An international company developed a P2P platform for predicting events in the fintech market. Thousands of users access the service daily through digital channels—web and mobile apps—entrusting it with their personal and financial data.
Operating in a high-risk industry and subject to GDPR regulations, the company prioritizes security above all.
Datami conducted a full black-box penetration test, including a smart contract audit, code security review, testing for SQLi, XSS, RCE, OSINT analysis, and cloud infrastructure assessment.
Both automated scanners and manual testing were used to ensure deep inspection of smart contracts, servers, APIs, cloud infrastructure, and transaction processing logic.
Special attention was given to bet settlement mechanisms and access control systems.
During the project, Datami conducted a comprehensive assessment of all platform components, including smart contracts, APIs, and cloud infrastructure.
Various attack scenarios were simulated, particularly targeting transaction logic and smart contract interactions. The team adapted the process to fit the real-world constraints of the black-box approach.
Every
At the beginning of the project, the security of the P2P platform posed serious risks: critical vulnerabilities in smart contracts and flaws in transaction processing logic threatened user fund losses and violations of security standards.
During the black-box penetration test, Datami identified 10 vulnerabilities: 3 critical (in contracts and transaction mechanisms), 5 medium, and 2 low.
The P2P platform received clear recommendations to improve cybersecurity:
After implementing the recommendations, the risk level was significantly reduced: critical vulnerabilities were eliminated, and the platform now complies with international security standards. Potential financial losses of up to $300,000 were successfully avoided.
The project was completed in 4 weeks instead of the standard 6.
The client resolved the critical vulnerabilities within 48 hours.
Within just 4 weeks, the cybersecurity of the P2P platform was significantly strengthened: Datami conducted an in-depth audit and identified vulnerabilities, while the client implemented key security measures.
The project was completed faster than the industry average, with risks of data breaches and attacks minimized.
This case proves that high-tech platforms require independent audits to avoid financial and reputational losses.
Find out what External Network Penetration Testing is and what determines its cost. Review its benefits, stages, duration, and key approaches.
Learn what an Internal Network Penetration Test is and how to prepare for it. Discover the meaning, stages, and challenges of conducting an Internal Network Pen Testing.
What is network penetration testing? Learn more about the approaches and types of network pentests, the key stages, and the outcomes of a network penetration test.