Case Study: Hacken’s Audit of EBSI Smart Contracts
Hacken performed smart contract audits for the EBSI, contributing to the safety and reliability of digital public services across Europe
🇺🇦 Hacken stands with Ukraine!Learn more
Recently, the world has observed a number of cyberattacks on currency exchanges and financial companies aimed at stealing secured data and money. One of the biggest attacks was performed in September 2020. The North Korean group of hackers Lazarus Group attacked the cryptocurrency exchange KuCoin and the value of stolen cryptocurrency assets equalled $275 million USD. The stolen assets were sent to so-called “mixers” that mixed them into various accounts so that the tracking of funds became almost impossible. The risk of further attacks performed by North Korean hackers remains extremely high.
FTX is a security-oriented company that has prioritized the protection of customers from cyberattacks aimed at stealing crypto assets. To this end, FTX has contacted Hacken and ordered Web, Android, and iOS pentesting.
The process of web application penetration testing for the web-based application security assessments performed by Hacken has the following algorithm. Firstly, we gather the information and check the effectiveness of security policies. Then we proceed to identifying the most vulnerable elements to attacks and identify the loopholes that can cause data theft. Finally, we create a report.
Hacken has been testing the FTX web-based application applying the Man-In-The-Middle (MITM) tool providing for the hacker’s infiltration into a private network by impersonating a rogue access point and acquiring login credentials.
Upon receiving the results of the test, Hacken has created a report containing all identified vulnerabilities and recommendations on fixing them. FTX has promptly addressed all mentioned issues by considering Hacken’s advice.
The Hacken Android and iOS app penetration testings are aimed at analyzing the security of the Android and iOS versions of applications installed on the device.
The process of testing the applications handling sensitive information such as financial transactions data requires the company to meet industry standards such as the Payment Card Industry Data Security Standard (PCI DSS) and OWASP Mobile Security Testing Guide.
FTX has ordered a pentest to identify any weaknesses that may cause unintentional disclosure of information and allow hackers to carry out further attacks on the application, device, or interconnected infrastructure. This info includes account identification data that, if disclosed, would enable a brute-force attack on the application access controls, etc.
FTX is a cryptocurrency exchange developed by traders for traders. FTX represents innovative products, including industry-first derivatives, options, volatility products, and leveraged tokens. The company actively develops a platform for both professional trading firms and first-time users. With FTX, trading becomes more convenient: the site’s intuitive interface allows clients to navigate easily from the same beginning.
The main goal of founding FTX has been to donate the world’s most effective charities. FTX, its affiliates, and employees have donated over $10m to save lives, prevent suffering, and create a brighter future.