{"id":7495,"date":"2019-12-12T11:57:37","date_gmt":"2019-12-12T08:57:37","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=7495"},"modified":"2019-12-12T11:57:37","modified_gmt":"2019-12-12T08:57:37","slug":"crypto-hacks","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/crypto-hacks\/7495\/","title":{"rendered":"4 kripto korsanl\u0131k t\u00fcr\u00fcn\u00fc a\u00e7\u0131kl\u0131yoruz"},"content":{"rendered":"<p>Kripto para birimleri on y\u0131ldan uzun zamand\u0131r hayat\u0131m\u0131zda. Bu s\u00fcre boyunca kripto para al\u0131\u015fveri\u015fi ve kripto parayla ilgili di\u011fer hizmetlerle ba\u011flant\u0131l\u0131 y\u00fcz\u00fc a\u015fk\u0131n b\u00fcy\u00fck sald\u0131r\u0131 g\u00f6zlemledik.<\/p>\n<p>Bu tarz sald\u0131r\u0131lar\u0131n ayr\u0131nt\u0131lar\u0131 \u00e7o\u011funlukla netle\u015fmiyor. Kimin hacklendi\u011fini, olay\u0131n ne zaman ger\u00e7ekle\u015fti\u011fini ve ne kadar paran\u0131n \u00e7al\u0131nd\u0131\u011f\u0131n\u0131 \u00f6\u011frenmek kolay olsa da, olay\u0131n \u201cnas\u0131l\u201d ger\u00e7ekle\u015fti\u011fi belirsizli\u011fini koruyor. Gazeteciler i\u015fin i\u00e7indeki paralar\u0131n boyutuyla daha fazla ilgileniyor; sald\u0131r\u0131 kurban\u0131 kurumlar ise utan\u00e7lar\u0131n\u0131n ayr\u0131nt\u0131lar\u0131n\u0131 a\u00e7\u0131klamaya pek hevesli olmuyorlar.<\/p>\n<p>Vaaz vermek i\u00e7in de\u011fil ama bu olaylar\u0131n tekrar ger\u00e7ekle\u015fmesini \u00f6nlemek umuduyla bu bo\u015fluklar\u0131 doldural\u0131m ve bu sald\u0131r\u0131lar\u0131n nas\u0131l i\u015fledi\u011fi hakk\u0131nda biraz konu\u015fal\u0131m.<\/p>\n<h2>Kimlik av\u0131 ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar: Standart kripto para birimi korsanl\u0131\u011f\u0131<\/h2>\n<p>Kripto para al\u0131\u015fveri\u015fi ma\u011fazalar\u0131, kullan\u0131c\u0131lar\u0131n hem kripto paralar\u0131n\u0131 hem de normal paralar\u0131n\u0131 geleneksel banka hesaplar\u0131nda saklar. Normal paraya bula\u015fmak, siber su\u00e7lular i\u00e7in risklidir; yakalanmadan i\u015ften s\u0131yr\u0131labilmek i\u00e7in banka hen\u00fcz hesaplar\u0131 dondurmaya f\u0131rsat bulamadan ya\u011fmalad\u0131klar\u0131n\u0131 nakde \u00e7evirmeleri gerekir. Bu y\u00fczden hackerlar \u00e7o\u011funlukla kripto para birimlerini tercih eder.<\/p>\n<p>D\u0131\u015far\u0131dan bak\u0131ld\u0131\u011f\u0131nda tipik bir kripto para al\u0131\u015fveri\u015fi sald\u0131r\u0131s\u0131 hakk\u0131nda bilinen tek \u015fey (1) ger\u00e7ekle\u015fmi\u015f oldu\u011fu ve (2) m\u00fc\u015fterinin paras\u0131n\u0131n gitti\u011fidir. Peki ger\u00e7ekte ne oluyor? \u00c7ok b\u00fcy\u00fck olas\u0131l\u0131kla olan \u015fu: Sald\u0131rganlar ilk \u00f6nce \u00e7al\u0131\u015fanlar\u0131n bir listesini ediniyor, ilgi alanlar\u0131n\u0131 inceliyor (sosyal a\u011flar da buna dahil) ve potansiyel olarak en kand\u0131r\u0131labilir bulduklar\u0131na k\u00f6t\u00fc ama\u00e7l\u0131 \u00f6demeler i\u00e7eren<a href=\"https:\/\/www.kaspersky.com.tr\/blog\/what-is-spearphishing\/4521\/\" target=\"_blank\" rel=\"noopener\"> hedefli kimlik av\u0131 e-postalar\u0131<\/a> g\u00f6nderiyorlar. Siber su\u00e7lular bu sayede al\u0131\u015fveri\u015f a\u011f\u0131na girmi\u015f oluyor.