Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #63

Weekly News Digest #63

Share via:

$120 million hack affecting Badger DAO Protocol

Badger DAO Protocol has fallen victim to a hack, $120.3 million in cryptocurrencies was stolen from its users. The first messages from users mentioning possible problems were coming on Wednesday at 9 p.m. ET. According to the data provided by PeckShield, the total amount of lost assets included 2,100 BTC and 151 ETH. The hack may be the result of the exploit in the Badger.com user interface. When trying to claim yield farming rewards and interacting with Badger vaults, users were noticing spurious requests for additional permissions.

Upon noticing these suspicious activities, Badger froze all the vaults. The project started an investigation to identify how many users were affected and how many assets were stolen. The malicious requests may have started coming to users weeks prior to the attack. Due to the hack, the price of the Badger DAO token has demonstrated a more than 20% decline.

Hackers use a simple technique to install malware on PCs

A simple technique is used by malicious state-backed actors to conduct phishing campaigns aimed at spreading malware and stealing information that may be demanded by their governments. According to the data provided by security experts from Proofpoint, hackers are working on behalf of Russian, Chinese, and Indian interests and use rich text format (RTF) template injections. The technique brings visible results to hackers since antivirus software used by many organizations doesn’t block RTF files by default.

Attackers weaponize RTF files by altering their document-formatting properties to retrieve content from the URL they control. As a result, attackers can secretly retrieve a malware payload that gets installed on the targeted machine. This hacking technique has become so popular among state-backed hackers since it is easy to use while being reliable enough to reach their malicious targets.

Mozilla’s NSS Crypto Library critical bug may affect several other software

There is a risk that malicious actors can exploit Mozilla’s cross-platform Network Security Services (NSS) cryptographic library to crash the application or execute an arbitrary code. Mozilla has rolled out fixes to address a critical security weakness. The flaw is tracked CVE-2021-43527 and it affects NSS versions prior to 3.73 or 3.68.1 ESR. The flow concerns a heap overflow vulnerability.

The bug codenamed “BigSig” is likely to have been exploited since June 2012. It is important to mention that although the bug does not affect Mozilla’s Firefox web browser itself, pdf viewers, email clients, and other applications using NSS for signature verification are likely to be vulnerable to the flaw.

Much more ransomware attacks are detected during the Holiday Period

The security specialists representing the security company Cybereason have analyzed the state of ransomware during the Holiday Period and at weekends. They collected data from 500 UK professionals. 37% of respondents have admitted that their companies have no contingency plans in place to react to ransomware attacks during weekends or during Holiday Period. At the same time, almost 90% of respondents are concerned about the risk of facing ransomware attacks during these periods.

According to Cybereason CEO Lior Div, the most disruptive attacks in 2021 took place at weekends as well as during major holidays. Organizations are not prepared enough to address such cyber threats, neither appropriate technologies nor responsible officers are in place.

Record haul in anti-card fraud operation by police

The Carding Action 2021 led by Italy in partnership with the UK, leading card schemes, and Europol has saved European cardholders tens of millions of USD in cybercrime losses. The cross-border anti-fraud initiative targeted underground sites on which fraudsters and cybercriminals were stealing card data. The three-month operation has already resulted in the identification of 12 vendors selling stolen credit card data and the sum of prevented losses equals $16 million.

However, only 50,000 stolen cards have been analyzed. The figure of prevented losses has been calculated by multiplying the average spending per card by the number of identified cards. Security specialists were analyzing such sources of compromised payment records as a botnet and JS-sniffer infrastructure. Carding Action 2021 is a great example of joint initiatives that play a key role in disrupting cybercrime globally.