<><><>Risk Reasons</> - contextual reasons explaining why a risk is present (e.g.,a malicious label)</><>

<><>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<><>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation.&nbsp;<>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.</>&nbsp;This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<><>Risk Reasons</> - contextual reasons explaining why a risk is present (e.g.,a malicious label)</><>

<><>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<><>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsights addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation.&nbsp;<>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.</>&nbsp;This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation.&nbsp;SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.&nbsp;This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.</> designed to enhance security, compliance, and transparency across the blockchain ecosystem. It leverages a real-time API framework to deliver actionable insights by aggregating, classifying, and analyzing data from wallets, smart contracts, and transactions.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight is CertiK's on-chain intelligence and risk analytics platform</> designed to enhance security, compliance, and transparency across the blockchain ecosystem. It leverages a real-time API framework to deliver actionable insights by aggregating, classifying, and analyzing data from wallets, smart contracts, and transactions.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation.&nbsp; <>SkyInsight is CertiK's on-chain intelligence and risk analytics platform</> designed to enhance security, compliance, and transparency across the blockchain ecosystem. It leverages a real-time API framework to deliver actionable insights by aggregating, classifying, and analyzing data from wallets, smart contracts, and transactions.</><>

Business-specific response content (only returned on success; structure varies by endpoint)

CertiK combines chain-level insight with practical smart-contract auditing. We’ve audited the Kaia blockchain itself and multiple ecosystem projects, giving us deep context on consensus, execution, and EVM specifics that directly inform our reviews. Our audits surface exploitable vulnerabilities, document privileged roles and upgrade paths, and deliver clear, prioritized remediation and gas-efficiency recommendations. This gives CertiK a unique advantage for auditing projects on Kaia.

Crypto High-Rollers Go Big on Bodyguards to Deter Kidnappers

Enter your job title

Job Title

Name

Our PoR service is managed by the same security engineers who conduct CertiK's world-class audits. We bring a deep understanding of your security posture, ensuring a more rigorous and context-aware verification process.

Penetration testing reports are comprehensive and contain the details of all identified vulnerabilities. These are classified by severity, from Critical to Informational. Each finding includes a clear description, reproduction steps, proof-of-concept, and tailored remediation recommendations.

Request the latest threat intelligence and newest custom research based on relevant Web3 contextual factors. This unique service is the only way to unlock direct access to CertiK Intelligence Analysts

See the API endpoints section for a more detailed description of each endpoint.

When an error is encountered, you will receive an HTTP status code along with a message and error code in the body of your query response. We use the following status codes for errors:

Have your code reviewed by CertiK’s team of seasoned security experts, who have audited 1000’s of projects

Effective findings culminated through performing thousands of audits and a cross-check against a large internal database of security vulnerabilities.

Receive rich reporting, covering findings and recommendations on how to remediate vulnerabilities.

Smart Contract Audit Process

comprehensiveResearchTitle

CertiK audits all of Web3, from decentralized applications to the blockchains they’re built on. We work closely with clients to deliver tailor-made security solutions.

Our industry-leading audit methodology and tooling includes a review of your code’s logic, with a mathematical approach to ensure your program works as intended.

Our industry-leading L1 chain auditing process combines expert manual review of smart contract code with advanced AI and mathematical techniques to ensure blockchain protocols work as intended.

Every smart contract audit involves comprehensive manual review by our team of experienced security experts. Automated AI-powered review provides an additional layer of security. Formal verification is an optional further step that certifies smart contract behavior with respect to custom function specifications. This helps developers get a handle on the entire scope of their platform.

How Does a Smart Contract Audit Work?

Every audit involves comprehensive manual review by our team of experienced security experts. Formal verification certifies L1 chain code behavior with respect to custom function specifications, helping developers get a handle on the entire scope of their platform. The process of auditing an L1 is the same as for auditing a smart contract. The five-step process is as follows:

Report an incident if you are under cyber attack and need help!

24/7 Incident Response

innovationTitle

An L1 chain audit provides a comprehensive security assessment of a Layer 1 blockchain to identify vulnerabilities and recommend ways to fix them.