<\/p>\n<p>Ard\u0131ndan firmay\u0131 tan\u0131maya ba\u015fl\u0131yorlar: Muhasebeci ne s\u0131kl\u0131kla y\u00f6neticiyle g\u00f6r\u00fc\u015f\u00fcyor? Birbirlerine ne g\u00f6nderiyorlar? Dahili a\u011f\u0131n yap\u0131s\u0131 nas\u0131l? Kripto c\u00fczdanlar nerede depolan\u0131yor? Nas\u0131l korunuyor? Bu a\u015fama \u00e7ok uzun s\u00fcrebiliyor, fakat sonunda siber su\u00e7lular\u0131 kritik sistemlere eri\u015fimi olan bir \u00e7al\u0131\u015fan\u0131n makinesine ula\u015ft\u0131r\u0131yor.<\/p>\n<p>Al\u0131\u015fveri\u015fin otomatik sistemi kripto para g\u00f6ndermeye ayarl\u0131ysa operat\u00f6r ayr\u0131cal\u0131klar\u0131na sahip olmak, sald\u0131rganlar\u0131n kendilerine kripto para g\u00f6nderebilmesini sa\u011fl\u0131yor. Yak\u0131n bir zaman \u00f6nce Binance\u2019e d\u00fczenlenen sald\u0131r\u0131n\u0131n b\u00f6yle bir senaryoyla ger\u00e7ekle\u015fti\u011fine inan\u0131l\u0131yor.<\/p>\n<ul>\n<li>Vaka: <a href=\"https:\/\/www.binance.com\/en\/support\/articles\/360028031711\" target=\"_blank\" rel=\"noopener nofollow\">Binance al\u0131\u015fveri\u015f sald\u0131r\u0131s\u0131<\/a><\/li>\n<li>Tarih: 7 May\u0131s 2019<\/li>\n<li>\u00c7al\u0131nan miktar: 40.000.000 USD (7.000 BTC)<\/li>\n<\/ul>\n<h3>Hedefli sald\u0131r\u0131lar: Nas\u0131l korunmal\u0131<\/h3>\n<p>\u0130\u015finiz kripto para al\u0131\u015fveri\u015fi yapmakla ilgiliyse yapman\u0131z gereken, bir sald\u0131r\u0131n\u0131n maliyetinin ba\u015far\u0131 olas\u0131l\u0131\u011f\u0131 \u00e7arp\u0131 potansiyel kazanc\u0131 a\u015ft\u0131\u011f\u0131ndan emin olmakt\u0131r. Bu y\u00fczden:<\/p>\n<ul>\n<li>Personelinize siber okuryazarl\u0131k (\u00f6rne\u011fin DOC format\u0131nda bir \u00f6zge\u00e7mi\u015fi a\u00e7mamay\u0131) \u00f6\u011fretin;<\/li>\n<li>Hedefli sald\u0131r\u0131lardan korunmak i\u00e7in, tercihen yaln\u0131zca belirli d\u00fc\u011f\u00fcmlerdeki tehditlere kar\u015f\u0131 koruma sa\u011flamakla kalmay\u0131p organizasyon \u00e7ap\u0131nda anormallikleri tespit edebilen bir <a href=\"https:\/\/kas.pr\/kdkesbtr\" target=\"_blank\" rel=\"noopener\">g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a> kullan\u0131n;<\/li>\n<li>S\u0131zma testi yapt\u0131r\u0131n (bu test s\u0131ras\u0131nda uzmanlar sisteminize s\u0131zmaya ve sisteminizde gezinmeye \u00e7al\u0131\u015f\u0131r, ard\u0131ndan size zay\u0131f noktalar\u0131n yerini bildirirler).<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-b2b\">\n<h2>\u00c7ifte harcama: Telefonla Bitcoin ATM\u2019si soymak<\/h2>\n<p>Bitcoin \u00e7alman\u0131n bir ba\u015fka yolu ise ATM\u2019lerde kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yor. \u0130nsanlar ATM\u2019leri \u00e7o\u011funlukla mevcut banka hesaplar\u0131ndan para \u00e7ekmek (veya bu hesaplara para yat\u0131rmak) i\u00e7in kullan\u0131r, fakat bir Bitcoin ATM\u2019si (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Bitcoin_ATM\" target=\"_blank\" rel=\"noopener nofollow\">Bitcoin ATM<\/a>) bundan daha fazlas\u0131n\u0131 yapabilir: Bu ATM\u2019ler, kripto para al\u0131m sat\u0131m\u0131 yapma \u00f6zelli\u011fine sahiptir.