Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #42

Weekly News Digest #42

Share via:

$350,000 stolen from users by 170 Android cryptocurrency mining scam apps

Users pay money for mining but get nothing. More than 170 applications from the Android ecosystem have been identified as scam services. The applications are offering cloud-based mining services to users interested in mining cryptocurrencies. Users just need to pay a fee and the so-called mining process will be carried out by applications themselves.

Cryptocurrency mining is leveraging huge computing power and most PC even do not have the required power to manage the mining process and, thus, individuals are actively joining mining pools. According to researchers representing the company Lookout, all the applications mentioned above have not performed any legitimate mining activities. Researchers classified malicious apps into 2 large categories including “BitScams” and “CloudScams”. For example, “BitScams” apps offer users “virtual hardware” for $12.99-$259.99 to generate mining returns.

Emergency patch PrintNightmare security bug delivered by Microsoft

The out-of-band patch for the PrintNightmare security flaw has been released by Microsoft. The security flaw may allow attackers to take control of users’ PC. The bug in question is tracked as CVE-2021-1675 and CVE-2021-34527. The bug has a critical severity level and is attributed to the Windows print spooler. Microsoft has recommended admins to disable PrintSpooler until the release of a patch.

When the Windows Print Spooler improperly performs privileged file operations, the remote code execution vulnerability surfaces. The successful exploitation of the vulnerability enables running arbitrary code with SYSTEM privileges. After that, a malicious actor can install programs, modify or even delete data as well as create accounts with full user rights, – according to the warning issued by Microsoft. Upon completing the investigation of the case, Microsoft has released the required security updates.

IT management software targeted by hackers performing sophisticated ransomware attack

Hackers were actively exploiting previously unknown vulnerabilities in the IT management solutions developed by Kaseya LTD. The Russian-linked malicious group is likely to stand behind the attack. According to Marcus Murray from the Stockholm-based company TrueSec Inc., hackers were targeting victims opportunistically. Hackers were simply pushing ransomware to servers the were connected to the Internet and used the software provided by Kaseya LTD.

Kaseya was alerted to multiple vulnerabilities by the Dutch Institute for Vulnerability Disclosure. The Institute was working together with Kaseya to release fixes. Also, according to the institute, the malicious group from Russia REvil had successfully exploited the vulnerabilities before users could even patch them. Based on the results of the investigation performed by the cybersecurity firm Huntress Labs Inc., more than 1000 businesses worldwide were affected by ransomware.

Crypto scams are actively targeting vulnerable people

People are often tricked out of thousands of USD as the result of cryptocurrency scams. According to the information provided by FTC, since October 2020, due to the cryptocurrency scam, consumers have lost more than $8 mln. The year-on-year increase has amounted to 10 times. Chicago Tribune reported that in one such case, a 77-year old woman lost $12,000. The woman received a fake email alert recommending her to buy crypto and share her bank information. This incident is just a small element in the chain of crypto scams booming in the world.

According to the Guardian, in another security incident, a user of online dating services became embroiled in a cryptocurrency scam and lost $20,000 in May. Often, crypto scammers follow a long preparation process before targeting victims. At a certain age, people are becoming extremely vulnerable to scams and attackers actively exploit this pattern.

The info belonging to the Morgan Stanley clients was stolen as the result of the data breach

Morgan Stanley has recently reported on the data breach involving a third-party vendor as the result of which the info belonging to some corporate clients was stolen. Hackers could access private information like clients’ social security numbers, names, dates of birth as well as corporate company names. Morgan Stanley received notification of a breach from its vendor Guidehouse in May.

Attackers could access sensitive information by exploiting the vulnerability in Accellion FTA, the vendor’s server. The exposure was fixed within 5 days but although the files were encrypted, attackers could obtain decryption keys. However, according to Guidehouse, there is no evidence that the stolen information has appeared on the Internet. Currently, the bank is actively monitoring the situation.