As Web3 adoption continues to accelerate, many central banks and institutions are developing digital asset products, such as stablecoins, to support the stability of existing blockchain ecosystems while offering transparency, speed, and flexibility. However, such stablecoin innovations must win user trust, meet regulatory requirements, and integrate with existing Web3 systems in order to acquire mainstream adoption. In the context of rigorous compliance frameworks, formal verification is a promising methodology to help build reliable stablecoin contracts by verifying essential compliance requirements.

Binance Wallet is enhancing user security by integrating Skynet Token Scan, a powerful tool developed by CertiK’s security researchers. This new feature puts on-demand security intelligence directly into the hands of Binance Wallet users, empowering them to make safer, more informed decisions.

On 9 July 2025 GMX V1 vault was exploited by a white-hat for ~$42M due to a reentrancy issue. The funds were later returned to GMX who awarded the white-hat a 10% bounty. The whitehat had minted and then staked GLP before creating a short position directly from the vault contract through reentrancy. Executing in this order bypassed the ShortsTracker, and prevented the average short position price from being updated. This occurs when the market price exceeds the tracked average price, resulting in the protocol overestimating unrealized losses. As a result, the Assets Under Management (AUM) calculation was manipulated to inflate the apparent value of GLP.

On 15 July 2025, a malicious actor took advantage of a lack of input validation in Arcadia Finance’s Rebalancer contract to obtain assets by paying off a portion of a user’s debt and withdrawing the underlying assets for a net gain of ~$3.6M.

This third post in the Threshold Cryptography series provides a bird’s-eye view of the 9-round threshold ECDSA protocol implemented in tss-lib [1]. Detailed exposition of the underlying MtA secret share conversion protocol and zero-knowledge proofs will follow in the next two posts.

Stablecoins are a type of crypto-asset designed to maintain a stable price by linking each token to an external reference asset, most often a national currency like the U.S. dollar, but sometimes commodities like gold. In theory, every coin in circulation should be redeemable for an equal amount of that reference asset, protecting holders from the sharp price fluctuations typical of unpegged digital currencies.

Ronghui Gu, Co-Founder of Web3 security firm CertiK and Professor of Computer Science at Columbia University, delivered a compelling keynote speech at the University of Hong Kong Business School titled, “Scaling Web3: Balancing Innovation and Security for a Global Audience,” which outlined the critical importance of cybersecurity as the Web3 ecosystem matures.

Welcome to Hack3d: The Web3 Security Report for Q2 + H1 2025. Hack3d is the industry's most comprehensive record of statistics and analysis of on-chain security incidents. It equips stakeholders with the knowledge needed to make informed decisions in an increasingly high-stakes environment.

Following the success of Proof of Talk 2025, more major Web3 events are on the horizon! From June 24 to 27, Seoul—the innovation hub of Asia—will host two flagship Web3 conferences. CertiK invites you to join us on this exciting journey into the future of Web3.

In Web3, private keys are critical for controlling assets, governance, and trust, but their mismanagement poses significant risks, including financial loss and reputational damage. This article explores secure private key generation, storage, and usage to mitigate these vulnerabilities.

Building on our previous analysis of basic token functionalities across Solidity, Sui Move, and Aptos Move, this report focuses on the advanced features of fungible tokens. We specifically explore how these platforms implement fungible token standards, with extensions such as whitelisting/blacklisting, fee mechanisms, pausing, and whitelisting/blacklisting.

The second post in our Threshold Cryptography series explores the FROST threshold signing protocol, as proposed in FROST: Flexible Round-Optimized Schnorr Threshold Signatures [1], and highlights a potential issue that arises when implementing the protocol in a decentralized setting. This issue allows a malicious participant to send inconsistent nonce commitments, leading to honest participants to be falsely accused of misbehavior.

CertiK, the largest Web3 security firm, is proud to announce its role as the Platinum Security Partner of Proof of Talk 2025, the premier Web3 and AI summit held at the iconic Louvre Palace in Paris on June 10-11. This sponsorship marks CertiK’s most significant event presence of the year, and underscores its deep commitment to advancing trust and security in the decentralized ecosystem.

In Part 1 of this blog series, we examined the integration of EVM and Cosmos at the application layer, and the risks associated with merging these stacks. Part 2 introduces a novel method for interacting with Cosmos through EVM transactions. Specifically, it details the workflow of specialized precompiled contracts engineered to overcome functional limitations and establish a connection between the two ecosystems.

This guide offers a comprehensive overview of CertiK’s presence at Proof of Talk 2025, helping you make the most of your time and plan your interactions with us effectively.

In this blog, we look at how Tornado Cash works, the history of its sanctions, and how its usage has shifted since the sanctions were lifted.

On May 28, 2025, asset-pegged insurance CorK Protocol suffered a ~$12M security breach. The attacker exploited a lack of parameter checks, to set up a fake market, and the relatively open access of its AMM extension (CorkHook) to induce double counting of derivative token weETH8DS-2 on two markets, and acquire a large amount of derivatives which they redeemed for 3,761 wstETH.

This post introduces Distributed Key Generation (DKG), which allows multiple participants to jointly generate a secret key without ever reconstructing the full secret key, enhancing security and fault tolerance. It is fundamental to decentralized consensus, secure multiparty computation, and threshold signatures.