<\/p>\n<p>\u0130nsanlar, ATM arac\u0131l\u0131\u011f\u0131yla bitcoin sat\u0131p nakit \u00f6demeyi ald\u0131ktan sonra i\u015flemi iptal ederek bitcoin doland\u0131r\u0131c\u0131l\u0131\u011f\u0131 yapabiliyor. Kula\u011fa i\u015fe yaramayacak kadar bariz geliyor ama Kanada\u2019da kripto para i\u015flemi yapabilen 45 ATM a\u00e7\u0131lmas\u0131n\u0131n ard\u0131ndan k\u0131sa bir s\u00fcre i\u00e7inde h\u0131rs\u0131zlar bu makinelerden 200.000 USD \u00e7ald\u0131.<\/p>\n<p>Peki bu nas\u0131l olabildi? Bildi\u011finiz gibi blok zincirindeki bilgiler bloklar i\u00e7erisinde saklan\u0131yor; blok zinciri ismi de buradan geliyor. \u201cJohn\u2019a 1 BTC g\u00f6nderiliyor\u201d gibi bir i\u015flem derhal bloka yaz\u0131lm\u0131yor; \u00f6ncelikle s\u0131raya al\u0131n\u0131yor ve a\u015fa\u011f\u0131 yukar\u0131 her 10 dakikada bir yeni bir blok olu\u015fturuluyor. Onaylanmayan i\u015flemler, blok olu\u015fturucu taraf\u0131ndan s\u0131radan \u00e7\u0131kar\u0131l\u0131yor. Blokta t\u00fcm i\u015flemler i\u00e7in yer olmad\u0131\u011f\u0131, dolay\u0131s\u0131yla \u00f6nceli\u011fin (blok olu\u015fturucu taraf\u0131ndan tutulan) y\u00fcksek \u00fccretli olanlara verildi\u011fi unutulmamal\u0131.<\/p>\n<p>\u0130nanmas\u0131 g\u00fc\u00e7 ama ATM\u2019lerin mant\u0131\u011f\u0131n\u0131 geli\u015ftirenler, nakdi vermeden \u00f6nce i\u015flemin blok zincirine yaz\u0131lmas\u0131n\u0131 bekleme talimat\u0131 vermemi\u015f. B\u00f6ylece kullan\u0131c\u0131n\u0131n rahat\u0131 i\u00e7in g\u00fcvenlikten \u00f6d\u00fcn verilmi\u015f.<\/p>\n<p>Ufak bir ayr\u0131nt\u0131 daha: Bitcoin ilk \u00e7\u0131kt\u0131\u011f\u0131nda s\u0131raya al\u0131nan i\u015flemlerin iptal edilmesine izin vermiyordu; bu da s\u0131kl\u0131kla d\u00fc\u015f\u00fck \u00fccretli i\u015flemlerin silinmeden \u00f6nce birka\u00e7 g\u00fcn boyunca sistemde ask\u0131da kalmas\u0131na sebep oluyordu. Bitcoin bu sorunu \u00e7\u00f6zmek i\u00e7in s\u0131rada bekleyen bir i\u015flemin di\u011fer bir i\u015flemle de\u011fi\u015ftirilebilmesini sa\u011flayan bir \u00fccrete g\u00f6re de\u011fi\u015ftirme (<a href=\"https:\/\/en.bitcoin.it\/wiki\/Replace_by_fee\" target=\"_blank\" rel=\"noopener nofollow\">replace-by-fee<\/a>) mekanizmas\u0131 ekledi. Amac\u0131 komisyonu y\u00fckselterek transferin ger\u00e7ekle\u015fmesini sa\u011flamakt\u0131. Fakat bu mekanizma ayn\u0131 zamanda al\u0131c\u0131n\u0131n de\u011fi\u015ftirilebilmesini de m\u00fcmk\u00fcn k\u0131larak bitcoinlerin g\u00f6ndericiye geri yollanabilmesine olanak sa\u011flad\u0131.