CertiK has audited nearly a dozen L1s, along with projects written in all major programming languages, thousands of Web3 projects, and tens of thousands lines of code. As a pioneer in the blockchain security industry, CertiK brings expertise that can only be gained from years of experience with thousands of projects to each and every L1 chain audit.

CertiK has audited thousands of Web3 projects and tens of thousands lines of code written in all major smart contract programming languages.

We bring expertise that can only be gained from years of experience with thousands of projects to each and every audit.

When it comes to security, only the best will do.

Protect Your Project Today

researchTitle

A comprehensive security assessment of your smart contract and blockchain code to identify vulnerabilities and recommend ways to fix them.

What’s in a Smart Contract Audit Report?

solutionsTitle

Providing the largest coverage on languages and ecosystem, as well as faster onboarding options, depending on project code size.

Clients receive rich reports on their smart contract code, complete with comprehensive vulnerability analyses and recommended remediations.

This report summarizes the legal mechanics, market-structure impacts, and operational requirements of this new regime. It also examines the remaining fragmentation at the state level (the ‘Preemption Gap’) and shows how a de facto ‘Universal Baseline’ of cybersecurity and AML/CFT expectations now governs multi-state operators. 

Skynet U.S. Digital Asset Policy Report

This report introduces the Skynet DAT Security & Compliance Framework, a model that moves beyond surface-level metrics to provide an assessment of a DAT's operational integrity. By analyzing five critical pillars: Custodian & Third-Party Diligence, Internal Controls & Operational Security, On-Chain Risk Exposure, Capital Strategy Resilience, and Regulatory & Disclosure Posture, the framework reveals significant disparities in the quality and resilience of leading firms.

2025 Skynet Digital Asset Treasuries (DAT) Report

CertiK showcased its commitment to Korea at XRP SEOUL 2025, with CBO Jason Jiang discussing stablecoins and RWAs from a security perspective. The company also released the 2025 Skynet Korea Report, highlighting market opportunities and key security challenges in the Korean Web3 ecosystem. During Korea Blockchain Week (KBW), CertiK announced localized initiatives, including strengthened partnerships and expanded regional operations, to support long-term ecosystem growth.


CertiK at XRP SEOUL 2025: Exploring Stablecoins and RWAs, Strengthening Its Presence in the Korea Market 

In our  2025 RWA Security Report, we look at the evolving security landscape of RWAs, outlines how CertiK’s Skynet RWA Framework provides structured criteria for assessing protocol risks, and highlights the performance of leading platforms such as Ondo Finance, Paxos, and Tether.

2025 Skynet RWA Security Report

In our 2025 Stablecoin Report, we look at the current stablecoin landscape, vulnerabilities that affect stablecoins, and how CertiK’s Skynet Security Score can help evaluate stablecoin security. 

Skynet Stablecoin Spotlight Report: H1 2025

A critical vulnerability, CVE-2025-55182, was recently disclosed and carries a CVSS 10.0 (the most critical) severity rating. The issue affects React/Next.js environments. Our security research team has analyzed the vulnerability and detected many applications in the Web3 ecosystem running the affected versions, including several that are actively exploitable. 

React/Next.js CVE-2025-55182 Vulnerability Analysis

https://images.ctfassets.net/v0qht4wq59vi/7Lkv6bsO6wvip7fyylt1KT/5415c057abd4f898e617772bb70430af/Copy_of_Copy_of_CertiK_PowerPoint_Template__1_.jpg

https://images.ctfassets.net/v0qht4wq59vi/4IeKZK4p3FbbmPvmcDg87A/028ec8cc35f2fbd053ffa4dfc16d9c6d/skynet_report-02.jpg

November 2025 marked a period of significant advancement in the effort to establish a comprehensive US regulatory framework for digital assets. After a prolonged period of regulatory uncertainty, the past month delivered promising steps forward from both the legislative and executive branches, indicating a clear push toward regulatory clarity and market structure definition. For an industry seeking stability, November provided significant signals that major legislation is now a near-term prospect.

November 2025: Five U.S. Crypto Legislation Developments

https://images.ctfassets.net/v0qht4wq59vi/fn4KsjrJQuvZ9iMWXxWHh/28e8db0fa45cbe91bb54d75735c34b4c/Crypto_Legislation-01.jpg

The first Theorem Proving Competition, hosted by the China Computer Federation (CCF) officially launched. The competition is supported by OpenMath, the world’s first decentralized mathematical platform, with backing from Shentu Chain and CertiK.

