Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #72

Weekly News Digest #72

Share via:

Significant wash trading and some cases of money laundering in NFT industry: Chainalysis overview

According to Chainalysis, more than $44B worth in cryptocurrency were sent to ERC-721 and ERC-1155 contracts that are associated with NFT marketplaces and collection in 2021 (only $106M in 2020). There are generally two main forms of malicious activities involving NFTs, namely, wash trading resulting in an artificial increase in the prices of NFTs and money laundering through buying NFTs. The purpose of wash trading is to make NFTs appear to be more valuable than they really are. In the case of wash trading, the same actor is both a buyer and a seller. In general, 110 profitable wash traders made $8.9M profit.

Cybercriminals use illegally received funds to purchase pieces of art. The volume of assets sent to NFT marketplaces from illicit addresses has jumped to $1.4M in Q4 2021. The major share of these assets was sent from scam addresses.

CoinStomp cryptojacking malware targets Asian cloud service providers

A new malware family is targeting cloud services to mine cryptocurrency. The malware is dubbed CoinStomp and it is made of shell scripts attempting to exploit cloud compute instances hosted by cloud service providers for the only purpose – to mine crypto. This form of attack is known as cryptojacking.

There are a number of interesting features attributable to CoinStomp. One of the main features is timestomping – running the touch (command on Linux systems to update file modification and access times) resulting in manipulation of timestamps. The malware also attempts tampering with Linux server cryptographic policies. The appearance of CoinStomp is an indication of the sophistication and knowledge of attackers.

$2.7M in Bored Ape NFTs and derivatives lost by NFT collector

As a result of a social engineering attack, NFT collector Larry Lawliet lost seven expensive Bored Apes and other NFTs. Lawliet was tricked by a perpetrator to sign fake transactions. This operation granted a perpetrator access to Larry’s NFTs. Then the perpetrator managed to transfer these NFTs to his own wallet. Based on the floor price of stolen NFTs, Larry Lawliet lost $2.7M.

The attack began when the attacker took control of the Discord server of another NFT collection called Moschi Mochi. Then he posted a fake announcement regarding extra mint. Members of the Moschi Mochi were invited to participate in an extra mint of 1,000 NFTs and have a chance to win a $25K raffle. It’s not always clear when a user approves a blockchain transaction via in-app browsers, such as Metamask, what permissions he gives to the website. Larry Lawliet falsely thought he was signing regular transactions while, in fact, he gave our control over his own NFTs. Although MetaMask allows users to check the details of the transaction they are signing, they do not always do it due to rush.

North Korea Internet taken down by a US hacker

As a response to the attack initiated against him by Pyongyang, an American hacker has taken down the North Korean internet. The hacker named P4x launched repeated DDoS attacks thereby crippling the country’s few government-operated public-access websites and slowing email traffic. DDoS attacks consume available bandwidth and limit the processing capacity of servers to make websites unavailable to users.

Only a small number of trusted officials and academics in North Korea are allowed to use the Internet. And there are only a few North Korean websites connected to the global Internet. Observers could even falsely suggest that the country was hit by Western powers. The attacker exploited vulnerabilities in North Korea’s out-of-date operating systems. 1 year ago the hacker was targeted by North Korean malicious actors and reported the incident to US authorities but was ignored. The DDoS attack was his revenge.

Olympic athletes should leave their devices at home: FBI warning

The FBI is warning athletes of the risk of state-backed and cybercrime activity during the sports event. The FBI recommends athletes to use temporary phones during the Olympic games. The use of special mobile applications to track athletes’ health and travel data and the new digital infrastructure create the opportunity for malicious actors to steal private data or install tracking tools or other forms of malware.

FBI warns that Chinese agents can spy on participants and members of the delegations of their respective countries. Malicious actors may also target broadcasters, transport providers, hotel networks, and other Olympic support functions. The cybersecurity risks around the Olympic games are huge.