WhiteBIT has requested several blockchain security services from Hacken, including smart contract audits for token, escrow, and vesting contracts; a public bug bounty program at HackenProof; and penetration testing for web and mobile apps. In this article, we explore the case of our client WhiteBIT and provide an exclusive interview with their CTO.
WhiteBIT is a centralized cryptocurrency exchange platform founded in 2018 and headquartered in Tallinn, Estonia. It allows users to trade various digital assets, including cryptocurrencies, tokens, and stablecoins. The platform is designed to be user-friendly and secure, offering features such as multi-language support and 24/7 customer support. Additionally, WhiteBIT offers a range of trading tools and resources to help users make informed decisions when trading digital assets.
Hacken has conducted four Solidity Audits for ERC20 Token, TRC20 Token, Vesting, and Escrow contracts in Q3 2022. WhiteBIT scored top in all four categories: Documentation, Code, Architecture, and Security Quality. See the results:
The high scores were a result of WhiteBIT’s significant commitment and our joint hard work.
WhiteBIT runs a public bug bounty program at HackenProof. The exchange rewards $10K for every critical bug. The bounty program covers web, API, Android, and iOS application vulnerabilities. A bug bounty program is the most cost-effective continuous protection measure that allows communities to participate in Web3 projects’ development actively.
Hacken has conducted penetration testing for web, API, iOS, and Android applications of WhiteBIT. While we won’t disclose the specific penetration testing results as they are meant to remain confidential, it can be inferred that WhiteBIT performed great in all tests.
Web3 penetration testing is a comprehensive assessment of system risks. It’s a proactive measure for mitigating data breaches. Clutch recognizes Hacken as the best Web3 Penetration Testing Provider.
We asked WhiteBIT’s CTO Eugene Saenko to reflect on working with Hacken. You can read the interview with the person leading the technological operations of one of the largest crypto exchanges in Europe.
We conduct cybersecurity audits to ensure the safety and security of our platform and users’ assets. There are several reasons why we made a decision to hire Hacken to do an audit. Cryptocurrency exchanges need to take security seriously, as the assets of our users are at stake. Conducting regular cybersecurity audits is one way to ensure that a platform is operating securely and responsibly.
Our main goals are
It’s important to note that, as a centralized exchange, users must trust the platform to handle and secure their funds. That’s why we have the following pillars in our cybersecurity approach:
When we choose a third-party cybersecurity auditor, we want to ensure that the auditor is a good fit for our organization. Among others, we consider the following:
In terms of Hacken, the company is well-respected in the cybersecurity industry and has a strong reputation for delivering high-quality security audits. They have expertise in cryptocurrency security, and their methodology for conducting security audits is rigorous and effective. They also have a strong track record of clear and effective communication with their clients.
In-house security team: One option is to build an in-house security team to conduct security audits and monitors the platform for security threats. The biggest concern with this option is that building and maintaining a dedicated security team can be expensive and time-consuming.
Freelance security experts: Another option is to work with freelance security experts who can provide specific security services, such as penetration testing or vulnerability assessments. The biggest concern with this option is that finding reliable experts with the necessary expertise and experience can be challenging.
Security software: Various solutions can help monitor and protect a platform from security threats. The biggest concern with this option is that security software can only do so much and may not be able to detect all potential threats.
Other third-party security firms: Finally, there are third-party security firms, such as Hacken, that specialize in providing cybersecurity services, including security audits. The biggest concern is the auditing expertise, as third-party security firms can be less experienced.
We have already resolved several security issues discovered through a bug bounty program at Hackenproof, in addition to the issues we found ourselves. In all cases, we followed the next steps:
Hacken had provided the best service in class and met high standards.
We were able to find a lot of bugs in the implementation and security. Thanks to this, we reconsidered their approach to the description of tasks and the formation of requirements. We have also added a mandatory refinement step in terms of implementation security.
Thanks to the audit from Haken, the issues our team identified allowed us to ensure customer safety proactively. Customer safety is valued above all else, and we have benefited greatly from it.
Hacken makes best-in-class cybersecurity audits for blockchain projects, and the scheduling was perfect.
Overall, Hacken has provided full-house cybersecurity for one of the largest crypto exchanges in the world. WhiteBIT showed exceptional results in all cybersecurity areas: smart contracts, pentesting, and crowdsourced protection. The success should be credited to their proactive approach and absolute commitment to securing user assets.
Subscribe to our newsletter
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.