CertiK Sponsors the First Theorem Proving Competition, Supported by OpenMath

https://images.ctfassets.net/v0qht4wq59vi/73dNMcnvqRErCMiHTdSzcV/f820203ce15c094b832a638fe16b8937/Screenshot_2025-12-01_at_9.15.48â__PM.png

CertiK has recently joined hands with Korean gaming giant WEMADE to launch the Global Alliance of KRW Stablecoin (GAKS), to provide comprehensive security audit services for StableNet, Korea's first dedicated mainnet infrastructure for the entire lifecycle of KRW stablecoins.

CertiK and WEMADE Join Forces to Form the Global Korean Stablecoin Alliance

https://images.ctfassets.net/v0qht4wq59vi/6g6KVXojse9Tvd0ARSYiSl/a644f5fec390d07afefa0c1ef179f354/CertiK_x_WEMADE.jpg

On 3 November 2025, Balancer and its forks Beets and Bex were exploited, resulting in a combined initial loss of approximately $130M.

Balancer Incident Analysis

https://images.ctfassets.net/v0qht4wq59vi/5z3CrUAlyoWnM1Fjt9u76I/187ad563193b0092f3817b624a536df8/balancer_cover.png

On November 20, 2025, CertiK brought together Web3 builders, founders, and investors in Buenos Aires for our Road to Mainnet and Beyond event, a VIP mixer held at a private estate in Palermo Chico. This event, presented with MomentumX Global and Headline Entertainment, provided an opportunity for meaningful conversations about Web3 security, decentralized finance (DeFi), artificial intelligence (AI), venture capital, and other emerging technologies. 

Highlights from CertiK’s Road to Mainnet Event in Buenos Aires

https://images.ctfassets.net/v0qht4wq59vi/72CyHMy7DQUKOzpT0H9RwM/1c0b6494d080d22847b1b0d10d09f270/CertiKâ__s_Road_to_Mainnet_Event-01__1_.webp

CertiK and Kaia took center stage at Korea Blockchain Week (KBW 2025) to discuss the infrastructure, security, and innovation driving Asia’s next wave of Web3 adoption. In a packed fireside chat moderated by Luna PR CEO Nikita Sachdev, CertiK Co-Founder and CEO Ronghui Gu and Kaia Foundation Chairman Dr. Sam Seo explored how Kaia is building a superapp-friendly blockchain ecosystem and how CertiK’s security services are providing the backbone for its growth. 

KBW 2025: CertiK and Kaia Highlight Security, AI, and Stablecoins as Key Drivers of Asia’s Web3 Future

https://images.ctfassets.net/v0qht4wq59vi/7kb2JLAFYGiaBmn8aNixfd/6ef887b60fe3266933b1242001b7b6d1/Screenshot_2025-11-03_at_7.10.02â__AM.png

https://images.ctfassets.net/v0qht4wq59vi/5MpnpH91db4VLqPShf57hs/a899628821316271910dde5db5f25a18/Screenshot_2025-11-02_at_4.55.31â__PM.png

October was a whirlwind for the crypto industry; political maneuvering, regulatory shifts, and influential appointments painted a clearer—albeit still complex—picture of the industry's future. From government shutdowns to key leadership changes, here are five stories in October 2025 that defined the digital asset space.

October 2025: Five U.S. Crypto Legislation Developments

https://images.ctfassets.net/v0qht4wq59vi/498lQwUg24E3qQKwf6ws37/6675626a8758db3ea7f02a37a378b4af/Crypto_Legislation-01.webp

Recently, at Korean Blockchain Week (KBW) 2025, Professor Ronghui Gu, Co-Founder and CEO of CertiK, the largest Web3 security services provider, and Shane Kim, CEO of WEMIX and Vice President of Wemade, held a fireside chat exploring the future of blockchain security, AI-driven threats, and stablecoin development. 

