Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #56

Weekly News Digest #56

Share via:

Data encryption and nasty threats attributable to a new ransomware

A new form of ransomware is distributed by cybercriminals against businesses, their employees, and partners. The new ransomware not only encrypts victims’ data but also make a threat to launch DDoS attacks unless victims pay a ransom. The ransomware dubbed Yanluowang was firstly uncovered by security researchers representing Broadcom Software’s Symantec Threat Hunter team.

In this case, attackers increase the effectiveness of their attacks by threatening additional attacks. Yanluowang drops victims a note stating that they have been infected with ransomware and containing the addresses they need to contact to negotiate a payment. The note warns victims not to contact any law enforcement bodies such as the FBI or police as well as cybersecurity companies. In case a victim contacts outside parties for help, a powerful DDoS attack will be launched. Researchers uncovered the new type of ransomware after identifying suspicious use of AdFind, legitimate command included in the Active Directory query tool.

The surprisingly simple trick has allowed the malware botnet gang to steal millions

The long-running botnet called MyKings has raked more than $24 million by mining for cryptocurrencies using the network of compromised computers. The botnet is also called Hexmen and Smominru and constitutes the largest botnet dedicated to mining cryptocurrencies by free-riding server CPUs and desktop of victims.

The malicious group has made most of its earnings through its “clipboard stealer module”. The malicious technology detects when somebody copies a wallet address and then this module swaps this address in a different one that is controlled by a gang. This clipboard stealer has been affecting users worldwide since 2018. This stealer module exploits the users’ habit of inserting long wallet addresses rather than printing them. However, coin stealing constitutes only a minor part of the MyKings’ business, according to the data collected by the security firm Sophos.

Phantom Floods: vulnerability of service providers to these DDoS attacks

Service providers are using a high traffic threshold to detect abnormal behaviour when protecting largescale networks. When a large DDoS attack takes place, this defined threshold will be triggered and the mitigation process will be initiated. However, some attacks may not trigger this threshold. Phantom flood attacks sneak below the radar, however, they may be powerful enough to overwhelm the target’s defences.

Service providers are turning to virtualized network solutions to balance network scalability and costs and thereby they carry most of the traffic growth burden. In most cases, service providers are balancing between a wide and narrow protection spectrum. According to the data provided in the research conducted by the company Radware, the volume of more than 90% of DDoS attacks is below 1 Gbps, however, due to the lack of granular detection sensitivity, even non-volumetric attacks larger than 1 Gbps will not be blocked by traditional solutions.

Password-stealing attacks are surging: 45% increase in 6 months

Additional log-in security measures need to be applied by companies since attacks using password-stealing malware are actively surging – a 45% increase for 6 months. The incidents of Trojan-PSW, a specialized stealer capable of gathering login and credential information, were analyzed by the Russian AV Vendor. The total number of security incidents involving password-stealing malware reached nearly half a million cases, a 45% increase.

Such information as logins, passwords, payment details and other personal data has become a popular commodity on the dark market. That is why Kaspersky strongly recommends users to take extra steps such as multi-factor authentication to protect their accounts. Also, users should not follow suspicious links and try to use only updated security solutions.

NFT OpenSea marketplace: a critical flaw in crypto wallets discovered

The critical vulnerabilities attributable to crypto wallets of NFT marketplace OpenSea have been detected by the security company Check Point Research. The company has issued a warning to OpenSea to fix the exploit. OpenSea is the largest peer-to-peer marketplace for crypto collectibles and non-fungible tokens. The transaction volume on OpenSea reached $3.4 bln in August 2021. Unless OpenSea fixes the detected vulnerabilities, hackers will be able to hijack users’ accounts and craft malicious NFTs to steal entire cryptocurrency wallets.

The vulnerability exploitation mechanism followed by attackers is the following: hackers create and gift malicious NFT to target victims. When a victim views the gifted NFT, a pop-up from OpenSea’s storage domain is triggered to request a connection to the cryptocurrency wallets belonging to victims. In case a victim clicks on a pop-up, cybercriminals can get complete access to the victim’s wallet.