WingNews logo WingNews
top | item 37935009

(no title)

jbaczuk | 2 years ago

lol

> In response to questions from KrebsOnSecurity, the BNB Smart Chain (BSC) said its team is aware of the malware abusing its blockchain, and is actively addressing the issue. The company said all addresses associated with the spread of the malware have been blacklisted, and that its technicians had developed a model to detect future smart contracts that use similar methods to host malicious scripts.

Earlier in the article it said

> Due to the publicly accessible and unchangeable nature of the blockchain, code can be hosted ‘on-chain’ without the ability for a takedown... “So you get a free, untracked, and robust way to get your data (the malicious payload) without leaving traces,” Tal said.

Make up your mind...

It's not robust since you have to use an API (i.e. Binance API) to access the blockchain from a compromised website, then Binance can effectively "take it down" by blocking access via the API.

Now if they made the compromised website talk directly to the node on the blockchain network that would be different. Except, why not just host the malware on the website in the first place...

discuss

order

numtel|2 years ago

Anybody can spin up a mirror node, even on the mostly centralized BSC. This is just a misunderstanding.

Every public blockchain works this way afaik. I've even made a site for hosting webpages on Optimism: https://newgeocities.com

The real discussion imo is that blockchain node operators should be pressured to respond to concerns about unwanted content. There's no reason they can't coordinate on filters in the same way Ethereum validators use Flashbots to ignore Tornado Cash transactions. Although I hope they can find a better solution than blocking entire contracts because it's really nice to write a simple contract for data storage. Remember: a contract is a protocol, not a program. The validators follow the instructions but it's more like a database schema to which people submit conforming messages. As the contract creator, you're just publishing your code on chain. Each user takes responsibility for their own data.

jbaczuk|2 years ago

seems like "blockchain" has nothing to do with it... they could just host the file on a server they do control. "Blockchains" aren't magic.

miohtama|2 years ago

Running a BNB Smart Chain full node requires 16 TB fast NVMe disk. "Anybody" cannot do it.

yieldcrv|2 years ago

the code is still on BSC blockchain and any node will still return the information in those addresses

even binance operated nodes

the only thing Binance did was do the exact same thing that Cloudflare did, both on their HTTP routes. Binance just had one for convenience and to attract use of their blockchain, which … worked?

its actually lazy and amateurish that the hackers are using HTTP to access this code on the blockchain, they dont have to