CertiK and WEMIX Strengthen Partnership to Advance Web3 Security, Compliance, and Stablecoin Innovation in Korea

https://images.ctfassets.net/v0qht4wq59vi/2ZL3f9xjThQIPflNUs0mH5/11a0a7d2244716d2e8846698800e7bc2/Screenshot_2025-10-20_at_1.29.31â__PM.png

Learn what a Web3 wallet is, how it works, and the different types available. Explore features, benefits, and how Web3 wallets enable secure access to decentralized applications. 

What Is a Web3 Wallet?

https://images.ctfassets.net/v0qht4wq59vi/1jhNNQ3k3Bod6F45GBbKS2/acf91c28f3c69ea8300edd36f5f02a43/What_Is_a_Web3_Wallet_-01.webp

Explore the importance of KYC verification in securing financial transactions. Learn how it helps prevent fraud, ensure compliance, and protect both businesses and users.

The Importance of KYC Verification: A Key to Secure Financial Transactions

https://images.ctfassets.net/v0qht4wq59vi/52LsxWBxP3i7plQgWmtBG8/ca8b4dfb49cf99e65c1f6071c2fcc9ab/KYC_Verification-01.webp

Aleo Systems has created a Layer 1 blockchain named Aleo with a focus on privacy achieved through the use of zero-knowledge proofs (ZKPs) and other cryptographic methods. Unlike most popular blockchains where data used and created by transactions can be viewed by an external observer, Aleo provides the ability to hide such information. 

Introducing Aleo: A Premier Platform for Private Blockchain Applications

https://images.ctfassets.net/v0qht4wq59vi/6rA4w8eOX8dqB3Rpw8Fpsa/371a82f552cf526cac5968e3e4233c4b/Introducing_Aleo.jpg

SoftBank expands in Japan’s crypto market via PayPay, which will acquire 40% of Binance Japan to let users buy crypto directly from PayPay accounts. This aligns with Japan’s booming digital asset market and builds on SoftBank’s Web3 investments—including $60M in CertiK for security, plus Cipher Mining, The Sandbox and Aleo—targeting compliant, accessible Web3 services.

SoftBank Expands Web3 Push with PayPay–Binance Japan Deal

https://images.ctfassets.net/v0qht4wq59vi/5gwSIblOWaPhhgPUKTpGBA/ddae24e205a947c94b4515af023211c9/poster-01.jpg

CertiK, together with Kraken, EVG, and Hedera, successfully hosted the “Oceanic Night@TOKEN2049” event in Singapore. The gathering brought together leading builders and innovators to spotlight the latest breakthroughs in Web3 compliance, security, and innovation, establishing itself as one of the most anticipated pre-Token2049 events.

CertiK, Kraken, Hedera, and EVG Co-Host Oceanic Night@Token2049: Igniting Web3 Dialogue & Collaboration

https://images.ctfassets.net/v0qht4wq59vi/35bMZvSKzoqXc4B6hZ9JlI/23e757bdd28ebbf22c0a1bc1995470ab/G2Gu5EYaIAA-ioN__1_.jpeg

The world’s premier Web3 event, Token2049, is set to take place at Marina Bay Sands, Singapore. This year, the conference is expected to attract over 25,000 attendees, 500+ exhibitors, and 300 speakers, serving as a key hub connecting global industry leaders and ecosystem builders.

CertiK Token2049 Attendee Guide: Empowering Security, Shaping the Future of Global Web3

https://images.ctfassets.net/v0qht4wq59vi/5kmCPvfkgRS480tD7Nbo5a/952275731d5892da459763ae2043727f/Screenshot_2025-09-25_at_9.36.36â__AM.png

This article examines the inner workings of Polygon’s Plonky3, a state-of-the-art prover utilized in zero-knowledge Virtual Machines (zkVMs). 

Breaking Down Proof Construction in Plonky3: The Fibonacci Example Unveiled

https://images.ctfassets.net/v0qht4wq59vi/1eo1g7VQODkT1d7D3Aa0Tv/18fa943e6409b04c17f1a2bae00c5389/Breaking_Down_Proof_Construction_in_Plonky3-_The_Fibonacci_Example_Unveiled-01.webp

During this year’s Korea Blockchain Week (KBW), CertiK, the world’s largest Web3 security services provider, hosted “CertiK Espresso @KBW – Compliance Insights Workshop,” a gathering that brought together industry experts, executives, and investors from Korea and abroad. The workshop focused on stablecoins, regulatory frameworks, and the future of Web3, offering in-depth discussions on how compliance and security intersect with innovation.


