CertiK Blog

CertiK has completed an independent Proof of Reserves (PoR) audit for Gate Technology FZE, the Dubai-based entity of the Gate Group. Gate Dubai exchange is licensed by the Virtual Assets Regulatory Authority (VARA). The audit verified that the platform's on-chain reserves fully back its user liabilities across all in-scope assets as of December 31, 2025.

An overview of regulatory developments in the United States in February 2026, including the Senate Banking draft, GENIUS Act implementation, and the SEC “Task Force” transition.

In February 2026, an AI agent named Lobstar Wilde gave away tokens worth up to $450,000 to a stranger on X. The stranger had posted a sob story about needing 4 SOL for his uncle's tetanus treatment. Lobstar Wilde, an autonomous agent running on Solana with a live wallet, read the post and sent 52 million tokens. Not 4 SOL. Five percent of its entire token supply. The developer later explained that a session crash had wiped the agent's memory. It forgot what it owned, misread a social media post as a legitimate request, and signed an irreversible on-chain transfer. No compliance system flagged the transaction. No human reviewed it. The money just moved. This is a preview of what agentic commerce looks like without proper compliance infrastructure.

CertiK has completed an independent Proof of Reserves (PoR) audit for Gate Technology FZE, the Dubai-based entity of the Gate Group. Gate Dubai exchange is licensed by the Virtual Assets Regulatory Authority (VARA). The audit verified that the platform's on-chain reserves fully back its user liabilities across all in-scope assets as of December 31, 2025.

An overview of regulatory developments in the United States in February 2026, including the Senate Banking draft, GENIUS Act implementation, and the SEC “Task Force” transition.

The Top10 AI Agent Projects on BNB Chain showcases the most trending AI Agent projects based on Skynet Score. These rankings reflect a comprehensive evaluation of security posture, operational maturity, market presence, and ecosystem traction. As autonomous on-chain agents gain adoption, security and infrastructure reliability remain the primary determinants of sustainable growth and institutional trust.

In February 2026, an AI agent named Lobstar Wilde gave away tokens worth up to $450,000 to a stranger on X. The stranger had posted a sob story about needing 4 SOL for his uncle's tetanus treatment. Lobstar Wilde, an autonomous agent running on Solana with a live wallet, read the post and sent 52 million tokens. Not 4 SOL. Five percent of its entire token supply. The developer later explained that a session crash had wiped the agent's memory. It forgot what it owned, misread a social media post as a legitimate request, and signed an irreversible on-chain transfer. No compliance system flagged the transaction. No human reviewed it. The money just moved. This is a preview of what agentic commerce looks like without proper compliance infrastructure.

This article takes an in-depth look at the importance of blockchain transaction fee models and their critical role in ensuring network security and efficient operation. By comparing the transaction fee models of Ethereum and Solana, it highlights how unsafe transaction pricing can introduce network security risks. The article especially focuses on a compute-unit (CU) accounting error in Solana’s big-integer modular exponentiation syscall discovered and reported by the CertiK team, which could lead to a potential remote DoS attack. It further analyzes Solana’s smart-contract pricing model, PoH-related timing mechanics, and parallel transaction processing, and reproduces the remote DoS process and cost via experiments on a private Solana cluster.

Learn why having a bug bounty program is crucial for your blockchain project. Discover how it helps identify vulnerabilities, improve security, and build trust with users.

In February 2026 two separate exploits occurred on the BNB Smart Chain (BSC), affecting SOF and LAXO tokens, leveraging the same class of vulnerability: a flawed token burn mechanism that allowed price manipulation within a single transaction.

Prediction markets crossed into the mainstream in 2025, with annual trading volume growing 4x and a small number of dominant platforms emerging. Kalshi, Polymarket, and Opinion now control the vast majority of global volume, each pursuing distinct regulatory and technical strategies.

On 30 January 2026, Gyroscope announced via their X account that they had paused liquidity pools due to an issue with their cross-chain contract. The issue led to losses of 6M Gyro Dollar (GYD) tokens with approximately $807k of liquidity extracted by the attacker.

CertiK has completed an independent Proof of Reserves (PoR) audit for Gate Technology FZE, the Dubai-based entity of the Gate Group. Gate Dubai exchange is licensed by the Virtual Assets Regulatory Authority (VARA). The audit verified that the platform's on-chain reserves fully back its user liabilities across all in-scope assets as of December 31, 2025.

An overview of regulatory developments in the United States in February 2026, including the Senate Banking draft, GENIUS Act implementation, and the SEC “Task Force” transition.

In February 2026, an AI agent named Lobstar Wilde gave away tokens worth up to $450,000 to a stranger on X. The stranger had posted a sob story about needing 4 SOL for his uncle's tetanus treatment. Lobstar Wilde, an autonomous agent running on Solana with a live wallet, read the post and sent 52 million tokens. Not 4 SOL. Five percent of its entire token supply. The developer later explained that a session crash had wiped the agent's memory. It forgot what it owned, misread a social media post as a legitimate request, and signed an irreversible on-chain transfer. No compliance system flagged the transaction. No human reviewed it. The money just moved. This is a preview of what agentic commerce looks like without proper compliance infrastructure.

In our previous video, we discussed Advanced Formal Verification of ZKP: Verifying a ZK Instruction. By formally verifying each zkWasm instruction, we were able to completely verify the technical security and correctness of the entire zkWasm circuit. In this video, we will focus on the bug discovery aspect, examining specific bugs encountered during the process and the lessons learned.

Skynet Quest is a brand new platform that unlocks Web3 security with engaging learning experiences and tools. By completing quests, users gain practical knowledge of Web3 security, earn rewards, and unlock valuable tools. Whether you're a novice or an expert, Skynet Quests has something to teach everyone.

In December 2023, we shared an Aptos-related bug report with the Wormhole Bug Bounty Program. We were impressed at Wormhole’s quick and effective resolution of the issue. A patch resolved the issue within 3.5 hours of the initial report.