DEF CON 32聚焦：CertiK安全工程师揭秘dApp的安全挑战

币界网2024-08-15 tarihinde yayınlandı2024-08-15 tarihinde güncellendi

币界网报道：

8月10日，CertiK的安全工程师Wang Peiyu在DEF CON 32会上发表了题为“Web2遇见Web3：黑客攻击去中心化应用”的演讲，通过Dapp漏洞和攻击手段的真实示例，深入分析了Web2与Web3集成所带来的新型安全问题，并提出了如何识别和防范这些风险。

演讲不仅揭示了去中心化应用（dApp）所面临的独特安全挑战，还分享了CertiK安全工程师Wang Peiyu在dApps渗透测试过程中积累的宝贵经验。他强调了恶意行为者如何利用dApps的漏洞，通过窃取种子短语、私钥、签名和API密钥等敏感信息来控制加密资产和托管人，进而操纵合约状态。

此外，演讲还深入讨论了dApp威胁建模，通过一系列实际案例，展示了客户端和服务器端的常见漏洞，包括跨站脚本攻击（XSS）、子域接管、DNS劫持、供应链攻击以及服务器配置错误等。他还提出了几个关键的安全建议，包括进行渗透测试和智能合约审计，以确保dApps的安全性。他强调，开发者需要对Web2和Web3的安全知识有全面的了解，以防止漏洞的引入，并保护用户资产不受侵害。

DEF CON是历史悠久的年度黑客大会之一，自1993年首次举办以来，一直面向白帽黑客群体举办，以其前沿的演讲、研讨会和竞赛而闻名。今年，CertiK的安全工程师Wang Peiyu受到特别邀请，参与了这场盛会，与全球网络安全领域的顶尖专家一道，深入探讨并分享了最新的安全技术进展和行业趋势。

İlgili Okumalar

After 4 Months, Polymarket Helped Trump Catch the Military Operation Leaker, But at a Cost...

A U.S. Marine Corps sergeant, Gannon Ken Van Dyke, was arrested by the Department of Justice for insider trading on Polymarket, a prediction market platform. Van Dyke allegedly placed bets totaling $33,933 on events related to a U.S. military operation in Venezuela, including the ousting of President Maduro, before the action occurred in January 2026. He profited over $409,000, a return of more than 1200%. This case marks the first U.S. crackdown on insider trading using confidential government information in prediction markets. Two other addresses also profited from insider knowledge, earning a combined $630,400. In response, Polymarket introduced stricter market integrity rules in March, explicitly banning insider trading, including the use of stolen confidential information or trades by individuals who can influence event outcomes. The platform has implemented monitoring systems and may ban addresses, pursue legal action, or refer cases to authorities. While these measures enhance regulatory compliance, they may reduce Polymarket's edge in forecasting events through early information and raise user concerns about account freezes and financial security. The balance between preventing abuse and maintaining platform freedom remains a challenge.

marsbit8 dk önce

After 4 Months, Polymarket Helped Trump Catch the Military Operation Leaker, But at a Cost...

U.S. Army Sergeant Gannon Ken Van Dyke was arrested by the Department of Justice after allegedly using insider information to profit over $409,000 on Polymarket, a prediction market platform. He placed bets totaling $33,933 on events such as whether Venezuelan President Maduro would be ousted and if the U.S. would launch a military operation in Venezuela—events he had advance knowledge of due to his involvement in the military operation that captured Maduro in early January 2026. This case marks the first U.S. crackdown on insider trading within prediction markets. Polymarket had recently strengthened its market integrity rules, explicitly prohibiting trades based on stolen confidential information, illegal insider knowledge, or by individuals capable of influencing event outcomes. The platform has implemented monitoring systems and may ban addresses, pursue legal action, or refer cases to law enforcement. While insider trading had previously contributed to Polymarket’s reputation for early event pricing, the platform now faces a trade-off: stricter enforcement may reduce insider-driven activity and protect regulatory standing, but it could also diminish market foresight and user trust, particularly around address bans and financial security.