<\/p>\n<p>Bunu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olarak adland\u0131rmak hafif kal\u0131r; bu apa\u00e7\u0131k bir ihmal ve bak\u0131n bu ihmal neye sebep oldu:<\/p>\n<ul>\n<li>Vaka: <a href=\"https:\/\/www.ccn.com\/bitcoin-atm-double-spenders-police-need-help-identifying-four-criminals\/\" target=\"_blank\" rel=\"noopener nofollow\">Bitcoin ATM sald\u0131r\u0131s\u0131<\/a><\/li>\n<li>Tarih: Eyl\u00fcl 2018<\/li>\n<li>\u00c7al\u0131nan miktar: 200.000 USD<\/li>\n<\/ul>\n<h3>\u00c7ifte harcama sald\u0131r\u0131s\u0131: Nas\u0131l korunmal\u0131<\/h3>\n<p>Para \u00e7al\u0131nd\u0131ktan sonra ATM\u2019lerin arkas\u0131ndaki \u015firket makineleri bekleme zaman\u0131 koyan modellerle de\u011fi\u015ftirdi. Art\u0131k kullan\u0131c\u0131lar\u0131n bitcoinler haz\u0131rland\u0131ktan sonra ATM\u2019ye geri d\u00f6n\u00fcp nakit paralar\u0131n\u0131 \u00e7ekmesi gerekiyor. Yeni durum hi\u00e7 kullan\u0131c\u0131 dostu de\u011fil ama blok zinciri mekanizmas\u0131 g\u00f6z \u00f6n\u00fcnde bulunduruldu\u011funda tek do\u011fru y\u00f6ntem bu.<\/p>\n<p>Geriye d\u00f6n\u00fcp bakt\u0131\u011f\u0131m\u0131zda bu kadar aptalca bir para kayb\u0131n\u0131 \u00f6nlemek i\u00e7in geli\u015ftiricilerin uygulama g\u00fcvenli\u011fi incelemesi yapt\u0131rmas\u0131 gerekti\u011fini g\u00f6rebiliyoruz. Bu incelemelerde d\u0131\u015far\u0131dan gelen uzmanlar, hizmetinizin mimarisini test ediyor, kodu inceliyor ve g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ar\u0131yorlar.<\/p>\n<h2>%51 sald\u0131r\u0131s\u0131: Blok zincirinde ustala\u015fmak<\/h2>\n<p>De\u011fi\u015fmezlikle ilgili \u201cBlok zincirindeki veriler de\u011fi\u015ftirilemez,\u201d dendi\u011fini duymu\u015fsunuzdur. Fakat bu, baz\u0131 durumlarda tam olarak do\u011fru de\u011fil. Blok zincirinin ve madencili\u011fin nas\u0131l i\u015fledi\u011fini daha ayr\u0131nt\u0131l\u0131 olarak anlamak i\u00e7in \u201c<a href=\"https:\/\/www.kaspersky.com\/blog\/bitcoin-easy-explanation\/12915\/\" target=\"_blank\" rel=\"noopener nofollow\">Bitcoin teknolojisi nedir ve nas\u0131l \u00e7al\u0131\u015f\u0131r<\/a>\u201d ve \u201c<a href=\"https:\/\/www.kaspersky.com\/blog\/mining-easy-explanation\/17768\/\" target=\"_blank\" rel=\"noopener nofollow\">A\u00e7\u0131kl\u0131yoruz: Bitcoin madencili\u011fi<\/a>\u201d yaz\u0131lar\u0131na bakabilirsiniz.<\/p>\n<p>Blok zincirinin t\u00fcm kullan\u0131c\u0131lar i\u00e7in ayn\u0131 olmas\u0131n\u0131 g\u00fcvence alt\u0131na alan iki prensip vard\u0131r. Birincisi, kat\u0131l\u0131mc\u0131lar\u0131n tamam\u0131, bir sonraki blokun olu\u015fturucusunun kim olaca\u011f\u0131 konusunda hemfikir olmal\u0131d\u0131r. \u015eansl\u0131 ki\u015fi olma olas\u0131l\u0131\u011f\u0131, yat\u0131r\u0131lan kaynaklara ba\u011fl\u0131d\u0131r: Ne kadar madencilik g\u00fcc\u00fcne sahipseniz \u015fans\u0131n\u0131z o kadar y\u00fcksektir.<\/p>\n<p>\u0130kincisi, \u201cen uzun zincir kural\u0131d\u0131r\u201d. Bu kurala g\u00f6re, herhangi bir \u00e7at\u0131\u015fma olmas\u0131 durumunda blok zincirinin ge\u00e7erli s\u00fcr\u00fcm\u00fc en uzun oland\u0131r. Biri kendi sahte blok zinciri s\u00fcr\u00fcm\u00fcn\u00fc olu\u015fturup yaymaya kalkarsa di\u011ferleri bunu reddedecektir, \u00e7\u00fcnk\u00fc \u00fcst\u00fcnde daha az kaynak harcand\u0131\u011f\u0131 i\u00e7in bu s\u00fcr\u00fcm daha k\u0131sa olacakt\u0131r.