In this article, we share our extensive research and insights into PSBT, delving into its components, applications in Bitcoin DeFi, and the security risks associated with improper usage. We aim to highlight best practices for secure PSBT implementation and contribute to the ongoing efforts to strengthen Bitcoin ecosystem security.

The Open Network (TON) continues to push the boundaries of blockchain technology with its innovative features and robust smart contract capabilities. Building on the insights and lessons learned from previous blockchain platforms like Ethereum, TON offers developers a more efficient and flexible environment. One of the key components driving this advancement is the Tact language.

On 10 December 2024, Clober DEX liquidity vault on Base Network was exploited resulting in a loss of 133.7 ETH (~$501k). The root cause of the attack was a reentrancy vulnerability in the _burn() function of the Rebalancer contract. Clober made an announcement via their X account, offering a 20% bounty to the attacker.

Blockchain’s characteristics of immutability, transparency, decentralized data management, and availability have attracted attention across industries, from finance, to supply chain management, to healthcare, and many more. However, these features create significant challenges when it comes to regulatory compliance.

CertiK is advancing its leadership in blockchain security by expanding into node services with its new CertiK SkyNode Service. By becoming validators across multiple public blockchain ecosystems, CertiK aims to enhance network reliability, security, and performance. This strategic initiative builds on our proven expertise in security auditing, ensuring that blockchain operations remain efficient, trustworthy, and secure.

On 16 November 2024, Polter Finance was exploited for ~$8.7 million, due to a price manipulation exploit. Polter Finance paused their platform shortly after to investigate.

These five tips will help Web3 teams successfully pass the background investigation and obtain the CertiK KYC Badge for their project.

On 11 November 2024, DeltaPrime was exploited for ~$4.8M across Arbitrum and Avalanche network. The attack combined two vulnerabilities. The first one is an unchecked input allowing the attacker to move borrowed token to another arbitrary address. The second one also involves arbitrary address input that can be exploited by leveraging the claim mechanism to withdraw the collateral.

Desktop wallets play a crucial role in the Web3 ecosystem, providing users with a means to securely manage their digital assets within decentralized networks. This report presents the findings of this technical analysis in detail, aiming to raise user awareness about security, and assist users in better protecting their digital assets when utilizing desktop wallets.

In October 2024, CryptoBottle on Polygon was exploited on three separate occasions with combined losses totalling ~$527k. In the latest incident on 24 October, the largest of the three, an attacker exploited a critical vulnerability to disable a balance check in the swap() method after callback, and made arbitrary swaps to acquire a large amount of NAS tokens which they then sold to drain the project of ~$490k USDT.

Much like traditional financial markets, crypto markets are not immune to manipulation. Many of the same practices that plague stocks and commodities — like wash trading, spreading fear, and pump and dump schemes — also exist in the crypto space. In this blog, we’ll explore some of the most common manipulation tactics in the crypto markets and discuss how these practices impact the industry as a whole.

In a recent DeThings interview, Professor Ronghui Gu, Co-Founder of CertiK, addressed the question, "Who monitors the monitors?" and discussed how security companies self-regulate. Read to learn about key findings from the interview.

Welcome to Hack3d: The Web3 Security Report for Q3 2024. Hack3d serves as an essential resource and record of statistics for understanding security challenges and vulnerabilities in the Web3 space. It equips stakeholders with the knowledge and insights needed to fortify their defenses and make informed decisions in an increasingly high-stakes environment.

On 11 September 2024, Omnipus contracts were drained of ~$30k received during the presale of the OPUS token.

During 2024 Korean Blockchain Week (KBW), Professor Kang Li, Chief Security Officer of CertiK, was interviewed by Korean media outlet, E-Today. In the interview, Professor Kang discussed how recent regulatory developments have created new opportunities for the cryptocurrency industry. He also expressed concerns about security challenges faced by the blockchain ecosystem, and emphasized the importance of addressing these issues for long-term development and establishing trust.

On 10th September, 2024, Caterpillar Coin ($CUT token) suffered a flashloan attack resulting in a loss of ~$1.4M and causing a 99% slippage on the token. The attack exploited vulnerabilities in the ‘price protection mechanisms’, which led to the manipulation of token reserves and rewards.

CertiK’s Skynet is transforming Web3 security by making complex insights accessible to everyone. As a leading user security platform, Skynet empowers users to protect their assets, stay informed, and navigate the decentralized world confidently. Here’s how Skynet’s features are helping to build a safer, more informed Web3 community.

This blog offers insights into the differences between traditional Web2 applications and Web3 Dapps, Dapp threat modeling, and unique attack vectors enabled by the integration of blockchain components.