Odaily星球日报15 dk önce

DeepSeek No Longer Wants to Focus Only on Large Models

DeepSeek, a leading Chinese AI company, has released its new model series DeepSeek-V4, featuring two versions: the high-performance V4-Pro with 1.6 trillion parameters and the cost-efficient V4-Flash. Both support 1 million token context windows and use Mixture-of-Experts (MoE) architecture to improve efficiency. The company continues its strategy of offering competitive pricing, with input tokens priced as low as ¥0.2 per million tokens. A key revelation is DeepSeek’s explicit link between future price reductions and the mass availability of Huawei’s Ascend 950 AI chips in the second half of the year. This signals a strategic shift from relying solely on algorithmic and engineering optimizations to integrating domestic computing power into its core cost structure. DeepSeek has adapted its inference system to run efficiently on both NVIDIA GPUs and Huawei NPUs, potentially challenging NVIDIA's CUDA ecosystem dominance. Concurrently, DeepSeek is reportedly seeking significant external investment, with a pre-money valuation of around ¥300 billion. This move highlights growing pressures in scaling compute infrastructure, retaining top talent—amid recent departures of key researchers—and accelerating commercialization efforts. The company has also updated its consumer app with tiered model access, indicating a stronger product focus. The V4 release underscores that China's AI competition is evolving beyond pure model capability into a broader contest involving compute supply chains, engineering systems, financing, and talent strategy.

marsbit17 dk önce

DeepSeek No Longer Wants to Focus Only on Large Models

marsbit17 dk önce

Here’s Why Ethereum Is Gaining Recognition As The Core Settlement Layer For On-Chain Finance

Ethereum is increasingly recognized as the core settlement layer for on-chain finance, driven by a significant surge in network activity and stablecoin transfer volumes. Since early 2026, stablecoin transfers on Ethereum have increased by over 119.3%, with volumes consistently ranging between $500 billion and $900 billion and occasionally peaking at $1 trillion. This growth underscores Ethereum's capacity to handle large-scale financial transactions and reinforces its role in bridging traditional finance with blockchain infrastructure. Concurrently, Ethereum's price is at a critical juncture, trading near its Realized Price of $2,340—a historically significant level that has acted as a support floor for macro expansions. While the price recently dipped to $2,314, analysts suggest that holding above this level could signal a transition into a high-conviction bullish phase.

bitcoinist29 dk önce

Here’s Why Ethereum Is Gaining Recognition As The Core Settlement Layer For On-Chain Finance

bitcoinist29 dk önce

AI Defeated Intel, and AI Saved Intel

Intel, once the dominant force in semiconductors with its CPUs powering the PC era, faced a severe crisis by 2024. Its stock plummeted 60% that year, culminating in its removal from the Dow Jones Industrial Average, replaced by NVIDIA—a shift symbolizing the transition from CPU to GPU dominance in the AI training era. Intel’s decline was driven by missed opportunities in mobile and AI, exacerbated by strategic missteps under multiple CEOs. In 2025, new CEO Lip-Bu Tan took over, implementing a turnaround strategy: drastic cost-cutting, refocusing on core areas like Xeon server CPUs and foundry services, and forging key partnerships. NVIDIA invested $5 billion in Intel, Google expanded orders for Xeon processors, and Elon Musk integrated Intel into his Terafab project. These moves, coupled with the AI industry’s shift from training to inference, revitalized demand for CPUs, which are critical for task orchestration in agent-based workloads. By Q1 2026, Intel’s revenue grew 7% year-over-year, with non-GAAP net income surging 156%. However, challenges remain, including ongoing losses and the need to scale advanced manufacturing processes. Intel’s recovery, while promising, hinges on sustaining this momentum in a rapidly evolving market.

marsbit30 dk önce

marsbit30 dk önce

İşlemler

Spot

Futures