Europe’s Top CEX–WhiteBIT–Trusts Hacken For Security

WhiteBIT has requested several blockchain security services from Hacken, including smart contract audits for token, escrow, and vesting contracts; a public bug bounty program at HackenProof; and penetration testing for web and mobile apps. In this article, we explore the case of our client WhiteBIT and provide an exclusive interview with their CTO.

About WhiteBIT

WhiteBIT is a centralized cryptocurrency exchange platform founded in 2018 and headquartered in Tallinn, Estonia. It allows users to trade various digital assets, including cryptocurrencies, tokens, and stablecoins. The platform is designed to be user-friendly and secure, offering features such as multi-language support and 24/7 customer support. Additionally, WhiteBIT offers a range of trading tools and resources to help users make informed decisions when trading digital assets.

What cybersecurity services did Hacken provide to WhiteBIT?

Smart Contract Audits

Hacken has conducted four Solidity Audits for ERC20 Token, TRC20 Token, Vesting, and Escrow contracts in Q3 2022. WhiteBIT scored top in all four categories: Documentation, Code, Architecture, and Security Quality. See the results:

• ERC20 Token: 9.4/10
• TRC 20 Token: 10/10
• Vesting Contract: 9.9/10
• Escrow: 9.0/10

The high scores were a result of WhiteBIT’s significant commitment and our joint hard work.

Bug Bounty Program

WhiteBIT runs a public bug bounty program at HackenProof. The exchange rewards $10K for every critical bug. The bounty program covers web, API, Android, and iOS application vulnerabilities. A bug bounty program is the most cost-effective continuous protection measure that allows communities to participate in Web3 projects’ development actively.

Penetration Testing

Hacken has conducted penetration testing for web, API, iOS, and Android applications of WhiteBIT. While we won’t disclose the specific penetration testing results as they are meant to remain confidential, it can be inferred that WhiteBIT performed great in all tests.

Web3 penetration testing is a comprehensive assessment of system risks. It’s a proactive measure for mitigating data breaches. Clutch recognizes Hacken as the best Web3 Penetration Testing Provider.

---

Eugene Saenko, WhiteBIT CTO, on cooperation with Hacken

We asked WhiteBIT’s CTO Eugene Saenko to reflect on working with Hacken. You can read the interview with the person leading the technological operations of one of the largest crypto exchanges in Europe.

Q: What was the reason for an audit?

We conduct cybersecurity audits to ensure the safety and security of our platform and users’ assets. There are several reasons why we made a decision to hire Hacken to do an audit. Cryptocurrency exchanges need to take security seriously, as the assets of our users are at stake. Conducting regular cybersecurity audits is one way to ensure that a platform is operating securely and responsibly.

Q: What goals are you expected to reach by hiring Hacken?

Our main goals are

1. Enhancing security: The primary goal of a cybersecurity audit is to identify potential security weaknesses and vulnerabilities in a platform’s systems and implement measures to address these issues. Enhancing our security can provide a more secure platform for our users.
2. Compliance with regulations: Many jurisdictions require cryptocurrency exchanges to meet certain security standards. By conducting a cybersecurity audit, we can ensure we comply with these regulations and can continue to operate legally.
3. Building user trust: By demonstrating a commitment to security and privacy, we can build user trust and increase our reputation in the industry. This can attract more users to the platform and increase overall success.
4. Preventing cyber attacks: Cyber attacks are a constant threat in the cryptocurrency world and can result in significant losses for the platform and its users. By conducting a cybersecurity audit, we can identify potential attack scenarios and implement measures to prevent them, thereby reducing our attack risk.
5. Identifying performance issues: Besides security issues, a cybersecurity audit can also help identify performance issues that may impact the overall user experience. By addressing these issues, we can improve the overall performance and reliability of the platform.