<\/p>\n<p>Fakat sahte s\u00fcr\u00fcm\u00fc yapan ki\u015fi t\u00fcm madencilik g\u00fcc\u00fcn\u00fcn %50\u2019sinden fazlas\u0131n\u0131 kulland\u0131\u011f\u0131nda bu durum de\u011fi\u015fir. Di\u011fer madencilerin, \u00f6rne\u011fin 9 blok olu\u015fturabilece\u011fi s\u00fcrede, k\u00f6t\u00fc ama\u00e7l\u0131 bir kullan\u0131c\u0131 10 blok olu\u015fturabilir. Bu noktada sahte blok zinciri, en uzun s\u00fcr\u00fcm haline gelece\u011fi i\u00e7in herkes bu s\u00fcr\u00fcm\u00fc kabul eder ve finansal ge\u00e7mi\u015f etkin bi\u00e7imde de\u011fi\u015ftirilmi\u015f olur. Herkese a\u00e7\u0131k blok zincirinin eski s\u00fcr\u00fcm\u00fcnde bitcoin harcam\u0131\u015f olan bir kullan\u0131c\u0131, sahte blok zincirinde bu bitcoinleri tekrar hesab\u0131nda bulabilir.<\/p>\n<p>2019\u2019un ba\u015f\u0131nda Gate.io kripto al\u0131\u015fveri\u015f platformunda da tam olarak bu oldu. Bir sald\u0131rgan, al\u0131\u015fveri\u015f platformuna kripto paras\u0131n\u0131 g\u00f6nderdi (ve bunu herkese a\u00e7\u0131k blok zincirine yazd\u0131) ve bu s\u0131rada kendi blok zincirini olu\u015fturmaya koyuldu. Al\u0131\u015fveri\u015f platformu transferi al\u0131p belirtilen miktar\u0131 sald\u0131rgan\u0131n hesab\u0131na tan\u0131mlad\u0131\u011f\u0131nda ise sald\u0131rgan kendi \u00f6zel blok zincirini yay\u0131nlad\u0131 (bu blok zinciri yukar\u0131daki i\u015flemi i\u00e7ermedi\u011fi i\u00e7in kripto paran\u0131n geri \u00fcstlenilmesini sa\u011fl\u0131yordu) ve al\u0131\u015fveri\u015f platformuna hesab\u0131ndaki paray\u0131 \u00e7ekme talebi g\u00f6nderdi. Sonu\u00e7ta al\u0131\u015fveri\u015f platformu para kaybetti.<\/p>\n<p>\u015eimdi bunun neden her g\u00fcn ger\u00e7ekle\u015febilecek bir \u015fey olmad\u0131\u011f\u0131na ve sald\u0131rgan\u0131n ne kadar bilgi i\u015flem g\u00fcc\u00fc harcamas\u0131 gerekece\u011fine bakal\u0131m.<\/p>\n<p>\u00d6rnek olarak Bitcoin\u2019i kullanaca\u011f\u0131z. Madenciler saatte alt\u0131 blok olu\u015fturuyor. Her bir blok i\u00e7in 12,5 BTC \u00f6deniyor. (6 Ekim 2019 itibariyle 75 BTC, 600.000 USD\u2019ye e\u015fit.) Bu, t\u00fcm Bitcoin madencili\u011fi g\u00fcc\u00fcn\u00fc bir saatli\u011fine kiralaman\u0131n maliyeti. <a href=\"https:\/\/www.crypto51.app\/\" target=\"_blank\" rel=\"noopener nofollow\">Crypto51 sitesi<\/a> \u015f\u00f6yle hesaplamalar g\u00f6steriyor:<\/p>\n<div id=\"attachment_7497\" style=\"width: 1428px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-7497\" class=\"wp-image-7497 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2019\/12\/12115403\/51-screen-crypto-hacks.png\" alt=\"\" width=\"1418\" height=\"1201\"><p id=\"caption-attachment-7497\" class=\"wp-caption-text\">B\u00fcy\u00fck kripto para birimlerinde bir saatlik %51 sald\u0131r\u0131s\u0131n\u0131n yakla\u015f\u0131k maliyeti<\/p><\/div>\n<p>\u00a0<\/p>\n<p>Son s\u00fctun, \u015fu anda kiralanabilen kapasitenin ne kadar oldu\u011funu g\u00f6steriyor. G\u00f6rd\u00fc\u011f\u00fcn\u00fcz gibi, Ethereum Classic blok zincirine yukar\u0131da bahsetti\u011fimiz sald\u0131rgan\u0131n yapt\u0131\u011f\u0131 \u015fekilde sahip olmak, saatte 10.000 USD\u2019ye mal oluyor. 