Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #80

Weekly News Digest #80

Share via:

Numerous hacking groups use the war in Ukraine as a lure in phishing attempts

Malicious hacking groups, including government-backed hackers from Russia, North Korea, Iran, and China, are using the Russian invasion of Ukraine to carry out cybercrimes designed to steal sensitive information, money, and login credentials from victims worldwide. One of the most active malicious groups is Russian-based Coldrives also known as Calisto which is targeting Western NGOs, think tanks, military agencies in Eastern Europe, and the NATO Centre of Excellence.

The campaigns use newly created Gmail accounts to send phishing emails containing links designed to steal sensitive information. Another threat group is Belarusian-based Ghostwriter which is responsible for phishing attacks simulating a browser within a browser in order to spoof legitimate domains. Then they use these domains to host websites designed to steal login credentials.

People do not enough use 2FA although it provides good protection

Hackers can easily use stolen usernames and passwords to conduct cyberattacks because users still neglect two-factor authentication (2FA). According to DCMS Cyber Security Breaches Survey 2022, only 37% of businesses have any requirements for 2FA while for charities this figure is even lower – 31%. By neglecting 2FA users leave their accounts vulnerable to cyberattacks and hacking.

2FA requires a user to use a text message, app, or hardware key to confirm that he/she is attempting to log in. This security feature prevents hackers from using stolen passwords. Malicious actors can get login credentials using phishing emails, by finding them in previous data dumps, or simply by guessing if a password is weak. The least secured industries in terms of the use of 2FA are hospitality and food.

In little over a year crypto-bridge hacks reach over $1 Billion.

The recent $600 million hack of a crypto “bridge” supporting Axie Infinity’s play-to-earn game has highlighted the increasingly problematic nature of the arcane software used in the world of blockchain and metaverse. In 7 different incidents, the industry lost over $1 Billion due to weaknesses in bridges, the technology allowing tokens designed for one network to be used on another blockchain.

Apart from Ronin, the list of major security incidents related to bridges includes such projects as Wormhole, Meter Passport, and Qubit.

Bridges are also vulnerable to other issues, apart from hacks, such as the loss of control of the project by the bridge development team. Also, it is often impossible to figure out who created a bridge or operates it since teams may remain anonymous. Validators’ names may also be kept secret. There is a risk that the team behind a bridge may not have enough security specialists to rapidly address potential issues. The higher the value of assets going through bridges, the higher the level of risks.

Two sides of the crypto coin in the Russia-Ukraine war

Ukrainian authorities and non-governmental organizations are collecting donations in crypto to buy equipment for the Ukrainian Armed Forces. At the same time, there are fears that russian wealthy individuals such as those closely tied to Putin may use crypto to evade Western sanctions. It is the first time the world is witnessing the power of blockchain at scale.

Due to its anonymous nature, crypto allows governments or businesses to raise funds for causes that would not be allowed through traditional fundraising platforms. This feature raises a dilemma of whether it is moral to use crypto for buying weapons.

Crypto is also helping ordinary Ukrainians. It acts as a buffer for those who have been forced to leave their country. However, for an individual without any knowledge about crypto, owning digital assets may be too complex. Although crypto plays a huge role in the war, it is not decisive.

Data on Ukraine DDoS attacks

During the first month of the war, Datagroup, the company providing services for telecom operators, resolved 350 DDoS attacks targeting Ukraine’s telecom network. The largest attack measured 103.6 Gbps while the longest recorded attack lasted 24 days. Russian hackers are actively targeting such sectors as government, telecommunications, and finance.

According to the State Special Communications Service, the country has already experienced >3,000 DDoS attacks. The record was 275 DDoS attacks per day. During 15-22 March, Ukrainian critical infrastructure and public organizations experienced 60 cyber attacks. Although the number of attacks is growing, most of them are not successful and even those that have some elements of success do not cause any serious damage to Ukraine.