Q: Describe your cybersecurity approach

It’s important to note that, as a centralized exchange, users must trust the platform to handle and secure their funds. That’s why we have the following pillars in our cybersecurity approach:

• Strong security protocols: Various security measures, such as encryption, multi-factor authentication, and secure storage of user assets.
• Regular security audits: Regular security audits help identify potential vulnerabilities and ensure the platform operates securely.
• Incident response plan: A clear and well-documented plan helps ensure the exchange is prepared to respond quickly and effectively during a cybersecurity incident.
• User education: Educating users about good security practices, such as using strong passwords and enabling two-factor authentication, can help reduce the attack risk.
• Continuous monitoring and improvement: Monitoring the platform’s security systems and procedures and making improvements, as needed, can help keep the platform secure and prevent future incidents.

Q: When choosing a third-party security auditor, what criteria do you rely on?

When we choose a third-party cybersecurity auditor, we want to ensure that the auditor is a good fit for our organization. Among others, we consider the following:

• Expertise: The auditor should have expertise in the specific areas we need audited and a deep understanding of the latest security threats and vulnerabilities.
• Reputation: The auditor should have a strong reputation in the industry, with a proven track record of delivering high-quality security audits.
• Independence: The auditor should be independent and impartial, with no conflicts of interest that could compromise the integrity of the audit.
• Methodology: The auditor should have a proven and effective methodology for conducting security audits and be transparent about their process.
• Communication: The auditor should be able to communicate their findings clearly and effectively and be available for follow-up questions and discussions.

Q: What criteria match Hacken?

In terms of Hacken, the company is well-respected in the cybersecurity industry and has a strong reputation for delivering high-quality security audits. They have expertise in cryptocurrency security, and their methodology for conducting security audits is rigorous and effective. They also have a strong track record of clear and effective communication with their clients.

Q: What were the alternatives and biggest concerns about them?

In-house security team: One option is to build an in-house security team to conduct security audits and monitors the platform for security threats. The biggest concern with this option is that building and maintaining a dedicated security team can be expensive and time-consuming.

Freelance security experts: Another option is to work with freelance security experts who can provide specific security services, such as penetration testing or vulnerability assessments. The biggest concern with this option is that finding reliable experts with the necessary expertise and experience can be challenging.

Security software: Various solutions can help monitor and protect a platform from security threats. The biggest concern with this option is that security software can only do so much and may not be able to detect all potential threats.

Other third-party security firms: Finally, there are third-party security firms, such as Hacken, that specialize in providing cybersecurity services, including security audits. The biggest concern is the auditing expertise, as third-party security firms can be less experienced.

Q: How did you deal with detected security issues? 

We have already resolved several security issues discovered through a bug bounty program at Hackenproof, in addition to the issues we found ourselves. In all cases, we followed the next steps:

1. Initial response: Quickly contain the damage by isolating affected systems.
2. Investigation: Determine the cause and scope of the attack with the help of experts.
3. Resolve: Make a fix for a security issue and test all cases when the issue can be reproduced.
4. Post-incident review: Identify areas for improvement, update the incident response plan, enhance security protocols, and conduct additional audits.

Q: How was the quality of Hacken’s work?

Hacken had provided the best service in class and met high standards.

Q: What were the outcomes from the project that demonstrated progress or success? What changed in your process after working with Hacken?

We were able to find a lot of bugs in the implementation and security. Thanks to this, we reconsidered their approach to the description of tasks and the formation of requirements. We have also added a mandatory refinement step in terms of implementation security.

Q: How does the cost of Hacken’s work respond to the value it gives to your business?

Thanks to the audit from Haken, the issues our team identified allowed us to ensure customer safety proactively. Customer safety is valued above all else, and we have benefited greatly from it.

Q: What did you find most impressive or unique about Hacken?

Hacken makes best-in-class cybersecurity audits for blockchain projects, and the scheduling was perfect.

Conclusions

Overall, Hacken has provided full-house cybersecurity for one of the largest crypto exchanges in the world. WhiteBIT showed exceptional results in all cybersecurity areas: smart contracts, pentesting, and crowdsourced protection. The success should be credited to their proactive approach and absolute commitment to securing user assets.