CertiK Espresso at Korea Blockchain Week: Stablecoins, Compliance, and Security in the Spotlight

https://images.ctfassets.net/v0qht4wq59vi/4zvM0kHxc3N4j7iHrrOVrQ/07e550cc3752e995df60d915203d9dba/Screenshot_2025-09-22_at_8.21.47â__AM.png

https://images.ctfassets.net/v0qht4wq59vi/P1fTbzJPZkespN838E21O/3b81ec24fcc3ef2d3e446612efcbcf5c/JJ.jpg

Every autumn, Seoul hosts one of the blockchain industry’s most prominent events: Korea Blockchain Week (KBW). The event attracts developers, investors, policymakers, and project teams from around the world, and has become a key platform for dialogue and collaboration in the Web3 space.

KBW 2025: CertiK Colors Seoul with Security

https://images.ctfassets.net/v0qht4wq59vi/5uQtYQmCYjmYQtiWjHiEQF/5ebbfce88b6e1d6dd440f100ff7f24e8/Screenshot_2025-09-18_at_9.01.14â__AM.png

This in-depth analysis will illuminate how the judicious separation of concerns between these layers can engender enhanced scalability, flexibility, and interoperability within the blockchain domain, ultimately shaping the future trajectory of decentralized applications and networks.

EVM – Cosmos Convergence Research From Security Base: Part 3

https://images.ctfassets.net/v0qht4wq59vi/72BFrllIHS2nY5rCnvSBOa/0679b746775bfe4f2fbcb45fecabafb7/EVM_â___Cosmos_Convergence_Research_From_Security_Base-_Part_3_-01.webp

In this post, we analyze the specific ZKP constructions implemented in Binance’s tss-lib [1]. These proofs address previously identified weaknesses in the Multiplicative-to-Additive (MtA) protocol, Paillier encryption parameters, and auxiliary RSA modulus generation. Our discussion is grounded in the improvements formalized by the specifications in CGGMP21 [4], which strengthen the robustness of threshold ECDSA against known attacks.

Threshold Cryptography V: Auxiliary Zero-knowledge Proofs

https://images.ctfassets.net/v0qht4wq59vi/2lGicTQKd3WG1LchRquAKG/397e314e27a6683ab5f9946410f88c07/Threshold_Cryptography-01__1_.webp

https://images.ctfassets.net/v0qht4wq59vi/2EYbQCBq5KsdoINZn1BIC5/a110a9750b51780e26efafeefb2c7820/RWA_Report.png

In this article, we delve into the concept of cross-contract calls and examine the distinctions between Solidity and Move contracts in this area. We will assess the mechanisms and security of executing cross-contract calls in Move, aiding developers in better comprehending how to manage contract interactions within the Move environment.

Move for Solidity Developers IV: Cross-Contract Call

https://images.ctfassets.net/v0qht4wq59vi/3Ib5oZ2Tc8MtJXZRsNsQ3M/5b802875cd0d59cf69422d26580b71c4/move.png

Professor Gu recently sat down with Forbes China to discuss his journey from academia to Web3 security, and how mathematical rigor continues to shape his approach to innovation. In this blog, we’ll look at highlights from his interview, including his academic background, how he founded CertiK, and how CertiK is influencing blockchain security. 

Forbes China Interviews Ronghui Gu, CertiK Co-founder & CEO, on Pioneering Web3 Security with Mathematical Rigor

https://images.ctfassets.net/v0qht4wq59vi/7q7sg97QiQGYcy23b3FIxx/aaf6297d8374a6b3799b034c4961a3ca/forbes-01.webp

On 10 August 2025 Numa protocol was exploited for ~$313k. A malicious actor acquired additional Numa tokens by liquidating victim accounts after manipulating the NumaVault by minting nuBTC. Minting the nuBTC inflated the total synth value and in turn, reduced the collateral value of cNuma according to the Numa VaultManager logic.

