Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #50

Weekly News Digest #50

Share via:

Insider cybersecurity threats: 1 out of 2 companies fails to spot the following signs

Most companies without regard to the field in which they operate fail to detect early indicators of insider cyberattacks. Namely, according to the information collected by the cybersecurity company DTEX Systems and the think tank Ponemon Institute, more than 50% of companies face serious difficulties when trying to prevent insider attacks. The most frequent indicators of possible insider attack are an unusual amount of opened files, circumvention of security controls by employees, relocation of files to unusual locations, and suspicious attempts to use USB devices.

The forms of insider threats may vary but, in most cases, insider attacks aimed at stealing confidential information are committed by employees who plan to leave for another company. However, there are also cases when employees work with malicious groups and carry out insider attacks to get money from these groups. In case malicious groups stand behind insider attacks, there is a risk that subsequent ransomware attacks can take place. Before committing an attack, an insider completes such procedures as reconnaissance, aggregation, circumvention, exfiltration, and others.

Mozi botnet is lingering on

Mozi emerged 2 years ago and continues spreading although its suggested author has been arrested. Mozi was discovered by 360 Netlab in 2019 as a small operation and since then has grown into a botnet accounting for a high percentage of IoT traffic. According to the information provided by 360 Netlab, Mozi has accounted for over 1.5 million infected nodes, the majority of which are linked to China. Mozi is a P2P botnet that uses the DHT protocol. Weak telnet passwords and known exploits are abused by botnet in order to spread thereby targeting IoT, networking devices, video recorders, and other internet-connected tools.

The botnet enslaves devices to launch DDoS attacks, steal data, and execute system commands. Also, man-in-the-middle attacks can take place in case routers are infected. One of the key strong features of the P2P network is its robustness. In case some nodes go down, the remaining nodes continue infecting targeted devices and the whole network is carrying on. The botnet is also used to make cash through illegal cryptocurrency mining.

E-Commerce businesses targeted by bad bots

According to the new report by Barracuda Networks, close to 39% of all internet traffic is comprised of “bad bots”. E-commerce assets are at the highest risk. The share of automated traffic including social media bots and search engine crawlers in all Internet traffic today is 64%. However, among all this automated traffic, only 25% may be referred to as “good bots” since the other 75% are the result of automated scripts aimed at web scraping, account hijacking, etc.

AWS and Azure are the public clouds from which most of the analyzed traffic came. Malicious actors do not face serious difficulties when setting up their accounts to perform bot activity. When speaking about the geographic distribution, North America accounts for 67% of all bad bot traffic and this region is followed by Europe and Asia. In Europe, malicious bots come from residential IPs or hosting services. These attacks follow a normal workday despite being automated and are aimed at blending into other traffic.

More than $300,000 were paid for the fake Banksy NFT but then returned

Banksy’s website directed users to an auction where they could buy his digital piece of art for more than $300,000. However, this digital art was not authentic. The bought piece of art was an image containing an avatar resembling CryptoPunks, a very popular NFT collectible. Presumably Banksy’s digital piece of art that could be bought by art lovers at an auction is called “Great Redistribution of the Climate Change Disaster.” The redirection to the auction was added to Banksy’s page on Tuesday but was deleted on the same day thereby giving rise to suggestions that the page could have been hacked.

The listing was posted on OpenSea marketplace. The price of the digital piece of art was set at the level of 100 Ethereum tokens worth $336,000 in real money. Pest Control, Banksy’s agency, confirmed the non-authenticity of the sold piece of art. However, the agency did not provide any information on whether Banksy’s webpage was hacked. However, the situation ended positively for the individual who bought the non-authentic piece of art. All assets were returned to him by the actor behind this incident. It’s likely that an ethical hacker may have performed all these activities.

Bithumb, CoinOne, and Korbit form the company to fight against money laundering

The new joint corporation will allow these 3 exchanges to abide by the anti-money laundering standard that is also called the travel rule that was extended to crypto exchanges in 2019 by FATF (Financial Action Task Force). This organization is responsible for setting standards aimed at preventing money laundering. According to the travel rule, exchanges are obliged to share some customer information with each other in case the transfer of assets between them takes place. Namely, financial institutions and crypto exchanges have to gather names and account numbers of both senders and recipients of digital assets. Local exchanges will have to follow this rule starting from March 2022.

The new corporation will allow the mentioned exchanges to jointly develop systems to meet the requirements set up by FATF. The newly established body is called COnnect Digital Exchanges (CODE) and the volume of its funding equals 900 million won ($776,000). Each of these exchanges has an equal share and the same voting rights in this body. The new corporation will be led by Coinone CEO Cha Myung-hoon and the appointment of a new CEO will take place every 2 years.