The Best Cybersecurity Approach to NFT Marketplaces

The case of Jungle confirms Hacken’s deep expertise in dealing with NFT projects. Our cybersecurity approach to NFT projects originates from their distinct needs and business context. Most NFT marketplaces have the following key business requirements:

1. Lightning-fast and easy transactions which must be secure.
2. Integration with several crypto wallets must work as intended.
3. Transfer of token ownership must be straightforward.
4. Metadata must be uncompromised.
5. No scams or copymints.

We know what NFT businesses need. We know the most common and the most complex attack vectors. That’s why Hacken’s cybersecurity services are so effective.

Jungle is an NFT Marketplace with a Focus on Security

Our client Jungle is an NFT marketplace where people collect, sell, or create NFTs on the Ethereum blockchain. Jungle’s mission is to pioneer the future of crypto art by empowering artists to find success in the digital era – free from fake NFTs. Jungle positions itself as the marketplace for authentic NFTs only, where people get rewarded for trading.

Jungle’s primary offering is providing a safe and secure NFT platform

Jungle requested Hacken’s services as they wanted to achieve robust security for their entire NFT marketplace. In their business of digital art collectibles the word “safety” means the following:

• The marketplace is free from copymints.
• Ensuring secure payments using various crypto wallets.
• Confidence in token ownership and metadata storage.

According to Kamron Yazdani, Director of Marketing at Jungle, “Our sole focus as a brand is to provide the most optimal user experience. At the core of that is safety and security. The product cannot be viable without a secure platform.”

Secure transactions and wallet integration are vital for Jungle

Jungle works with MoonPay and supports MetaMask, WalletConnect, Coinbase Wallet, Formatic, and TrustWallet. Their goal is to make payments easy, quick, and secure. At Hacken, we understand these needs and integrate them into our offerings.

Why Jungle chose Hacken for Web3 cybersecurity?

How did the partnership with Hacken begin? According to Kamron Yazdani, Director of Marketing at Jungle, Hacken had been on the radar of their technical team for quite some time. Jungle’s CTO evaluated us against other top-notch auditors. In the end, Hacken’s reputation for delivering robust 360-degree security convinced Jungle’s team to move forward with us. The three criteria that helped Hacken strike a deal with Jungle:

1. Word-of-mouth – great recommendations from our clients. 
2. Demonstrated track record – we always deliver.
3. Effective results – we help clients achieve their goals.

Hacken’s Cybersecurity Services to Jungle

Continuous Protection with Bug Bounty

In May 2022, Jungle requested our bug bounty and pentesting services. Launching a bug bounty program is an effective approach for rising NFT marketplaces to stay secure:

1. Continuous protection – bounty is active for 1 year.
2. Cost-effective – you only pay for found bugs.
3. Crowdsourced – thousands of external researchers look for bugs.

For their program, Jungle chose HackenProof and received all the benefits of working with the industry leader in bug bounties:

1. Superb Triage Service (all bugs are vetted for relevance and scope).
2. Access to 12,000+ external researchers.
3. All bounty payments are managed by HackenProof.

Their team remarked HackenProof’s Full Triage service which other companies don’t provide as one of the reasons for choosing us.

Currently, HackenProof is running two programs for Jungle, including Smart Contract Bounty with a record-high max bounty of $1 million. Jungle is looking for evidence and reasons for the incorrect behavior of the smart contract, which could cause unintended functionality and lead to the most common smart contract vulnerabilities.

Bug Bounty Name	Jungle Web Bounty	Jungle Smart Contract
Max Bounty	$50,000	$1,000,000
Timeline	08 Nov 2022 – ∞	08 Nov 2022 –  ∞
Scope	Business logic issues and payments manipulation Remote code execution (RCE) Injection vulnerabilities (SQL, XXE) File inclusions (Local & Remote) Access Control Issues (IDOR, Privilege Escalation, etc.) Leakage of sensitive information Server-Side Request Forgery (SSRF) Cross-Site Request Forgery (CSRF) Cross-Site Scripting (XSS)Directory traversal	Stealing or loss of funds Unauthorized transaction Transaction manipulation Attacks on logic (behavior of the code is different from the business description) Reentrancy Reordering Over and underflows

Jungle’s decision to go with bug bounty is a winning strategy for the marketplace’s security. HackenProof gives them continuous bug detection where they only pay for proven and in-scope bugs. It also engages their growing community by giving anyone a chance to detect bugs and earn rewards for their important contributions.

Penetration Testing for Jungle

In addition to bug bounty programs, Jungle requested Penetration Testing from Hacken. Hacken’s Penetration Testing offers an accurate and comprehensive assessment of risks. For Jungle, this is the best way to proactively identify complex, multivector vulnerabilities of their Web app based on exploitation risks. Hacken performs testing in a simulated environment, so there is no harm to the client’s systems.

Swift Transition into Smart Contract Audits

Jungle’s cooperation with Hacken started with bug bounties and pentests. But it doesn’t stop there. The client is now requesting auditing services for their smart contracts. Kamron Yazdani provided a few insights into how Jungle chose Hacken, “Hacken’s bug bounty program was one of the reasons we proceeded with audits.” 

With a record-high bug bounty program, comprehensive penetration testing as a service, and effective smart contract audits, Jungle is about to experience the full power of 360-degree security. This Web3 cybersecurity “full house” proves Jungle’s unchallenged commitment to creating the safest NFT marketplace.