Numa Incident Analysis

https://images.ctfassets.net/v0qht4wq59vi/2LiADW57cV0lnOR8wSYqbe/a64bc2ed04c682cb9ab6c0098694204e/Blog_Graphic.png

This post details two security incidents involving the Lottie animation format and its ecosystem, highlighting the persistent and evolving nature of third-party dependency and supply chain risks in the modern web landscape.

Lottie File Incidents: Case Studies of Third-Party Supply Chain Risks

https://images.ctfassets.net/v0qht4wq59vi/7BjMw0LzlixT0goychjSdV/45cc437739b8b14ba0808c44aad21dd0/Lottie_File_Incidents-01.webp

In this post, we provide a detailed examination of the MtA protocol, which utilizes the additively homomorphic properties of the Paillier encryption scheme to facilitate the exchange of encrypted secret shares among the participating parties.

Threshold Cryptography IV: Multiplicative-to-Additive (MtA) Protocol and Paillier Encryption Scheme

https://images.ctfassets.net/v0qht4wq59vi/5rIaRnal3QRvZYF8dPWUcg/558025b9adc9ce927c44c8d1a307de9a/Threshold_Cryptography_IV-01.webp

https://images.ctfassets.net/v0qht4wq59vi/7LI3hM2waiQ0NPyqsFKixQ/74eacb72b6ebab78d8091f2b96a3c771/skynet_report-02.jpg

As Web3 adoption continues to accelerate, many central banks and institutions are developing digital asset products, such as stablecoins, to support the stability of existing blockchain ecosystems while offering transparency, speed, and flexibility. However, such stablecoin innovations must win user trust, meet regulatory requirements, and integrate with existing Web3 systems in order to acquire mainstream adoption.  In the context of rigorous compliance frameworks, formal verification is a promising methodology to help build reliable stablecoin contracts by verifying essential compliance requirements.

Stablecoin Regulation and the GENIUS Act: A Case for Formal Verification

https://images.ctfassets.net/v0qht4wq59vi/3tdsMmluFaM0OwA7S9Gqav/ad0eb526626d1abbc168c5341daab66d/Stablecoin_Regulation_and_the_GENIUS_Act-01.webp

Binance Wallet is enhancing user security by integrating Skynet Token Scan, a powerful tool developed by CertiK’s security researchers. This new feature puts on-demand security intelligence directly into the hands of Binance Wallet users, empowering them to make safer, more informed decisions.

Binance Wallet Integrates CertiK’s Skynet Token Scan

https://images.ctfassets.net/v0qht4wq59vi/2FEvYYsPU5QuWxiCxx10Sf/6ea31875b8fa7865aad6b60d6f1301e2/Binance_Wallet-01__1_.webp

On 9 July 2025 GMX V1 vault was exploited by a white-hat for ~$42M due to a reentrancy issue. The funds were later returned to GMX who awarded the white-hat a 10% bounty. The whitehat had minted and then staked GLP before creating a short position directly from the vault contract through reentrancy. Executing in this order bypassed the ShortsTracker, and prevented the average short position price from being updated. This occurs when the market price exceeds the tracked average price, resulting in the protocol overestimating unrealized losses. As a result, the Assets Under Management (AUM) calculation was manipulated to inflate the apparent value of GLP.

GMX Incident Analysis

https://images.ctfassets.net/v0qht4wq59vi/182fGa8nGAIfZp68YfYaEv/15e5b85e764a8e5118a8591c9a33bb8b/Blog_Graphic__4_.jpg

On 15 July 2025, a malicious actor took advantage of a lack of input validation in Arcadia Finance’s Rebalancer contract to obtain assets by paying off a portion of a user’s debt and withdrawing the underlying assets for a net gain of ~$3.6M. 

Arcadia Incident Analysis

https://images.ctfassets.net/v0qht4wq59vi/2LqKpDjX82Mc8qh9GFbKcy/258f1e6a6fea93d44a8286805820348d/Blog_Graphic__3_.jpg

This third post in the Threshold Cryptography series provides a bird’s-eye view of the 9-round threshold ECDSA protocol implemented in tss-lib [1]. Detailed exposition of the underlying MtA secret share conversion protocol and zero-knowledge proofs will follow in the next two posts.

