This in-depth analysis will illuminate how the judicious separation of concerns between these layers can engender enhanced scalability, flexibility, and interoperability within the blockchain domain, ultimately shaping the future trajectory of decentralized applications and networks.

In this post, we analyze the specific ZKP constructions implemented in Binance’s tss-lib [1]. These proofs address previously identified weaknesses in the Multiplicative-to-Additive (MtA) protocol, Paillier encryption parameters, and auxiliary RSA modulus generation. Our discussion is grounded in the improvements formalized by the specifications in CGGMP21 [4], which strengthen the robustness of threshold ECDSA against known attacks.

In our 2025 RWA Security Report, we look at the evolving security landscape of RWAs, outlines how CertiK’s Skynet RWA Framework provides structured criteria for assessing protocol risks, and highlights the performance of leading platforms such as Ondo Finance, Paxos, and Tether.

In this article, we delve into the concept of cross-contract calls and examine the distinctions between Solidity and Move contracts in this area. We will assess the mechanisms and security of executing cross-contract calls in Move, aiding developers in better comprehending how to manage contract interactions within the Move environment.

Professor Gu recently sat down with Forbes China to discuss his journey from academia to Web3 security, and how mathematical rigor continues to shape his approach to innovation. In this blog, we’ll look at highlights from his interview, including his academic background, how he founded CertiK, and how CertiK is influencing blockchain security.

On 10 August 2025 Numa protocol was exploited for ~$313k. A malicious actor acquired additional Numa tokens by liquidating victim accounts after manipulating the NumaVault by minting nuBTC. Minting the nuBTC inflated the total synth value and in turn, reduced the collateral value of cNuma according to the Numa VaultManager logic.

This post details two security incidents involving the Lottie animation format and its ecosystem, highlighting the persistent and evolving nature of third-party dependency and supply chain risks in the modern web landscape.

In this post, we provide a detailed examination of the MtA protocol, which utilizes the additively homomorphic properties of the Paillier encryption scheme to facilitate the exchange of encrypted secret shares among the participating parties.

In our 2025 Stablecoin Report, we look at the current stablecoin landscape, vulnerabilities that affect stablecoins, and how CertiK’s Skynet Security Score can help evaluate stablecoin security.

As Web3 adoption continues to accelerate, many central banks and institutions are developing digital asset products, such as stablecoins, to support the stability of existing blockchain ecosystems while offering transparency, speed, and flexibility. However, such stablecoin innovations must win user trust, meet regulatory requirements, and integrate with existing Web3 systems in order to acquire mainstream adoption. In the context of rigorous compliance frameworks, formal verification is a promising methodology to help build reliable stablecoin contracts by verifying essential compliance requirements.

Binance Wallet is enhancing user security by integrating Skynet Token Scan, a powerful tool developed by CertiK’s security researchers. This new feature puts on-demand security intelligence directly into the hands of Binance Wallet users, empowering them to make safer, more informed decisions.

On 9 July 2025 GMX V1 vault was exploited by a white-hat for ~$42M due to a reentrancy issue. The funds were later returned to GMX who awarded the white-hat a 10% bounty. The whitehat had minted and then staked GLP before creating a short position directly from the vault contract through reentrancy. Executing in this order bypassed the ShortsTracker, and prevented the average short position price from being updated. This occurs when the market price exceeds the tracked average price, resulting in the protocol overestimating unrealized losses. As a result, the Assets Under Management (AUM) calculation was manipulated to inflate the apparent value of GLP.

On 15 July 2025, a malicious actor took advantage of a lack of input validation in Arcadia Finance’s Rebalancer contract to obtain assets by paying off a portion of a user’s debt and withdrawing the underlying assets for a net gain of ~$3.6M.

This third post in the Threshold Cryptography series provides a bird’s-eye view of the 9-round threshold ECDSA protocol implemented in tss-lib [1]. Detailed exposition of the underlying MtA secret share conversion protocol and zero-knowledge proofs will follow in the next two posts.

Stablecoins are a type of crypto-asset designed to maintain a stable price by linking each token to an external reference asset, most often a national currency like the U.S. dollar, but sometimes commodities like gold. In theory, every coin in circulation should be redeemable for an equal amount of that reference asset, protecting holders from the sharp price fluctuations typical of unpegged digital currencies.

Ronghui Gu, Co-Founder of Web3 security firm CertiK and Professor of Computer Science at Columbia University, delivered a compelling keynote speech at the University of Hong Kong Business School titled, “Scaling Web3: Balancing Innovation and Security for a Global Audience,” which outlined the critical importance of cybersecurity as the Web3 ecosystem matures.

Welcome to Hack3d: The Web3 Security Report for Q2 + H1 2025. Hack3d is the industry's most comprehensive record of statistics and analysis of on-chain security incidents. It equips stakeholders with the knowledge needed to make informed decisions in an increasingly high-stakes environment.

Following the success of Proof of Talk 2025, more major Web3 events are on the horizon! From June 24 to 27, Seoul—the innovation hub of Asia—will host two flagship Web3 conferences. CertiK invites you to join us on this exciting journey into the future of Web3.