CertiK Blog

Gate's Web3 Wallet now displays CertiK Skynet Scores directly within its Earn product pages, giving users on-chain security intelligence at the point of investment decision-making.

The rapid adoption of OpenClaw, a popular open-source autonomous AI agent framework, reflects a broader shift toward AI-driven assistants. However, the widespread integration of this framework introduces critical security risks that may lead to unauthorized actions, data exposure, and system compromise.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

Gate's Web3 Wallet now displays CertiK Skynet Scores directly within its Earn product pages, giving users on-chain security intelligence at the point of investment decision-making.

CertiK has completed an independent Proof of Reserves (PoR) audit for Gate Technology FZE, the Dubai-based entity of the Gate Group. Gate Dubai exchange is licensed by the Virtual Assets Regulatory Authority (VARA). The audit verified that the platform's on-chain reserves fully back its user liabilities across all in-scope assets as of December 31, 2025.

An overview of regulatory developments in the United States in February 2026, including the Senate Banking draft, GENIUS Act implementation, and the SEC “Task Force” transition.

The rapid adoption of OpenClaw, a popular open-source autonomous AI agent framework, reflects a broader shift toward AI-driven assistants. However, the widespread integration of this framework introduces critical security risks that may lead to unauthorized actions, data exposure, and system compromise.

Security infrastructure is becoming a common bottleneck in VASP licensing. This guide covers what regulators evaluate, the documentation gaps that trigger follow-up cycles, and a practical sequencing framework to get ahead of them.

For years, the industry has struggled with this exact question. In this article, we are going to dive deep into an emerging privacy solution: zERC20. zERC20 is a pragmatic, immediate implementation of a concept known as plausible deniability (originally proposed in EIP-7503), which means the cryptographic evidence of an action equally supports a completely innocent explanation. For zERC20, depositing funds into the privacy protocol is mathematically indistinguishable from a user accidentally sending tokens to a dead address.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

OpenClaw is an open-source, self-hosted personal AI agent platform designed to run on a user’s local machine or server. It supports long-term memory, autonomous operation, integration with mainstream LLMs, and remote control through messaging platforms like Telegram.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

Security infrastructure is becoming a common bottleneck in VASP licensing. This guide covers what regulators evaluate, the documentation gaps that trigger follow-up cycles, and a practical sequencing framework to get ahead of them.

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

In our previous video, we discussed Advanced Formal Verification of ZKP: Verifying a ZK Instruction. By formally verifying each zkWasm instruction, we were able to completely verify the technical security and correctness of the entire zkWasm circuit. In this video, we will focus on the bug discovery aspect, examining specific bugs encountered during the process and the lessons learned.

Skynet Quest is a brand new platform that unlocks Web3 security with engaging learning experiences and tools. By completing quests, users gain practical knowledge of Web3 security, earn rewards, and unlock valuable tools. Whether you're a novice or an expert, Skynet Quests has something to teach everyone.

In December 2023, we shared an Aptos-related bug report with the Wormhole Bug Bounty Program. We were impressed at Wormhole’s quick and effective resolution of the issue. A patch resolved the issue within 3.5 hours of the initial report.