Threshold Cryptography III: Binance tss-lib’s 9-Round Threshold ECDSA

https://images.ctfassets.net/v0qht4wq59vi/624juiRi6b82g0mFwiH5EG/9fd22b978dc02f15f7abeb1dd4ddf7bd/Threshold_Cryptography_III-01.webp

Stablecoins are a type of crypto-asset designed to maintain a stable price by linking each token to an external reference asset, most often a national currency like the U.S. dollar, but sometimes commodities like gold. In theory, every coin in circulation should be redeemable for an equal amount of that reference asset, protecting holders from the sharp price fluctuations typical of unpegged digital currencies.

Security Risks of Stablecoins

https://images.ctfassets.net/v0qht4wq59vi/7wtuZfwzhEqjU5syjTvgOZ/f89a5f27bcdeca11c3d21b729c01d475/stablecoin-01.webp

Ronghui Gu, Co-Founder of Web3 security firm CertiK and Professor of Computer Science at Columbia University, delivered a compelling keynote speech at the University of Hong Kong Business School titled, “Scaling Web3: Balancing Innovation and Security for a Global Audience,” which outlined the critical importance of cybersecurity as the Web3 ecosystem matures. 

CertiK’s Co-founder Ronghui Gu Delivers Keynote Speech at HKU Business School on the Next Era of Blockchain Security 

https://images.ctfassets.net/v0qht4wq59vi/61K3rFcPCOwU6qR1ouTKEg/35691fb61abb441bb1bfa73de22295dc/e11f8cdb0a4430b9a4bcf5059d675d98.jpg

Welcome to Hack3d: The Web3 Security Report for Q2 + H1 2025. Hack3d is the industry's most comprehensive record of statistics and analysis of on-chain security incidents. It equips stakeholders with the knowledge needed to make informed decisions in an increasingly high-stakes environment.

Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2025

https://images.ctfassets.net/v0qht4wq59vi/15jSiBeiLGwyOzuyutDG1b/f57de363de126b41b9479f7d149766d5/hack3d-report-q2-01__1_.webp

Following the success of Proof of Talk 2025, more major Web3 events are on the horizon! From June 24 to 27, Seoul—the innovation hub of Asia—will host two flagship Web3 conferences. CertiK invites you to join us on this exciting journey into the future of Web3.

CertiK’s Korea Event Attendee Guide: June 2025

https://images.ctfassets.net/v0qht4wq59vi/3H6twcClSHvwfJHMtTDA9E/0c06cbe81e1b9c84b7d853ff1d1d9e77/Screenshot_2025-06-22_at_2.58.56â__PM.png

In Web3, private keys are critical for controlling assets, governance, and trust, but their mismanagement poses significant risks, including financial loss and reputational damage. This article explores secure private key generation, storage, and usage to mitigate these vulnerabilities.



Private Key, Public Risk

https://images.ctfassets.net/v0qht4wq59vi/Jh8Oxa2HFz7SVSuUaDYiE/7071332e283d12680b9566cd4f750379/Private_Key__Public_Risk-01.webp

Building on our previous analysis of basic token functionalities across Solidity, Sui Move, and Aptos Move, this report focuses on the advanced features of fungible tokens. We specifically explore how these platforms implement fungible token standards, with extensions such as whitelisting/blacklisting, fee mechanisms, pausing, and whitelisting/blacklisting.

Move for Solidity Developers: Token Standard II — Advanced Fungible Token Extensions

https://images.ctfassets.net/v0qht4wq59vi/ysa9WZ0P182Hu3LtvMQep/cbfa56b1aa786deaae53a89070db11fd/Solidity_Developers_I-01.webp

The second post in our Threshold Cryptography series explores the FROST threshold signing protocol, as proposed in FROST: Flexible Round-Optimized Schnorr Threshold Signatures [1], and highlights a potential issue that arises when implementing the protocol in a decentralized setting. This issue allows a malicious participant to send inconsistent nonce commitments, leading to honest participants to be falsely accused of misbehavior.

