Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #49

Weekly News Digest #49

Share via:

Ransomware attacks targeting smart cities: actions are required right now!

The power of ransomware attacks always increases. There is a risk that this type of cybercrimes may take out even the infrastructure of 5G enabled smart cities. Cybercriminals often choose government services as their primary targets. Government networks enable the provision of crucial services to citizens and their compromise by malicious actors may have devastating consequences for society.

The urban infrastructure such as transport, traffic light management systems, emergency services, CCTC, and other elements are becoming connected to 5G IoT services and sensors for efficient data collection and analysis. Security weakness can make all these elements of urban infrastructure ideal targets for cybercriminals. That is why measures should be applied ASAP to prevent the intensification of cybercrimes targeting 5G enabled infrastructure.

Data belonging to Android gamers exposed by Chinese developers

The data belonging to Android users were exposed by Chinese developers through an unsecured server. In the report provided by vpnMentor’s cybersecurity team, the researchers revealed that EskyFun, the owner of a 134 GB server exposed and made public the data belonging to the users of its games. The list of games developed by EskyFun includes The Legend of the Three Kingdoms, Adventure Story, MetaMorph M., Rainbow Story: Fantasy MMORPG, and others. Potentially, 365,630,387 records could be exposed.

According to the authors of the report, the Chinese developers introduce “aggressive and deeply troubling settings such as analytics, tracking, and permissions. As a result, they can collect much more data than a user may expect. For example, the records included phone numbers, device information, IP and IMEI numbers, the OS in use, etc. Totally, more than 1 million users are likely to be affected by this data exposure.

New Hive Ransomware: warning issued by FBI

Hive is the new increasingly prolific ransomware variant. FBI has warned firms of the new type of cyberthreats. Multiple mechanisms are applied by affiliate-based ransomware to compromise the targeted corporate networks. Defenders are likely to face serious issues when trying to address this type of threat. The malicious mechanisms include the hijacking of Remote Desktop Protocol (RDP) and sending phishing emails with threatful attachments.

The processes linked to anti-virus systems, file copying, and backups are looked for and terminated by the new ransomware type. Some victims received follow-up calls from their attackers with a request to pay a ransom. The malicious actors behind the Hive ransomware are likely to be responsible for attacking the Memorial Health System. Generally, 28 organizations have fallen victim to Hive ransomware.

More than 15,000 Ethereum stolen from Liquid exchange by crypto gangsters

Last week, the global crypto community was actively discussing the security incident involving Poly Network during which an attacker had stolen $600 mln assets but then returned most of this sum. However, the second security incident involved the Japanese exchange Liquid. Totally, $97 mln in digital assets were stolen by attackers. The company published the information on the wallets used by attackers to steal assets and terminated all activities to estimate the scope of experienced damage. The list of main assets targeted during this attack included Ethereum, Bitcoin, Ripple, and Tron.

Attackers were actively using coin mixers to reach their targets. As of now, they have cycled 6,000 Ethereum worth $20 mln through these mixers into new anonymous wallets. Authorities are actively working to recover the remaining assets (9,600 Ethereum). Liquid exchange has already taken serious security measures to prevent the occurrence of similar security incidents in the future.

Largest DDoS attack ever recorded thwarted by Cloudflare

Cloudflare detected and mitigated 17.2m rps DDoS in an automatic way. The attack was thwarted in July 2021 and was 3 times stronger than any other DDoS attack ever recorded. According to Cloudflare, the attack generated 68% of its quarterly HTTP legitimate traffic (in Q2 2021). The botnet behind this attack was used at least twice in the recent few weeks and one of the company’s clients experienced the DDoS attack carried out by this botnet.

The autonomous edge DDoS protection systems applied by Cloudflare have allowed the company to successfully address the attack. These systems can automatically detect and mitigate DDoS attacks. As a result, there is no need for manual mitigation by the company’s staff. However, even much larger attacks are likely to take place in the future and, thus, the company needs to be prepared.