On 25 January 2025, an attacker exploited a vulnerability in XPEPE’s TokenStaker contract which led to a 99% drop of the token price.

CertiK Ventures is proud to announce our investment in Zoo Finance – a DeFi protocol pioneering the next evolution of blockchain fundraising via its Liquid Node Token (LNT) architecture.

What is driving the rise of INOs, and how might they shape the future of decentralized networks and project funding? Let’s dive into the potential benefits and challenges of this emerging model.

CertiK Ventures is pleased to announce our investment in Mantis, a project that marks a significant step forward in Decentralized Finance and AI (DeFAI). Mantis is the first Layer 2 rollup built on the Solana Virtual Machine (SVM), designed to enhance interoperability and simplify the DeFi user journey through AI agents.

This article discusses some of the new features of Uniswap V4, and explores the security considerations related to Uniswap V4 hooks.

Given that phishing attacks are on the rise, it’s important for all Web3 participants to learn how to better protect their cryptocurrency. Below, we’ll look at strategies for avoiding phishing and traps you should avoid.

In the Web3 space, new tokens are constantly emerging. Have you ever wondered how many new tokens are issued each day? And more importantly, are these new tokens safe? Over the past few months, CertiK's security team has identified numerous cases of rug pull transactions. Notably, all of the tokens involved in these cases were newly listed on the blockchain.

In CertiK Ventures’ 2024 Investment Thesis, we explore CertiK’s roots as a leader in blockchain security, the current state of the venture capital (VC) landscape, developing supportive ecosystem strategies, and crypto market opportunities. We also discuss in detail our investment philosophy, strategic directions, methodologies, and proprietary investment grading and scoring metrics — all in line with our commitment to transparency and providing publicly-accessible resources.

Welcome to Hack3d: The Web3 Security Report for 2024. CertiK’s Hack3d reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security.

On December 29, 2024 at 5:00 AM UTC, the FEG token bridge system was exploited, which permitted the attacker to withdraw FEG tokens from the bridge contract without depositing them in the source chain. The total profit for the attacker across three blockchains (Ethereum, Base, and BSC) is approximately $1 million USD.

In this article, we share our extensive research and insights into PSBT, delving into its components, applications in Bitcoin DeFi, and the security risks associated with improper usage. We aim to highlight best practices for secure PSBT implementation and contribute to the ongoing efforts to strengthen Bitcoin ecosystem security.

The Open Network (TON) continues to push the boundaries of blockchain technology with its innovative features and robust smart contract capabilities. Building on the insights and lessons learned from previous blockchain platforms like Ethereum, TON offers developers a more efficient and flexible environment. One of the key components driving this advancement is the Tact language.

On 10 December 2024, Clober DEX liquidity vault on Base Network was exploited resulting in a loss of 133.7 ETH (~$501k). The root cause of the attack was a reentrancy vulnerability in the _burn() function of the Rebalancer contract. Clober made an announcement via their X account, offering a 20% bounty to the attacker.

Blockchain’s characteristics of immutability, transparency, decentralized data management, and availability have attracted attention across industries, from finance, to supply chain management, to healthcare, and many more. However, these features create significant challenges when it comes to regulatory compliance.

CertiK is advancing its leadership in blockchain security by expanding into node services with its new CertiK SkyNode Service. By becoming validators across multiple public blockchain ecosystems, CertiK aims to enhance network reliability, security, and performance. This strategic initiative builds on our proven expertise in security auditing, ensuring that blockchain operations remain efficient, trustworthy, and secure.

On 16 November 2024, Polter Finance was exploited for ~$8.7 million, due to a price manipulation exploit. Polter Finance paused their platform shortly after to investigate.

These five tips will help Web3 teams successfully pass the background investigation and obtain the CertiK KYC Badge for their project.

On 11 November 2024, DeltaPrime was exploited for ~$4.8M across Arbitrum and Avalanche network. The attack combined two vulnerabilities. The first one is an unchecked input allowing the attacker to move borrowed token to another arbitrary address. The second one also involves arbitrary address input that can be exploited by leveraging the claim mechanism to withdraw the collateral.