Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #65

Weekly News Digest #65

Share via:

Terrifying zero-click iPhone attack

The surveillance company NSO Group developed an exploit allowing the users of its software to gain access to an iPhone to install malware – in this case, a target does not even need to click on a link. Last month, NSO Group was added to the “entity list” of the US Department of Commerce due to the evidence that the company might have been involved in supplying spyware to foreign governments that later used it to target business people, embassy workers, officials, journalists, etc.

Google’s Project Zero has conducted the analysis of a new NSO “zero-click” exploit for iOS 14.71. According to the Project Zero researchers, it’s likely to be one of the most technically sophisticated exploits ever detected. This exploit may allow malicious actors to run Java-Script like code in the component of iOS that handles GIFs but, normally, doesn’t support scripting capabilities. As a result, malicious actors can remotely hack iPhone by writing to arbitrary memory locations.

Your bank account and crypto wallet may be hacked by new Android malware

A new cybercrime campaign is bringing back the notorious Anubis malware banking trojan. This malware allows hackers to steal targets’ credit card details, GPS data, SMS messages as well as utilize other accessibility services enabled in the targeted device. This malware was first recorded in 2016. This malware is known for targeting the customers of financial institutions related to virtual payment platforms or cryptocurrency wallets. This trojan resurfaced in 2020.

Its latest version has “almost-functional” ransomware module allowing malicious actors to encrypt data on the victims’ devices. Anubis malware actively exploits the Covid-19 threat and scams victims by impersonating legitimate resources. For example, attackers impersonate the official page of the World Health Organization and urge victims to download special files. As a result, they actually download Anubis malware.

NFT marketplace Vulcan Forged hacked

The Polygon-based NFT marketplace Vulcan Forged was hacked on 12 December. Malicious actors stole 4.5M PYR tokens – the native tokens of the platform. The stolen tokens are worth around $140M. Although almost all impacted users were immediately reimbursed, the value of tokens has plummeted. The platform was applying the “semi-custodial” model for controlling each user’s wallet. However, it failed to properly secure them from its end.

The new solution offering fully decentralized wallet management is now being rolled out. All stolen tokens have been identified and the platform is actively working on uncovering the footprints of the malicious actors responsible for this incident.

DDoS protection and mitigation market may reach $6.7B by 2026

As of 2021, the size of the DDoS protection and mitigation market is $3.3B. It’s likely to demonstrate the compound annual growth rate at 15.1% from 2021 to 2026. The rise in multi-vector DDoS attacks will boost demand for DDoS mitigation solutions. Also, companies will have to integrate DDoS protection solutions into their processes due to new regulations to be imposed by governments.

The services provided by DDoS protection vendors allow clients to safeguard websites and networks. By cooperating with DDoS protection vendors companies can make their systems resistant to DNS-amplification, NTP amplification, HTTP Flood, SYN Flood, spoofing attacks, and other forms of DDoS threats.

Hackers have stolen over $10B in DeFi-related hacks

In November 2021, the total capitalization of the crypto market surpassed $3T. However, the rapid increase in the popularity of cryptocurrencies has also created huge opportunities for scammers. In 2021, many notable hacks involved the projects representing the decentralized finance world. DeFi projects lost more than $10B due to thefts and fraud, according to the information provided by analytic firm Elliptic. Although the scope of risks is unprecedented, there are some tips by following which investors can protect themselves from possible theft of their assets or data.

The list of most effective tips is the following: