门罗币(XMR)锁定转账攻击细节分析

By:ISME/img/20230516004350073269/1.jpg "/>

腾讯御见：数万台MSSQL服务器遭入侵沦为门罗币矿机:腾讯安全威胁情报中心检测到针对MSSQL服务器攻击的挖矿木马，该挖矿木马主要针对MS SQL服务进行爆破弱口令攻击，爆破成功后会植入门罗币挖矿木马进行挖矿。从挖矿木马的HFS服务器计数看，已有上万台MSSQL服务器被植入挖矿木马，另有数十台服务器被安装后门。[2020/7/29]

文章链接：

https://hackerone.com/reports/417515

附：以下内容为官方文档摘录

get_transfers

Returnsalistoftransfers.

Alias:?None.

Inputs:

in?-boolean;??(Optional)Includeincomingtransfers.

out?-boolean;??(Optional)Includeoutgoingtransfers.

pending?-boolean;??(Optional)Includependingtransfers.

failed?-boolean;??(Optional)Includefailedtransfers.

pool?-boolean;??(Optional)Includetransfersfromthedaemon'stransactionpool.

filter_by_height?-boolean;??(Optional)Filtertransfersbyblockheight.

min_height?-unsigned??int;(Optional)Minimumblockheighttoscanfortransfers,iffiltering??byheightisenabled.

max_height?-unsigned??int;(Opional)Maximumblockheighttoscanfortransfers,iffilteringby??heightisenabled(defaultstomaxblockheight).

account_index?-unsigned??int;(Optional)Indexoftheaccounttoqueryfortransfers.(defaultsto??0)

subaddr_indices?-arrayof??unsignedint;(Optional)Listofsubaddressindicestoqueryfor??transfers.(Defaultstoempty-allindices)

Outputs:

in?arrayof??transfers:

address?-string;???Publicaddressofthetransfer.

amount?-unsigned???int;Amounttransferred.

confirmations?-???unsignedint;Numberofblockminedsincetheblockcontainingthis???transaction(orblockheightatwhichthetransactionshouldbeaddedto???ablockifnotyetconfirmed).

韦氏评级再次评论门罗币隐私功能：技术是中立的:4月9日，加密评级机构韦氏评级（Weiss Crypto Ratings）发推称，如果您使用门罗币（Monero），您的付款将始终对交易各方以外的所有人隐藏。大多数政府都不喜欢XMR。他们担心它的隐私功能会让罪犯和间谍得逞。我们不否认风险是真实存在的。但正如我们在这里反复强调的：技术是中立的。在未来的几年里，这种隐私可能会成为数百万诚实的参与者所要求的基本特征。据悉，韦氏评级曾在4月4日发布过类似评论。[2020/4/10]

double_spend_seen?-???boolean;Trueifthekeyimage(s)forthetransferhavebeenseenbefore.

fee?-???unsignedint;Transactionfeeforthistransfer.

height?-???unsignedint;Heightofthefirstblockthatconfirmedthistransfer(0???ifnotminedyet).

note?-string;???Noteaboutthistransfer.

payment_id?-string;???PaymentIDforthistransfer.

subaddr_index?-JSON???objectcontainingthemajor&minorsubaddressindex:

major?-???unsignedint;Accountindexforthesubaddress.

minor?-???unsignedint;Indexofthesubaddressundertheaccount.

suggested_confirmations_threshold?-???unsignedint;Estimationoftheconfirmationsneededforthetransaction???tobeincludedinablock.

timestamp?-???unsignedint;POSIXtimestampforwhenthistransferwasfirstconfirmed???inablock(ortimestampsubmissionifnotminedyet).

txid?-string;???TransactionIDforthistransfer.

type?-string;???Transfertype:"in"

unlock_time?-unsignedint;Numberofblocksuntiltransferissafely???spendable.

out?arrayof??transfers(seeabove).

pending?arrayof??transfers(seeabove).

failed?arrayof??transfers(seeabove).

pool?arrayoftransfers(seeabove).

Example:

$curl-XPOSThttp://127.0.0.1:18082/json_rpc-d'{"jsonrpc":"2.0","id":"0","method":"get_transfers","params":{"in":true,"account_index":1}}'-H'Content-Type:application/json'

声音 | 美国安全公司：去年以来朝鲜的门罗币挖矿规模增长了至少10倍:美国网络安全公司Recorded Future称，自2019年5月以来，来自朝鲜IP范围的XMR挖矿的网络流量增加了至少10倍，这意味着朝鲜更倾向于挖掘门罗币而非比特币，进而试图利用这种以隐私为中心的加密货币绕过国际制裁。（CryptoGlobe）[2020/2/14]

{

"id":"0",

"jsonrpc":"2.0",

"result":{

"in":[{

"address":"77Vx9cs1VPicFndSVgYUvTdLCJEZw9h81hXLMYsjBCXSJfUehLa9TDW3Ffh45SQa7xb6dUs18mpNxfUhQGqfwXPSMrvKhVp",

"amount":200000000000,

"confirmations":1,

"double_spend_seen":false,

"fee":21650200000,

"height":153624,

"note":"",

"payment_id":"0000000000000000",

"subaddr_index":{

"major":1,

"minor":0

},

"suggested_confirmations_threshold":1,

"timestamp":1535918400,

"txid":"c36258a276018c3a4bc1f195a7fb530f50cd63a4fa765fb7c6f7f49fc051762a",

"type":"in",

"unlock_time":0

}]

}

}

get_payments

Getalistofincomingpaymentsusingagivenpaymentid.

