Lately, the crypto ecosystem has been struck by multiple cyber attacks so we’ve decided to speak with one of the people who can shed light on this subject. Nikita Knysh is the white hat director of Hacken, and he’s actively working with his team on finding solutions for the vulnerabilities that are occurring regarding cybersecurity. “White hat hackers are like superheroes, fighting the bad, malicious hackers.”
CryptoStreet: What is Hacken and do you think that it can change how we see security in the crypto industry?
Nikita Knysh: Even after the launch of the Anti-phishing service, we were able to successfully close more than 40 phishing sites for the first eight clients. Scammers create fake sites, pages in social networks and even telegram channels daily to lure money from inattentive depositors.
Resonant cracking of exchanges and crypto-exchangers is increasing every day, and the recent theft from the Japanese stock exchange, which amounted to half a billion dollars, is a vivid confirmation of this. Security in the crypto industry is critical because, in exchange for anonymity, openness, and decentralization, it’s paid for by the impossibility of returning stolen funds by recalling the transaction.
Haken will be able to significantly improve the security of both centralized and decentralized projects, as well as create standards in the industry, which will lead to a global market change in the field of cybersecurity.
CryptoStreet: Is Hacken offering its services only to businesses from the crypto industry?
Nikita Knysh: No, we offer penetration testing and vulnerability testing for any online projects. In simple terms, we show how one can be hacked and stolen your information stolen. It does not matter to us, if your product is from the crypto world, or it’s just an online exchange or even an app.
We also conduct audits of smart counter-attacks, system integration, and check the logic of your projects and products. New ICOs and online brands that do not have time to strengthen their recognizability in the market we protect against phishing and DDOS attacks.
Unlike other companies, where the level of quality of service and the objectivity of verification depends only on the competence of employees and their number, we can offer clients testing by hackers from around the world. And hackers, we can offer an objective analysis of any disputes with the help of the community, based on distributed and transparent blockchain systems, objective 3H and an arbitrage system with quick decision making.
CryptoStreet: Could Coincheck have done more to avoid the substantial cyber attack?
Nikita Knysh: Yes, definitely. Unfortunately, we have to state the fact that more than 40% of modern exchanges have at least one critical vulnerability and more than 80% have at least one medium-level vulnerability. Also, due to the high popularity of cryptocurrencies, which is sometimes based on banal hype, the number of exchanges and cryptocurrency is increasing exponentially. We even decided to launch a kind of rating for crypto-instruments to inform the community about who should be trusted and who not.
CryptoStreet: At what level of security do you think the top crypto exchanges are for the moment?
Nikita Knysh: The level of security of crypto-exchangers is at a level of 6 out of 10. The main problem is that developers of exchangers are hiring testers to search for bugs, but forgetting to hire hackers to test for vulnerabilities. So the problem is in the difference between the thinking of programmers and hackers. The last one often thinks very differently and can even turn a logical mistake into a method of stealing funds.
CryptoStreet: How does a security breach occur?
Nikita Knysh: Inattention, low competence, abstractness, fatigue, overload of programmers and trivial holes in the software from third-party vendors.
CryptoStreet: Why are internal threats often more successful than external threats?
Nikita Knysh: Because any system is much easier to hack if you understand how it works. For example, often the best skimmers (devices for stealing data from bank cards) are made by former employees of banks. It’s also ironic that WhiteBox (when you know everything about the system) testing usually costs more than BlackBox (when nothing is known). This is because correcting other people’s mistakes is sometimes more difficult than writing from scratch.
CryptoStreet: I see that Haken is working on vulnerability research. What is the difference between Risk, Threat, and Vulnerability?
Nikita Knysh: I’ll try to explain in simple words. A vulnerability is a weakness; the threat is the same as a man with a bat that can take advantage of your weakness; risk is the probability that a person with a bat will take advantage of your weakness.
CryptoStreet: Tell us about Haken’s achievements and the significant projects that are coming ahead.
Nikita Knysh: It will be difficult to answer this in only a few simple words. All customers want an NDA and in our field to show off our achievements – it means to talk about the mistakes and problems of our clients. So I can quote figures, without specifics and some interesting facts.
There are already more than 30 permanent hackers and about 50 additional hackers who participate as they desire in close bug-bounty programs on an ongoing basis. The first takers expressed a desire to work with Hacken on an ongoing basis.
Our team has grown from 10-15 people to 30+. The sales department processes daily about 30 new applications, which are mainly due to “word of mouth” (on the recommendation of others).
A record number of stolen funds from customers who came to us with their problem – $12 million. On average, this is 100-150 thousand dollars.
The most are afraid of hackers and want to work with us as a service security company, and not as a platform for interaction with hackers.
Contrary to common misconception, security is most interested not in banks and financial organizations (not our most beloved customers), but people from the world of arbitration, traffic, gambling and the world of outsourcing, developing web applications, mobile applications, and the telecommunications industry.