Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #58

Weekly News Digest #58

Share via:

HTTPS Threats: 314% increase compared to 2020

According to the State of Encrypted Attacks report released by cybersecurity firm Zscaler, tech companies and retailers are facing a growing number of https threats since January. HTTPS threats have increased by 314% while attacks on retailers have increased by 800%, and attacks on tech companies by an unbelievable 2,300%. The report analyzes 190 billion daily transactions through Zero Trust Exchange that took place between January and September.

The lack of compute resources and/or privacy concerns are the main reasons why the security teams of many enterprises face issues when implementing SSL/TLS inspection policies. Encrypted channels constitute a significant blind spot in sethe curity postures of these companies. Scalable and cloud-based proxy architecture designed to inspect all encrypted traffic is the most effective way to prevent encrypted attacks.

Microsoft 365 usernames and passwords are stolen through phishing emails with QR codes

Malicious actors are actively sending phishing emails containing QR codes to harvest Microsoft 365 cloud applications login credentials. The purpose of this malicious campaign is the exploitation of these credentials to launch malware and ransomware attacks. Also, the stolen credentials may be later sold on the dark market. The attacks involving the use of QR codes are called “quishing attacks”.

The use of QR codes has gained popularity among hackers since standard email security protections such as URL scanners do not indicate any suspicious signs in emails containing QR codes. Hackers are using previously compromised email accounts to conduct this campaign. Thereby they are adding the aura of authenticity to the messages containing QR codes.

Software Supply Chain is targeted by North Korean Lazarus APT

The North Korean hacker group Lazarus APT has been detected compromising software supply chain in attacks resembling the attacks on SolarWinds and Kaseya. This hacker group targeted the think tank in Asia by deploying malicious payloads by infecting legitimate South Korean security software. To conduct this attack malicious actors were using the updated version of remote access Trojan (RAT) called BLINDINGCAN and the other RAT called COPPERHEDGE.

The second attack conducted by this hacker group targeted Latvian IT asset monitoring solutions provider. In this attack, hackers were using the downloader dubbed “Racket” signed via a stolen certificate. Also, attacks compromised multiple vulnerable web servers. Lazarus also actively targets entities representing the military sector.

Ranzy Locker ransomware threat hit 30 companies: warning by FBI

More than 30 US-based companies were hit by Ranzy Ransomware by July this year. Hackers were carrying out brute force credential attacks targeting Remote Desktop Protocol to access targeted networks. According to the information reported to the FBI by recent victims, hackers were actively exploiting known vulnerabilities in Microsoft Exchange Server as well as committing phishing attacks.

By using the Ranzy Locker Ransomware malicious actors were exfiltrating files from the compromised systems thereby stealing personal information and other sensitive data. Then the ransomware was used to encrypt files across the system. Hackers were demanding victims to pay ransom in crypto to unlock the encrypted files.

DeFi Protocol Cream Finance has lost $130 million in recent cyberattack

Cream Finance has suffered the third serious hack in its history. The attack had the form of a series of flash loans and had a very unorthodox form. Thereby, it seems that the attacker was a very experienced DeFi developer. According to the information provided by a cybersecurity firm Peckshield, a bug in a price oracle might have led to an attack. Cream Finance notified its users of the incident and soon fixed the revealed flaws.

Cream Finance has tried to contact attackers offering them to return the stolen assets offering them 10% of the tokens stolen. This strategy has proven its efficiency for some other protocols. During the first incident, Cream Finance lost $36 million while during the second incident the protocol lost $29 million.