Alias:?None.

Inputs:

payment_id?-string;??PaymentIDusedtofindthepayments(16charactershex).

Outputs:

payments?-listof:

payment_id?-string;???PaymentIDmatchingtheinputparameter.

tx_hash?-string;???TransactionhashusedasthetransactionID.

amount?-unsigned???int;Amountforthispayment.

block_height?-???unsignedint;Heightoftheblockthatfirstconfirmedthispayment.

unlock_time?-unsignedint;Time(inblockheight)until???thispaymentissafetospend.

声音 | 加密研究公司RIAT主管：比特币挖矿集中化 而门罗币不是:加密研究公司RIAT主管Matthias Tarasiewicz表示，最初是由于对艺术的兴趣而被介绍了解到比特币，当时他正在从事一个挖矿项目。Tarasiewicz引用中本聪的原始白皮书称，“单一CPU一票制的想法”随着比特币的增长而受到损害，“ASIC挖矿的可用性”带来了集中化。他指出，因此矿池已经建立，现在比特币的开采过程主要发生在中国。他认为，门罗币（Monero）是一种敢于质疑比特币最大主义者展示的叙事的加密货币。事实上，门罗币正在努力成为一种有效的抗ASIC的货币，这表明社区和开发者愿意进行实验，以保持去中心化和匿名性。据悉，门罗币计划很快在全网络范围内升级，该升级将引入RandomX PoW算法，计划在今年11月底之前完成。（AMBCrypto）[2019/11/29]

subaddr_index?-???subaddressindex:

major?-unsigned???int;Accountindexforthesubaddress.

minor?-???unsignedint;Indexofthesubaddressintheaccount.

address?-string;???Addressreceivingthepayment;Base58representationofthepublickeys.

Example:

$curl-XPOSThttp://127.0.0.1:18082/json_rpc-d'{"jsonrpc":"2.0","id":"0","method":"get_payments","params":{"payment_id":"60900e5603bf96e3"}}'-H'Content-Type:application/json'

{

"id":"0",

"jsonrpc":"2.0",

"result":{

"payments":[{

"address":"55LTR8KniP4LQGJSPtbYDacR7dz8RBFnsfAKMaMuwUNYX6aQbBcovzDPyrQF9KXF9tVU6Xk3K8no1BywnJX6GvZX8yJsXvt",

"amount":1000000000000,

"block_height":127606,

"payment_id":"60900e5603bf96e3",

"subaddr_index":{

"major":0,

"minor":0

},

"tx_hash":"3292e83ad28fc1cc7bc26dbd38862308f4588680fbf93eae3e803cddd1bd614f",

"unlock_time":0

}]

}

}

get_bulk_payments

Getalistofincomingpaymentsusingagivenpaymentid,oralistofpaymentsids,fromagivenheight.Thismethodisthepreferredmethodover?get_paymentsbecauseithasthesamefunctionalitybutismoreextendable.EitherisfineforlookinguptransactionsbyasinglepaymentID.

声音 | 慢雾创始人：因相关细节被“不负责任”地公布，门罗币紧急发布修复版本:区块链安全公司慢雾创始人余弦在微博称，由于Ledger硬件钱包门罗币的一起“丢币”事故，Ledger警告称不要和门罗币客户端v0.14一起使用Monero Ledger HW应用程序（或Ledger Nano S），可能会引起“丢币”事故，门罗币官方转发了这条消息。而这之前门罗币官方紧急发布了最新的修复版本v0.14.0.1，解决了在Coinbase 交易中RingCT输出的错误处理问题，正是这个导致了“丢币”事故。之所以是紧急修复是因为漏洞相关细节已经被“不负责任”地公布了。余弦表示，有相关猜测称，这是一个匿名货币小币种嘲讽地披露了门罗币“假充值”漏洞细节，解释说是因为门罗币对漏洞研究者一直很傲慢。这导致门罗币提前发布了补丁。接入门罗币的相关交易所和钱包尽快修复了漏洞。[2019/3/7]

Alias:?None.

Inputs:

payment_ids?-array??of:string;PaymentIDsusedtofindthepayments(16charactershex).

min_block_height?-unsigned??int;Theblockheightatwhichtostartlookingforpayments.

Outputs:

payments?-listof:

payment_id?-string;???PaymentIDmatchingoneoftheinputIDs.

tx_hash?-string;???TransactionhashusedasthetransactionID.

amount?-???unsignedint;Amountforthispayment.

block_height?-???unsignedint;Heightoftheblockthatfirstconfirmedthispayment.

unlock_time?-unsignedint;Time(inblockheight)until???thispaymentissafetospend.

subaddr_index?-subaddress???index:

major?-???unsignedint;Accountindexforthesubaddress.

minor?-???unsignedint;Indexofthesubaddressintheaccount.

address?-string;???Addressreceivingthepayment;Base58representationofthepublickeys.

