Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #47

Weekly News Digest #47

Share via:

$610 million stolen by Poly Network Hackers: what about Bitcoin security?

Poly Network is the entity specializing in cryptocurrency transfers on Ethereum, Binance, and Polygon blockchains. The company was attacked and assets were transferred to hackers. The list of affected blockchain and crypto exchanges includes such famous brands as OKEx, HuobiGlobal, Uniswap, Binance, Tether, BitGo, and others. Poly Network has asked the miners of these affected exchanges to blacklist tokens transferred from the addresses to which stolen assets were sent. Namely, the assets stolen by Poly Network hackers were transferred to the following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963

BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

According to Poly Network, attackers succeeded in exploiting the vulnerability between contract calls. By modifying the keeper of a contract a contract can execute a transaction. According to Slow Mist, a blockchain ecosystem security company, the attack was well planned and organized. This hack is likely to be the biggest amount of crypto assets stolen in the history of decentralized finance.

Attacks targeting industrial networks will become a huge issue in the future

Cyber attackers actively target the objects of industrial infrastructure including oil and gas facilities, electricity grids, manufacturing plants, etc. The hackers targeting these objects are either criminal groups focused on making money or state-backed actors performing malicious activities for espionage purposes or just to cause serious disruptions. The list of recent cyberattacks against industrial networks includes the Colonial Pipeline ransomware attack and the cyberattack targeting the water-treatment plant in Florida. These cases have demonstrated the vulnerability of industrial networks to external attacks.

One of the key issues is that industrial networks have been operating on the same technologies for decades. By ignoring the importance of strengthening security, industrial networks are likely to experience huge damage since the scope of cybersecurity threats existing in the world is unprecedented. Actions in the security direction need to come from the top down. The Board of directors and senior management should lead security changes in industrial networks. Also, the role of a government is to push operators to imposed additional security measures.

Cloud security oversight resulted in the exposure of data belonging to 3 million elderly citizens in the USA

The security oversight by SeniorAdvisor exposed personal data such as users’ surnames, phone numbers, and emails belonging to 3 million elderly people in the USA. These data were marked as “leads” or potential customers. The exposure was made possible due to the misconfiguration of the Amazon S3 bucket. According to researchers from the WizCase team, the main danger of this breach is the vulnerability of elder people to fraud such as phishing.

The WizCase team was trying to contact SeniorAdvisor in June 2021. Only after being contacted by journalists, SeniorAdvisor provided its reply on 5 August. There is no information on whether SeniorAdvisor informed the affected individuals of the breach. According to SeniorAdvisor spokesperson, the exposed data were 5 to 15 years old and, thus, the risks associated with this exposure were minimal.

Widespread cyber espionage campaign carried out in Israel by Chinese group

Malicious actors motivated by business and tech interests infiltrated Israeli companies and government bodies while also targeting entities from the UAE and Iran. The US cybersecurity firm FireEye, on Tuesday, released the analysis stating that the Chinese group has been targeting Israeli IT providers, government institutions, and telecommunication firms since January 2019. The malicious actors were carrying out reconnaissance and data harvesting. Although FireEye did not report on the involvement of official Beijing in these malicious activities, the Chinese government was likely interested in targeting these entities.

The malicious group, while attacking Israeli entities, was also actively targeting targets in the UAE, Iran, and Kazakhstan. The Chinese espionage group UNC215 was firstly detected by FireEye in early 2019. During the attack, the group was using FOCUSFJORD and HYPERBRO, its custom malware tools. Upon breaking victims’ systems, the group stole users’ credentials and collected information such as keylogging and screen captures. The group was exploiting trusted third parties, taking measures to cover its tracks, and planting false flags to mislead security specialists.

DDoS is becoming a popular ransom vector

For the past 12 months, 44 per cent of organizations have experienced or fallen victim to ransom-related distributed denial of service (RDDoS) based on the results of the survey conducted by Neustar International Security Council (NISC). For the same period, just 41 per cent of organizations have been targeted by traditional ransomware attacks, a figure that is lower than the one in the previous case. That is why DDoS attacks start becoming a tool in the hands of hackers used to extort money from the targeted entities or individuals. According to Rodney Joffe, NISC chairman, DDoS as a ransom vector is an easy way for malicious actors to reach their targets since they do not need to spend much time and huge efforts to infect organizations’ networks with malware as in case of performing ransomware attacks. Also, the advantage of DDoS attacks for bad actors is that they are hard to be tracked by security specialists.

36 per cent of organizations targeted by RDDoS admitted paying ransom to malicious actors. The most popular targets for RDDoS attacks are the entities functioning in online industries. However, bad actors have started actively targeting companies representing the telecommunication sector, government, and financial industry. Bad actors behind RDDoS attacks are likely to target their victims several times and that is why entities need to focus on strengthening their resistance to this type of security threats.