have designed software and hardware systems that specifically dig cryptocurrencies. Of course, hackers are not willing to show weakness, and various cryptocurrency attacks are also emerging. In talking about the series of hacker hacks, I will explain in detail how the cryptocurrency economy and various players benefit from it.
Although a variety of new virtual currencies come out every day, Bitcoin is still the most famous. Nakamoto said in the Bitcoin white paper that Bitcoin is a distributed database, and the computer participating in the record helps the database to record transactions in which Bitcoin ownership is in different accounts. The transaction information of the account is recorded in the block, and the history of the transaction is calculated by the hash algorithm and concatenated in a chain.
All participating computers, also called “nodes”, will only use the longest chain of records that reach consensus. Since the design uses hash encryption algorithms and consensus mechanisms, the cost of transactions in the forged blockchain becomes extremely high. Therefore, the cryptocurrency headed by Bitcoin has a high degree of security in recording account transactions. In other words, Bitcoin is not a real physical currency, it is simply a database of books that records transactions between different accounts in the system.
In order to encourage more nodes (that is, computers) to participate in the recording of various transactions in the Bitcoin system, Nakamoto has designed an incentive mechanism: according to the system, each time the node that calculates the optimal result will receive a part of the bitcoin reward accordingly. The more computational power a node contributes, the more likely it is to get the bitcoin stimulus. That's why Bitcoin uses the “workload proof” mechanism. Another commonly used incentive mechanism is called “Equity Proof” (used by Ethereum).
Finding the best hash value in the virtual world of mathematics is like gold mining in the real world, although it is not easy but the return is very rich. So in the cryptocurrency economy, the contribution of computing power to calculate the hash function to finally obtain the cryptocurrency is called “drilling”, and the programmer behind this operation is called “miner”, programmer The specialized mining equipment used is called “mine machine”, and many mining miners mine the place called “minefield”.
Computational power competition
In fact, cryptocurrency mining is a big competition. The more computational power you can calculate, the more hashes you have, which means there is a greater likelihood of getting a bitcoin reward. Therefore, more and more people are beginning to develop super-high-powered mining machines.
In 2008, when bitcoin was first introduced, the central processing units (CPUs) on your computer could mine without pressure. Not long after, you may need more powerful field-programmable gate arrays (FPGAs) or high-powered devices such as GPUs to dig into Bitcoin. Now, without the special integrated circuits (ASICs) miners designed specifically for mining, you can hardly dig into Bitcoin.
Bit Continental Ant Mining Machine S9
Since each mine needs to consume kilowatts of electricity, the huge electricity bill is the biggest expense in mining costs. Hundreds of mining machines were packed into containers and pulled around by the trucks. They were not looking for places with cheap electricity and good network connections. You will find that many mines are in the vicinity of large data centers, because the mines are actually a data center, but it only does one thing, that is, the hash value.
Due to the explosive growth of Bitcoin's entire network, a small amount of mining power has been unable to obtain block rewards from the Bitcoin network. Therefore, an operation that combines a small amount of computing power with joint mining has emerged.
When a large number of mining machines in the mine are plugged in, they will not directly access the Bitcoin network, but will be connected to a joint mining website. The currency circle is called “mine pool”. The mining pool collects the hash calculation results of each mining machine and then distributes them to different mining machines for calculation verification. If there is more mining machine in a mining pool, it can calculate the more hash value, which represents a greater possibility to get Bitcoin rewards. The mining pool will divide the winning bitcoin equally to all the miners who contribute to the computing power.
By the way, the mining machine can work for multiple mine pools. If a mine does not assign a hash calculation to your mine, the mine will calculate the hash with another mine. This efficient design ensures that the mining machine's computing power is maximized.
How much does it cost to mine? The costs of the three aspects need to be considered:
1. Fixed costs such as mining machines and mine facilities.
2. Maintenance costs for mine staff and networks.
3. Electricity charges.
Among them, electricity bills are the bulk of the cost. As an example of the Bit Continental Ant Mining Machine S9, an S9 requires approximately 13,000 kWh of electricity a year. If you refer to the average US electricity bill, the electricity is 0.1262 US dollars per kWh (converted to RMB 8.1 per kWh). A year's electricity bill for a mining machine is $1,658 (approximately equal to RMB 100,000). Electricity costs are often the key to determining whether a mine is profitable compared to other costs.
In order to make a profit, mine owners are constantly looking for cheap power sources around the world. Compared to the costly mining, hackers often try to steal the bitcoin block reward fruit directly. Let's talk about some hackers stealing bitcoin.
Hacking stealing virtual currency is similar to stealing Q coins and other online trading currencies. The most direct and violent means is to directly hack into your virtual currency wallet and then transfer the money in your wallet to the hacker's account. After the mining machine has successfully tapped the coin, it will receive a bitcoin reward, which will be directly transferred to the wallet address of the mining machine. The hacker will sneak into your mining machine and change the wallet address that receives the reward in the configuration directly to your own. In this way, your mining machine has worked hard to dig a large amount of electricity to dig into the pocket of the hacker.
As I said before, most of the mining machines are now concentrating on mining for the mining pool. The bitcoin rewards received by the mining pool will be shared with the mining machines involved in mining. In this case, the hacker will adopt a common “man-in-the-middle attack” technique: control the data communication between the mining machine and the mining pool, and directly tamper with the address of the mining machine receiving the reward of the mining pool as the hacker's own wallet address.
Another way to attack is to attack the mine directly. Since the mine pool is essentially a website, the hacker will try to get the administrator rights of the mine pool website and then transfer the virtual currency in the mine pool to his own account. You may ask, blockchain is a distributed ledger, shouldn't it be safe? Note that (the blackboard) the account in the mining pool is not connected to the blockchain system, so if you receive the Bitcoin reward on the account of the mine, remember to check if the coins are also transferred to you. In the wallet address on the chain.
Although not every hacker can black into the mining machine and the mining pool, but the hacker's innovation will always bring new ways of attack.
Some hackers will steal the power of the device to steal coins through indirect black IoT devices. I wonder if you still remember that at the end of 2016, tens of thousands of cameras attacked the US Internet domain name resolution service provider, which led to the Mirai botnet attack in the United States. Despite the very big impact of this DDoS attack, the hackers behind Mirai didn't get much benefit at the time.
As the financial strength of the currency circle has grown rapidly, more and more hackers of the classical Internet have also transformed into hackers.
The Internet of Things botnet no longer focuses on DDoS attacks, but instead turns to the power of the device to dig the virtual currency. Although IoT devices infected by botnets (mostly networked cameras with weak passwords) cannot be compared to professional Bitcoin miners with ASIC chips, these IoT devices can be effectively used to dig other popular Virtual currency, such as Monroe, which has a low market value.
It is worth mentioning that many users of IoT devices do not know that their devices are being used by hackers to mine. These connected devices will work normally, the printer will print normally, the camera will still monitor normally, and the Wi-Fi router will work normally. So from the user's point of view, it's hard to find yourself hacked. The only exception is that the power consumption of these devices is greatly increased and the network traffic will be different, but these are not easily found by users.
Currently, browsers are still popular in the market. In fact, hackers inject large-flow websites into mining scripts. When the user browses the infected web page, the script will automatically run in the browser, and then the hacker can control the computing power in the user's computer to mine.