200.000 USD i\u00e7in d\u00f6rt saate ihtiya\u00e7lar\u0131 var.<\/p>\n<p>Bunun bu t\u00fcrdeki ilk sald\u0131r\u0131 olmad\u0131\u011f\u0131n\u0131 da unutmamak gerek. Bir\u00e7ok di\u011fer kripto para birimi ba\u015far\u0131l\u0131 %51 sald\u0131r\u0131lar\u0131na g\u00f6\u011f\u00fcs gerdi.<\/p>\n<ul>\n<li>Vaka: <a href=\"https:\/\/blog.coinhe.io\/exchange-says-200k-in-ethereum-classic-lost-as-blockchain-attacks-continue\/\" target=\"_blank\" rel=\"noopener nofollow\">ETC %51 Gate.io sald\u0131r\u0131s\u0131<\/a><\/li>\n<li>Tarih: 7 Ocak 2019<\/li>\n<li>\u00c7al\u0131nan miktar: 200.000 USD (40.000 ETC)<\/li>\n<\/ul>\n<h3>%51 Sald\u0131r\u0131lar\u0131: Nas\u0131l korunmal\u0131<\/h3>\n<p>Genel olarak bir blok zincirini yeniden yazmak ve %51 sald\u0131r\u0131s\u0131ndan kar sa\u011flamak, bu teknolojide bulunan bir \u00f6zellik. Kripto al\u0131\u015fveri\u015f platformlar\u0131, sald\u0131r\u0131lar\u0131 m\u00fcmk\u00fcn oldu\u011funca pahal\u0131 hale getirmek i\u00e7in bir i\u015flemin ard\u0131ndan kullan\u0131c\u0131n\u0131n bakiyesini g\u00fcncellemeden \u00f6nce m\u00fcmk\u00fcn oldu\u011funca uzun s\u00fcre bekliyorlar. \u00c7\u00fcnk\u00fc i\u015flem blok zincirine girildikten sonra ne kadar fazla blok olu\u015fturulursa, blok zincirinin yeniden organize edilip geri al\u0131nmas\u0131 o kadar d\u00fc\u015f\u00fck bir olas\u0131l\u0131k haline geliyor. Fakat bu gecikme transferlerin saatler s\u00fcrmesine sebep olabiliyor.<\/p>\n<p>Her ko\u015fulda bu tarz sald\u0131r\u0131lar\u0131 tekrar g\u00f6rece\u011fimizden eminiz.<\/p>\n<h2>Gizli anahtar h\u0131rs\u0131zl\u0131\u011f\u0131: Parola c\u00fcmlesine yaz\u0131m denetimi<\/h2>\n<p>Kripto paray\u0131 harcamak i\u00e7in gizli anahtara ihtiyac\u0131n\u0131z var. Anahtar kripto c\u00fczdanda kay\u0131tl\u0131 oluyor; kullan\u0131c\u0131n\u0131n bakiyesi ise blok zincirinde saklan\u0131yor.<\/p>\n<p>Kripto c\u00fczdan de\u011fi\u015ftirmeniz halinde anahtar\u0131 eski c\u00fczdandan yenisine kopyalaman\u0131z gerekiyor. Anahtar, kolayl\u0131k i\u00e7in 12 basit kelimeden olu\u015fan bir \u00e7ekirdek c\u00fcmle oluyor. \u00d6rne\u011fin, <em>witch collapse practice feed shame open despair creek road again ice least<\/em> gibi.<\/p>\n<p>Bir defas\u0131nda, bir kripto c\u00fczdan\u0131n geli\u015ftiricileri yanl\u0131\u015fl\u0131kla bu parola c\u00fcmlesini \u00e7evrimi\u00e7i yaz\u0131m denetimine g\u00f6nderdi. Bu hata, bir kripto para yat\u0131r\u0131mc\u0131s\u0131n\u0131n 70.000 USD \u00e7ald\u0131rmas\u0131 sonucu ke\u015ffedildi. H\u0131rs\u0131zl\u0131\u011f\u0131n sebebinin bu oldu\u011funda \u015f\u00fcpheliyiz, ancak her durumda ders al\u0131nmas\u0131 gereken bir hikaye.