CertiK Resources
Blogs, Latest News, Announcements, and more
Welcome to CertiK’s Hack3d report for Q1 of 2025! During this quarter, hackers stole more than $1.6 billion across 197 security incidents. These figures represent an approximate 303.38% increase in value lost compared to the previous quarter, the majority of which is due to the Bybit exploit, the largest crypto theft in history. In our report, we discuss the latest trends in Web3 security, including an analysis of the most prominent attack vectors and targeted chains. We also highlight a variety of our recently-published technical and educational resources.
4/1/2025
Following the success of Proof of Talk 2025, more major Web3 events are on the horizon! From June 24 to 27, Seoul—the innovation hub of Asia—will host two flagship Web3 conferences. CertiK invites you to join us on this exciting journey into the future of Web3.
6/22/2025
In Web3, private keys are critical for controlling assets, governance, and trust, but their mismanagement poses significant risks, including financial loss and reputational damage. This article explores secure private key generation, storage, and usage to mitigate these vulnerabilities.
6/22/2025
Building on our previous analysis of basic token functionalities across Solidity, Sui Move, and Aptos Move, this report focuses on the advanced features of fungible tokens. We specifically explore how these platforms implement fungible token standards, with extensions such as whitelisting/blacklisting, fee mechanisms, pausing, and whitelisting/blacklisting.
6/12/2025
The second post in our Threshold Cryptography series explores the FROST threshold signing protocol, as proposed in FROST: Flexible Round-Optimized Schnorr Threshold Signatures [1], and highlights a potential issue that arises when implementing the protocol in a decentralized setting. This issue allows a malicious participant to send inconsistent nonce commitments, leading to honest participants to be falsely accused of misbehavior.
6/10/2025
CertiK, the largest Web3 security firm, is proud to announce its role as the Platinum Security Partner of Proof of Talk 2025, the premier Web3 and AI summit held at the iconic Louvre Palace in Paris on June 10-11. This sponsorship marks CertiK’s most significant event presence of the year, and underscores its deep commitment to advancing trust and security in the decentralized ecosystem.
6/10/2025
In Part 1 of this blog series, we examined the integration of EVM and Cosmos at the application layer, and the risks associated with merging these stacks. Part 2 introduces a novel method for interacting with Cosmos through EVM transactions. Specifically, it details the workflow of specialized precompiled contracts engineered to overcome functional limitations and establish a connection between the two ecosystems.
6/9/2025
This guide offers a comprehensive overview of CertiK’s presence at Proof of Talk 2025, helping you make the most of your time and plan your interactions with us effectively.
6/6/2025
In this blog, we look at how Tornado Cash works, the history of its sanctions, and how its usage has shifted since the sanctions were lifted.
6/3/2025
On May 28, 2025, asset-pegged insurance CorK Protocol suffered a ~$12M security breach.
The attacker exploited a lack of parameter checks, to set up a fake market, and the relatively open access of its AMM extension (CorkHook) to induce double counting of derivative token weETH8DS-2 on two markets, and acquire a large amount of derivatives which they redeemed for 3,761 wstETH.
5/29/2025
This post introduces Distributed Key Generation (DKG), which allows multiple participants to jointly generate a secret key without ever reconstructing the full secret key, enhancing security and fault tolerance. It is fundamental to decentralized consensus, secure multiparty computation, and threshold signatures.
5/18/2025
In this post, we discuss how basic token standards are implemented across these platforms, focusing solely on minting, burning, and transferring functionalities. Advanced features such as pausing, whitelisting, and freezing will be discussed in detail in a subsequent series.
5/14/2025
On April 12 2025, an unverified contract, 0x623c, was exploited, leading to the loss of approximately $28,000 due to a lack of access control. The exploit was the fourth incident linked to this same attacker, who had already conducted exploits on Gemcy, OPC, and AIRWA, gaining around $181,000. On April 23, the attacker conducted a fifth attack on ACB.
5/12/2025
On 11 May 2025, our system detected a suspicious attack involving Mobius Token #MBU on Binance Smart Chain #BSC, which resulted in an approximate loss of $2.16M
5/11/2025
As a leading Web3 security company and an important sponsor of this conference, CertiK sincerely invites Web3 participants from all over the world to attend to learn more about our cutting-edge security research, discuss the future of Web3, and promote industry security. This guide will take you through CertiK’s exciting activities at Consensus 2025 and help you efficiently plan your interactive itinerary with us.
5/9/2025
This article discusses some of the new features of PancakeSwap Infinity, and explores the security considerations related to PancakeSwap Infinity hooks.
5/7/2025
In this post, we examine how EIP-7702 reshapes core EVM assumptions, spotlight mocked examples, and provide actionable guidance for developers to assess whether their existing contracts may be vulnerable.
5/6/2025
In this article, we look at how oracles work, why they matter, how they can be exploited, and more, with the goal of educating DeFi participants on how to better protect themselves from these types of threats.
5/6/2025
Ronghui Gu, Co-founder of CertiK and Associate Professor of Computer Science at Columbia University, delivered a Keynote speech at Unchained Summit Dubai 2025, emphasizing the important balance between Web3 innovation and security.
4/30/2025
