CertiK Logo
Products
Company
CertiK Resources
Blogs, Latest News, Announcements, and more
In this post, we analyze the specific ZKP constructions implemented in Binance’s tss-lib [1]. These proofs address previously identified weaknesses in the Multiplicative-to-Additive (MtA) protocol, Paillier encryption parameters, and auxiliary RSA modulus generation. Our discussion is grounded in the improvements formalized by the specifications in CGGMP21 [4], which strengthen the robustness of threshold ECDSA against known attacks.
9/3/2025
EVM – Cosmos Convergence Research From Security Base: Part 3
This in-depth analysis will illuminate how the judicious separation of concerns between these layers can engender enhanced scalability, flexibility, and interoperability within the blockchain domain, ultimately shaping the future trajectory of decentralized applications and networks.
9/10/2025
Threshold Cryptography V: Auxiliary Zero-knowledge Proofs
In this post, we analyze the specific ZKP constructions implemented in Binance’s tss-lib [1]. These proofs address previously identified weaknesses in the Multiplicative-to-Additive (MtA) protocol, Paillier encryption parameters, and auxiliary RSA modulus generation. Our discussion is grounded in the improvements formalized by the specifications in CGGMP21 [4], which strengthen the robustness of threshold ECDSA against known attacks.
9/3/2025
2025 Skynet RWA Security Report
In our 2025 RWA Security Report, we look at the evolving security landscape of RWAs, outlines how CertiK’s Skynet RWA Framework provides structured criteria for assessing protocol risks, and highlights the performance of leading platforms such as Ondo Finance, Paxos, and Tether.
8/21/2025
Move for Solidity Developers IV: Cross-Contract Call
In this article, we delve into the concept of cross-contract calls and examine the distinctions between Solidity and Move contracts in this area. We will assess the mechanisms and security of executing cross-contract calls in Move, aiding developers in better comprehending how to manage contract interactions within the Move environment.
8/18/2025
Forbes China Interviews Ronghui Gu, CertiK Co-founder & CEO, on Pioneering Web3 Security with Mathematical Rigor
Professor Gu recently sat down with Forbes China to discuss his journey from academia to Web3 security, and how mathematical rigor continues to shape his approach to innovation. In this blog, we’ll look at highlights from his interview, including his academic background, how he founded CertiK, and how CertiK is influencing blockchain security.
8/14/2025
Numa Incident Analysis
On 10 August 2025 Numa protocol was exploited for ~$313k. A malicious actor acquired additional Numa tokens by liquidating victim accounts after manipulating the NumaVault by minting nuBTC. Minting the nuBTC inflated the total synth value and in turn, reduced the collateral value of cNuma according to the Numa VaultManager logic.
8/12/2025
Lottie File Incidents: Case Studies of Third-Party Supply Chain Risks
This post details two security incidents involving the Lottie animation format and its ecosystem, highlighting the persistent and evolving nature of third-party dependency and supply chain risks in the modern web landscape.
8/10/2025
Threshold Cryptography IV: Multiplicative-to-Additive (MtA) Protocol and Paillier Encryption Scheme
In this post, we provide a detailed examination of the MtA protocol, which utilizes the additively homomorphic properties of the Paillier encryption scheme to facilitate the exchange of encrypted secret shares among the participating parties.
8/10/2025
Skynet Stablecoin Spotlight Report: H1 2025
In our 2025 Stablecoin Report, we look at the current stablecoin landscape, vulnerabilities that affect stablecoins, and how CertiK’s Skynet Security Score can help evaluate stablecoin security.
7/22/2025
Stablecoin Regulation and the GENIUS Act: A Case for Formal Verification
As Web3 adoption continues to accelerate, many central banks and institutions are developing digital asset products, such as stablecoins, to support the stability of existing blockchain ecosystems while offering transparency, speed, and flexibility. However, such stablecoin innovations must win user trust, meet regulatory requirements, and integrate with existing Web3 systems in order to acquire mainstream adoption. In the context of rigorous compliance frameworks, formal verification is a promising methodology to help build reliable stablecoin contracts by verifying essential compliance requirements.
7/18/2025
Binance Wallet Integrates CertiK’s Skynet Token Scan
Binance Wallet is enhancing user security by integrating Skynet Token Scan, a powerful tool developed by CertiK’s security researchers. This new feature puts on-demand security intelligence directly into the hands of Binance Wallet users, empowering them to make safer, more informed decisions.
7/17/2025
GMX Incident Analysis
On 9 July 2025 GMX V1 vault was exploited by a white-hat for ~$42M due to a reentrancy issue. The funds were later returned to GMX who awarded the white-hat a 10% bounty. The whitehat had minted and then staked GLP before creating a short position directly from the vault contract through reentrancy. Executing in this order bypassed the ShortsTracker, and prevented the average short position price from being updated. This occurs when the market price exceeds the tracked average price, resulting in the protocol overestimating unrealized losses. As a result, the Assets Under Management (AUM) calculation was manipulated to inflate the apparent value of GLP.
7/16/2025
Arcadia Incident Analysis
On 15 July 2025, a malicious actor took advantage of a lack of input validation in Arcadia Finance’s Rebalancer contract to obtain assets by paying off a portion of a user’s debt and withdrawing the underlying assets for a net gain of ~$3.6M.
7/15/2025
Threshold Cryptography III: Binance tss-lib’s 9-Round Threshold ECDSA
This third post in the Threshold Cryptography series provides a bird’s-eye view of the 9-round threshold ECDSA protocol implemented in tss-lib [1]. Detailed exposition of the underlying MtA secret share conversion protocol and zero-knowledge proofs will follow in the next two posts.
7/15/2025
Security Risks of Stablecoins
Stablecoins are a type of crypto-asset designed to maintain a stable price by linking each token to an external reference asset, most often a national currency like the U.S. dollar, but sometimes commodities like gold. In theory, every coin in circulation should be redeemable for an equal amount of that reference asset, protecting holders from the sharp price fluctuations typical of unpegged digital currencies.
7/8/2025
CertiK’s Co-founder Ronghui Gu Delivers Keynote Speech at HKU Business School on the Next Era of Blockchain Security
Ronghui Gu, Co-Founder of Web3 security firm CertiK and Professor of Computer Science at Columbia University, delivered a compelling keynote speech at the University of Hong Kong Business School titled, “Scaling Web3: Balancing Innovation and Security for a Global Audience,” which outlined the critical importance of cybersecurity as the Web3 ecosystem matures.
7/1/2025
Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2025
Welcome to Hack3d: The Web3 Security Report for Q2 + H1 2025. Hack3d is the industry's most comprehensive record of statistics and analysis of on-chain security incidents. It equips stakeholders with the knowledge needed to make informed decisions in an increasingly high-stakes environment.
6/30/2025
CertiK’s Korea Event Attendee Guide: June 2025
Following the success of Proof of Talk 2025, more major Web3 events are on the horizon! From June 24 to 27, Seoul—the innovation hub of Asia—will host two flagship Web3 conferences. CertiK invites you to join us on this exciting journey into the future of Web3.
6/22/2025