<\/p>\n<p>Bunun ger\u00e7ekle\u015fmesinin sebebi, g\u00fcn\u00fcm\u00fczde uygulamalar\u0131n\u0131n \u00e7o\u011funlukla s\u0131f\u0131rdan yaz\u0131lmak yerine, \u00fc\u00e7\u00fcnc\u00fc taraf geli\u015ftiricilerin bile\u015fenleri de dahil olmak \u00fczere \u00e7e\u015fitli bile\u015fenlerden olu\u015fturulmas\u0131. Coinomi kripto c\u00fczdan\u0131n geli\u015ftiricileri de b\u00f6yle yapt\u0131. Parola c\u00fcmlesi giri\u015f formu i\u00e7in jxBrowser bile\u015fenini kulland\u0131lar. Geli\u015ftiricilerin bilmedi\u011fi \u015fey, bu bile\u015fenin otomatik olarak forma girilen t\u00fcm metne yaz\u0131m denetimi uygulad\u0131\u011f\u0131yd\u0131. D\u00fcnyan\u0131n bilinen t\u00fcm dilleri i\u00e7in s\u00f6zl\u00fck bar\u0131nd\u0131ramayaca\u011f\u0131ndan \u00f6t\u00fcr\u00fc, googleapis.com kullanan bulut tabanl\u0131 bir denetim ger\u00e7ekle\u015ftiriyordu.<\/p>\n<p>S\u0131radan giri\u015f formlar\u0131 i\u00e7in kullan\u0131\u015fl\u0131 olabilecek bu \u00f6zellik, \u015fifre ve s\u00fcper gizli c\u00fcmleler girilen alanlar i\u00e7in inan\u0131lmaz derecede riskliydi.<\/p>\n<p>Geli\u015ftiriciler kendilerini \u00e7ekirdek c\u00fcmlenin yaln\u0131zca Google\u2019a gitti\u011fini ve \u015fifrelenmi\u015f bir \u015fekilde iletildi\u011fini s\u00f6yleyerek <a href=\"https:\/\/medium.com\/coinomi\/official-statement-on-spell-check-findings-547ca348676b\" target=\"_blank\" rel=\"noopener nofollow\">savundu<\/a>. Google ise hata vermi\u015fti. Bununla birlikte sald\u0131r\u0131n\u0131n kurban\u0131, h\u0131rs\u0131zl\u0131\u011fa bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n sebep oldu\u011funa emin.<\/p>\n<ul>\n<li>Vaka: <a href=\"https:\/\/www.ccn.com\/investor-lost-70k-life-savings-critical-crypto-wallet-vulnerability-coinomi\/\" target=\"_blank\" rel=\"noopener nofollow\">Coinomi c\u00fczdan kimlik do\u011frulamas\u0131 g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/a><\/li>\n<li>Tarih: 22 \u015eubat 2019<\/li>\n<li>\u00c7al\u0131nan miktar: 70.000 USD<\/li>\n<\/ul>\n<h3>Gizli anahtar h\u0131rs\u0131zl\u0131\u011f\u0131: Nas\u0131l korunmal\u0131<\/h3>\n<p>Bir a\u00e7\u0131dan bak\u0131ld\u0131\u011f\u0131nda, probleme basit bir dikkatsizlik sebep olmu\u015f. Bile\u015fenin yaz\u0131m denetimi \u00f6zelli\u011fi belgeli ve nas\u0131l devre d\u0131\u015f\u0131 b\u0131rak\u0131labilece\u011fine dair talimatlar da verilmi\u015f. Geleneksel testler sorunu bulamayabilirdi, fakat uygulama g\u00fcvenli\u011fi incelemesiyle sorun kesinlikle tespit edilirdi.<\/p>\n<p>Di\u011fer taraftan, problem asl\u0131nda bundan daha derin. \u00dc\u00e7\u00fcnc\u00fc taraf kitapl\u0131klar\u0131n kullan\u0131m\u0131, \u015fimdi veya (g\u00fcncellemeler g\u00fcvenlik a\u00e7\u0131\u011f\u0131na sebep oldu\u011fu takdirde) daha sonra ortaya \u00e7\u0131kabilecek potansiyel sorunlar olu\u015fturman\u0131n yan\u0131 s\u0131ra, tedarik zinciri sald\u0131r\u0131s\u0131 riski de ta\u015f\u0131yor. Bir tedarik zinciri sald\u0131r\u0131s\u0131nda siber su\u00e7lunun orijinal ara\u00e7 geli\u015ftiriciyi hacklemesine gerek olmaz; yaln\u0131zca \u00fcstlenicilerden birine s\u0131zmalar\u0131 yeterlidir. \u00c7o\u011funlukla \u00fcstleniciler o kadar iyi korunmaz ve kodlar\u0131n\u0131n hangi \u00f6nemli projelerde kullan\u0131laca\u011f\u0131n\u0131n fark\u0131nda dahi olmayabilirler.