Example:

$curl-XPOSThttp://127.0.0.1:18082/json_rpc-d'{"jsonrpc":"2.0","id":"0","method":"get_bulk_payments","params":{"payment_ids":,"min_block_height":"120000"}}'-H'Content-Type:application/json'

{

"id":"0",

"jsonrpc":"2.0",

"result":{

"payments":[{

"address":"55LTR8KniP4LQGJSPtbYDacR7dz8RBFnsfAKMaMuwUNYX6aQbBcovzDPyrQF9KXF9tVU6Xk3K8no1BywnJX6GvZX8yJsXvt",

"amount":1000000000000,

"block_height":127606,

"payment_id":"60900e5603bf96e3",

"subaddr_index":{

"major":0,

"minor":0

},

"tx_hash":"3292e83ad28fc1cc7bc26dbd38862308f4588680fbf93eae3e803cddd1bd614f",

"unlock_time":0

}]

}

}

get_transfer_by_txid

Showinformationaboutatransferto/fromthisaddress.

Alias:?None.

Inputs:

txid?-string;??TransactionIDusedtofindthetransfer.

account_index?-unsigned??int;(Optional)Indexoftheaccounttoqueryforthetransfer.

Outputs:

transfer?-JSON??objectcontainingpaymentinformation:

address?-string;???Addressthattransferredthefunds.Base58representationofthepublic???keys.

amount?-???unsignedint;Amountofthistransfer.

confirmations?-???unsignedint;Numberofblockminedsincetheblockcontainingthis???transaction(orblockheightatwhichthetransactionshouldbeaddedto???ablockifnotyetconfirmed).

destinations?-array???ofJSONobjectscontainingtransferdestinations:

amount?-???unsignedint;Amounttransferredtothisdestination.

address?-???string;Addressforthisdestination.Base58representationofthepublic???keys.

double_spend_seen?-???boolean;Trueifthekeyimage(s)forthetransferhavebeenseenbefore.

fee?-???unsignedint;Transactionfeeforthistransfer.

height?-???unsignedint;Heightofthefirstblockthatconfirmedthistransfer.

note?-string;???Noteaboutthistransfer.

payment_id?-string;???PaymentIDforthistransfer.

subaddr_index?-JSON???objectcontainingthemajor&minorsubaddressindex:

major?-???unsignedint;Accountindexforthesubaddress.

minor?-???unsignedint;Indexofthesubaddressundertheaccount.

suggested_confirmations_threshold?-???unsignedint;Estimationoftheconfirmationsneededforthetransaction???tobeincludedinablock.

timestamp?-???unsignedint;POSIXtimestampfortheblockthatconfirmedthistransfer???(ortimestampsubmissionifnotminedyet).

txid?-string;???TransactionIDofthistransfer(sameasinputTXID).

type?-string;???Typeoftransfer,oneofthefollowing:"in","out",???"pending","failed","pool"

unlock_time?-unsignedint;Numberofblocksuntil???transferissafelyspendable.

Example:

$curl-XPOSThttp://localhost:18082/json_rpc-d'{"jsonrpc":"2.0","id":"0","method":"get_transfer_by_txid","params":{"txid":"c36258a276018c3a4bc1f195a7fb530f50cd63a4fa765fb7c6f7f49fc051762a"}}'-H'Content-Type:application/json'

{

"id":"0",

"jsonrpc":"2.0",

"result":{

"transfer":{

"address":"55LTR8KniP4LQGJSPtbYDacR7dz8RBFnsfAKMaMuwUNYX6aQbBcovzDPyrQF9KXF9tVU6Xk3K8no1BywnJX6GvZX8yJsXvt",

"amount":300000000000,

"confirmations":1,

"destinations":[{

"address":"7BnERTpvL5MbCLtj5n9No7J5oE5hHiB3tVCK5cjSvCsYWD2WRJLFuWeKTLiXo5QJqt2ZwUaLy2Vh1Ad51K7FNgqcHgjW85o",

"amount":100000000000

},{

"address":"77Vx9cs1VPicFndSVgYUvTdLCJEZw9h81hXLMYsjBCXSJfUehLa9TDW3Ffh45SQa7xb6dUs18mpNxfUhQGqfwXPSMrvKhVp",

"amount":200000000000

}],

"double_spend_seen":false,

"fee":21650200000,

"height":153624,

"note":"",

"payment_id":"0000000000000000",

"subaddr_index":{

"major":0,

"minor":0

},

"suggested_confirmations_threshold":1,

"timestamp":1535918400,

"txid":"c36258a276018c3a4bc1f195a7fb530f50cd63a4fa765fb7c6f7f49fc051762a",

"type":"out",

"unlock_time":0

}

}

}

点击查看官方文档：

https://www.getmonero.org/resources/developer-guides/wallet-rpc.html

标签：RANTRANSANSTRATRANSPARENT价格Evident Proof Transaction Tokenans币价格strat币价格

币安app下载热门资讯