Threshold Cryptography II: Unidentifiability in Decentralized FROST Implementation 

https://images.ctfassets.net/v0qht4wq59vi/5HEaBz6O7xJsMG61h8uy4l/3015f85916c1f5cc7484154360f68b0f/Threshold_Cryptography_II-01.webp

CertiK, the largest Web3 security firm, is proud to announce its role as the Platinum Security Partner of Proof of Talk 2025, the premier Web3 and AI summit held at the iconic Louvre Palace in Paris on June 10-11. This sponsorship marks CertiK’s most significant event presence of the year, and underscores its deep commitment to advancing trust and security in the decentralized ecosystem. 

CertiK Joins Proof of Talk 2025 as Platinum Sponsor

https://images.ctfassets.net/v0qht4wq59vi/5BJsW0yMJAkPSjGb10euTb/735f62f9d373e1017551a865e75924f2/Screenshot_2025-06-09_at_2.51.02â__PM.png

In Part 1 of this blog series, we examined the integration of EVM and Cosmos at the application layer, and the risks associated with merging these stacks. Part 2 introduces a novel method for interacting with Cosmos through EVM transactions. Specifically, it details the workflow of specialized precompiled contracts engineered to overcome functional limitations and establish a connection between the two ecosystems.

EVM – Cosmos Convergence Research From Security Base: Part 2

https://images.ctfassets.net/v0qht4wq59vi/3Dc2sQS93NnP71jcJ1SWlr/3764f243bc1c3d0da389ea204f2b07fb/EVM_-Cosmos.jpg

This guide offers a comprehensive overview of CertiK’s presence at Proof of Talk 2025, helping you make the most of your time and plan your interactions with us effectively.

CertiK at Proof of Talk 2025: Attendee Guide

https://images.ctfassets.net/v0qht4wq59vi/5kE75VgZCyWLxJUVRdGRw6/b7e8326c092f5973b4ffb41819044099/Screenshot_2025-06-06_at_10.54.37â__AM.png

In this blog, we look at how Tornado Cash works, the history of its sanctions, and how its usage has shifted since the sanctions were lifted. 

How Tornado Cash Usage Has Changed Since Sanctions Were Lifted 

https://images.ctfassets.net/v0qht4wq59vi/6oioAP5096ZMZRrCWjZeXw/ed24a7722bbea3bab73f717ce6768693/Tornado_Cash.jpg

On May 28, 2025, asset-pegged insurance CorK Protocol suffered a ~$12M security breach.
The attacker exploited a lack of parameter checks, to set up a fake market, and the relatively open access of its AMM extension (CorkHook) to induce double counting of derivative token weETH8DS-2 on two markets, and acquire a large amount of derivatives which they redeemed for 3,761 wstETH.

Cork Protocol Incident Analysis

https://images.ctfassets.net/v0qht4wq59vi/KYlPIXdAfVLu5hB60FogV/97a61bb184ceda87eef7ab4ff2e13c4e/Cork_cover.png

This post introduces Distributed Key Generation (DKG), which allows multiple participants to jointly generate a secret key without ever reconstructing the full secret key, enhancing security and fault tolerance. It is fundamental to decentralized consensus, secure multiparty computation, and threshold signatures.

Threshold Cryptography I: Distributed Key Generation 

https://images.ctfassets.net/v0qht4wq59vi/2bzIkl4IimSE9ZOxMsTxOf/ab5abf6434936982f19b07ddf5763e02/Distributed_Key_Generation__.jpg

In this post, we discuss how basic token standards are implemented across these platforms, focusing solely on minting, burning, and transferring functionalities. Advanced features such as pausing, whitelisting, and freezing will be discussed in detail in a subsequent series.

Move for Solidity Developers: Token Standard I

https://images.ctfassets.net/v0qht4wq59vi/1w7N8A0qR3KVWgfkpsEpL2/bba6b37f6e517af29e9eb4e381909298/Solidity_Developers_I.jpg

On April 12 2025, an unverified contract, 0x623c, was exploited, leading to the loss of approximately $28,000 due to a lack of access control. The exploit was the fourth incident linked to this same attacker, who had already conducted exploits on Gemcy, OPC, and AIRWA, gaining around $181,000. On April 23, the attacker conducted a fifth attack on ACB.

Web3 Resources

Blogs, Latest News, Announcements, and more

Products & Technology

Featured Ecosystems

Company

Web3 Resources

Blogs, Latest News, Announcements, and more