<\/p>\n<p>Sonu\u00e7ta bazen sorumlular\u0131n vurdumduymazl\u0131\u011f\u0131na hayret edersiniz; bazen de ne kadar \u00e7aresiz olduklar\u0131n\u0131 d\u00fc\u015f\u00fcn\u00fcp hallerine \u00fcz\u00fclebilirsiniz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Yak\u0131n zamanlarda ger\u00e7ekle\u015fen d\u00f6rt kripto korsanl\u0131k olay\u0131n\u0131n alt\u0131nda yatan sa\u00e7ma sebepleri inceliyoruz.<\/p>\n","protected":false},"author":669,"featured_media":7496,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727],"tags":[374,1098,1444,1500],"class_list":{"0":"post-7495","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"tag-bitcoin","11":"tag-blok-zinciri","12":"tag-ethereum","13":"tag-kripto-para-birimleri"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/crypto-hacks\/7495\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/crypto-hacks\/18315\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/crypto-hacks\/15213\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/crypto-hacks\/7327\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/crypto-hacks\/20042\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/crypto-hacks\/18402\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/crypto-hacks\/16774\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/crypto-hacks\/20770\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/crypto-hacks\/19523\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/crypto-hacks\/25876\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/crypto-hacks\/31768\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/crypto-hacks\/13535\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/crypto-hacks\/12582\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/crypto-hacks\/21753\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/crypto-hacks\/26423\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/crypto-hacks\/24711\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/crypto-hacks\/20740\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/crypto-hacks\/25622\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/crypto-hacks\/25456\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/bitcoin\/","name":"bitcoin"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/669"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=7495"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7495\/revisions"}],"predecessor-version":[{"id":7499,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7495\/revisions\/7499"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/7496"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=7495"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=7495"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=7495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}