Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #66

Weekly News Digest #66

Share via:

Grim Finance lost $30M, new hire blamed for vulnerability

Hackers stole >$30M from Grim Finance by exploiting platform vulnerability. Due to the advanced attack, all vaults were put on pause to prevent further attacks. The exploit was found in the platform’s vault contract. The company has notified DAI, AnySwap, and Circle (USDC) of the incident and shared the addresses potentially belonging to malicious actors. The company Solidity Finance performed the audit of Grim Finance 4 months ago.

According to the statement made by Solidity Finance, the incident was caused by “the ability of users to input arbitrary addresses and have them called within the depositFor function”. Through reentrancy, users could falsely increase their shares in Grim’s vaults. As a result, they could withdraw more assets than they had initially deposited. Solidity Finance states that a new employee missed this vulnerability, and it remained undetected since the CTO was on vacation.

$7.7B in crypto grabbed by scammers in 2021

Compared to 2020, the amount of virtual assets grabbed by cryptocurrency-based scammers and criminals has increased by 81% and reached $7.7B, according to the data provided by Chainalysis. $1.1B losses are attributable to a single scheme implemented by hackers in Ukraine and Russia. Scams remain one of the primary forms of cyber threats harming the mass adoption of crypto.

The number of deposits to scam addresses fell to 4.1 million from 10.7 million. Although fewer individuals are losing money, these victims are losing much more. The most popular scam is so-called rug pulls, whereby developers of a new cryptocurrency vanish after collecting funds from supporters. Rug pulls accounted for 37% of all crypto scams.

Visor Finance suffers another DeFi hack. Total losses mount up to $8.2M

Malicious actors have successfully exploited a reentrancy flaw in the DeFi protocol Visor Finance; the project lost 8.8M VISR tokens. The hack took place on 21 December. Hackers generated the exploit by using the IVisor delegateTransferERC20 interface. Hackers also utilised the staking contract withdrawal function to call for the desired VISR amount. The exploit was successful since the caller relied on an external IVisor delegateTransferERC20 implementation.

Attackers could create extra VISR tokens by assuming control of the rewards contract. However, it is only an assumption since an official investigation has not started yet. Reentrancy bugs are one of the most critical vulnerabilities affecting DEXs. The incident has primarily affected token holders and stakers since the token price has dropped sharply soon after the incident.

Hong Kong NFT project Monkey Kingdom lost 1.3M in hack

The popular NFT project Monkey Kingdom was founded by entrepreneurs in Hong Kong and is supported by celebrities such as Steve Aoki and JJ Lin experienced the hack of its chat. Via a phishing link, an attacker stole $1.3M worth of cryptocurrencies. A malicious actor stole an administrator account of the project’s Discord group chat.

Scammers are actively targeting NFT communities since the popularity of these novel projects keeps on growing. According to the data provided by DappRadar, the sales volume of NFTs surged to $10.7B in Q3 2021 (8X compared to Q2 2021). The project was launched less than one month ago and has become one of the most popular NFT initiatives. The project has notified its community of the incident.

Belgium’s military targeted by hackers

Hackers exploited the vulnerability in Log4j software to attack Belgium’s Defense Ministry. The attack started on 16 December. Some activities of the Ministry were paralysed since the attack caused damage to services connected to the Internet. Even five days after the attack, the Ministry was still trying to recover the functioning of its services. The body has not identified the parties responsible for the incident yet.

Log4j is the Java-based logging library used to track system processes. Earlier this month, multiple vulnerabilities were discovered in this software. Organisations need to take immediate measures to prevent security incidents related to exploiting flaws in Log4j.