Fight Back with HackenAI

6 min readOct 1, 2019

Whenever users get a suspicious looking email or request from a browser, a lot of people exercise caution since the request is coming from an unknown source. However, a lot of times malicious software will appear on our computer as a result of a recommendation from a friend or acquaintance and this is when a lot of people generally let their guard down. This is why we all need someone on our side constantly keeping an eye out on new threats.

This is where HackenAI comes in, your personal assistant that looks into the dark web and timely notifies you when your data is in danger. This is a new revolutionary approach to cyber protection. White hat hackers are collectively standing by, keeping a lookout for any suspicious activities and assisting you in preventing all known cyber threats.

Protection for Crypto Assets Holders

HackenAI is a revolutionary, 360° cybersecurity companion product that incentivises users to learn good cybersecurity habits. Powered by the native HAI cryptoasset token, HackenAI takes ownership of user cybersecurity, by consistently watching all potential threats and malpractices, and immediately prompts users with timely, detailed information, and even suggested steps to take in mitigating the risks of exploitation.

For those of you who are actively engaged in crypto currencies, HackenAI can protect crypto exchange accounts through an API policies audit, as well as gather, analyze and manage them from one platform. Whenever it detects a threat to a user’s digital assets it will immediately send out an alert about the threat and suggest steps the user can take to help protect themselves and their assets. HackenAI is a tool that can be used every day to help defend against cyber threats and track your digital assets.

However, even if you are not into crypto currencies, HackenAI can be of use to you as a comprehensive solution for defending yourself against cyber threats. It can serve as your trusted password manager, account data backup and a gateway into the crypto world if you decide to go in that direction.

As and example of the type of risks HackenAI can defend against, let’s take a look at one example where a white hat hacker not only exercised extreme vigilance, but decided to turn the tables on the scam artists who were stealing other people’s money and personal information.

Hacker Gets a Taste of His Own Medicine

One of the members of our Hackenproof community recently stumbled upon an interesting case. His friend asked him to analyze a new cryptocurrency startup that he was asked to promote and sent him the link https://blo*****.*e/?promo=*****. After opening the link he noticed right away that the site was attempting to install some sort of Chrome plugin.

We conducted an investigation and, as it turned out, this site was being used by scam artists to steal user data that was located in the cookies. While most companies would send out an alert to other members of the community to stay away from this site, we decided to fight back. Our team of white hackers were about to give those hackers a taste of their own medicine.

Patience Proved to be a Virtue

After searching for vulnerabilities for two hours, not much progress was made since the site proved to be more secure than initially thought. All of the data that was transferred to the server was thoroughly checked for “correctness” and the filters were making it difficult to hack the site. However, after all hope seemed lost, there was a breakthrough. Since the plugin only steals cookies, there had to be some way they find out the victims’ IP addresses. In other words, what if they do not check for vulnerabilities, such as SQL injections, upon obtaining the IP addresses and logging them back into the database?.

This hypothesis proved to be correct. We initiated an SQL injection, launched and sqlmap and received access to the database. However, after this initial success, the scammers caught on that something was amiss and fixed the vulnerability. Not to worry, we looked at other pages on the site and found similar vulnerabilities and sent a header with an SQL injection to each one.

As it would later turn out, the user data was in fact valid as were the login and password credentials. In total, there were about 80 binance users, 358 coinbase users 128 blockchain.com users and another 12 local bitcoins users. The total amount of breached login credentials was around 5,000.

Putting it All Together

The results of the investigation that the initial link https://bl******.*e was one of four others that were meant to be sent to individual Binance, Local Bitcoin, Coinbase and Blockchain.com users to try and steal their financial assets. The other sites were:

https://b****.com/
https://e****.org/
https://d******-****to.org/

The following is a step-by-step process of the way the entire scheme worked:

There was a developer who created a platform and a malicious plugin that steals cryptocurrency.
The platform works very effectively, with hacks recorded every day.
The developer receives 20% commision from each hack.
There are already 656 scammers registered on the platform.
It is not difficult to disclose the names of all the scammers since they all have SIM cards, nicknames and fund transfers.
If we put this forum in perspective, it is nothing in comparison with what is happening on a massive scale. This is just a drop in the bucket, if not an ocean. We have since notified all the victims of the phishing attack by email.

How Can We Address What is Going On?

It is important that we understand that episodes like the one described above occur on a regular basis and the money stolen by that group of hackers is just a drop in the bucket. Therefore, we need to change our approach on how we handle black hat hackers. HackenAI can put users on the offensive and allow them to fight back against black hat hackers and notify them directly if their personal data has been breached.

The average user does not pay a whole lot of attention to cyber security and become aware of security threats when it is too late. Them most popular hacking methods include:

Corporate accounts phishing attacks
Enterprise/business data leaks in dark web
Social network accounts hacking and intimidation
Malware and ransomware attacks

If you are in the crypto world, the damage caused by hackers is irreversible. If a crypto exchange is compromised, it is almost impossible to recover any of the assets that were stolen.

This is why you need HackenAI. It is a lifetime app that will provide you with all sorts of information on how to defend against cyberthreats, especially the ones that concern crypto currencies. Users can protect their crypto exchange accounts via API policies audit, as well as gather, analyze and manage them from one platform. Even if you do not own any crypto currency, it provide you with notifications and clear guidance to achieve 99.9% level of protection against cybersecurity threats.

For all of the ethical hackers out there, if you come across a similar situation, then it’s time to make a stand. Contact us and we will work together to resolve the situation.