Given that phishing attacks are on the rise, it’s important for all Web3 participants to learn how to better protect their cryptocurrency. Below, we’ll look at strategies for avoiding phishing and traps you should avoid.

In the Web3 space, new tokens are constantly emerging. Have you ever wondered how many new tokens are issued each day? And more importantly, are these new tokens safe? Over the past few months, CertiK's security team has identified numerous cases of rug pull transactions. Notably, all of the tokens involved in these cases were newly listed on the blockchain.

In CertiK Ventures’ 2024 Investment Thesis, we explore CertiK’s roots as a leader in blockchain security, the current state of the venture capital (VC) landscape, developing supportive ecosystem strategies, and crypto market opportunities. We also discuss in detail our investment philosophy, strategic directions, methodologies, and proprietary investment grading and scoring metrics — all in line with our commitment to transparency and providing publicly-accessible resources.

Welcome to Hack3d: The Web3 Security Report for 2024. CertiK’s Hack3d reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security.

On December 29, 2024 at 5:00 AM UTC, the FEG token bridge system was exploited, which permitted the attacker to withdraw FEG tokens from the bridge contract without depositing them in the source chain. The total profit for the attacker across three blockchains (Ethereum, Base, and BSC) is approximately $1 million USD.

In this article, we share our extensive research and insights into PSBT, delving into its components, applications in Bitcoin DeFi, and the security risks associated with improper usage. We aim to highlight best practices for secure PSBT implementation and contribute to the ongoing efforts to strengthen Bitcoin ecosystem security.

The Open Network (TON) continues to push the boundaries of blockchain technology with its innovative features and robust smart contract capabilities. Building on the insights and lessons learned from previous blockchain platforms like Ethereum, TON offers developers a more efficient and flexible environment. One of the key components driving this advancement is the Tact language.

On 10 December 2024, Clober DEX liquidity vault on Base Network was exploited resulting in a loss of 133.7 ETH (~$501k). The root cause of the attack was a reentrancy vulnerability in the _burn() function of the Rebalancer contract. Clober made an announcement via their X account, offering a 20% bounty to the attacker.

Blockchain’s characteristics of immutability, transparency, decentralized data management, and availability have attracted attention across industries, from finance, to supply chain management, to healthcare, and many more. However, these features create significant challenges when it comes to regulatory compliance.

CertiK is advancing its leadership in blockchain security by expanding into node services with its new CertiK SkyNode Service. By becoming validators across multiple public blockchain ecosystems, CertiK aims to enhance network reliability, security, and performance. This strategic initiative builds on our proven expertise in security auditing, ensuring that blockchain operations remain efficient, trustworthy, and secure.

On 16 November 2024, Polter Finance was exploited for ~$8.7 million, due to a price manipulation exploit. Polter Finance paused their platform shortly after to investigate.

These five tips will help Web3 teams successfully pass the background investigation and obtain the CertiK KYC Badge for their project.

On 11 November 2024, DeltaPrime was exploited for ~$4.8M across Arbitrum and Avalanche network. The attack combined two vulnerabilities. The first one is an unchecked input allowing the attacker to move borrowed token to another arbitrary address. The second one also involves arbitrary address input that can be exploited by leveraging the claim mechanism to withdraw the collateral.

Desktop wallets play a crucial role in the Web3 ecosystem, providing users with a means to securely manage their digital assets within decentralized networks. This report presents the findings of this technical analysis in detail, aiming to raise user awareness about security, and assist users in better protecting their digital assets when utilizing desktop wallets.

In October 2024, CryptoBottle on Polygon was exploited on three separate occasions with combined losses totalling ~$527k. In the latest incident on 24 October, the largest of the three, an attacker exploited a critical vulnerability to disable a balance check in the swap() method after callback, and made arbitrary swaps to acquire a large amount of NAS tokens which they then sold to drain the project of ~$490k USDT.

Much like traditional financial markets, crypto markets are not immune to manipulation. Many of the same practices that plague stocks and commodities — like wash trading, spreading fear, and pump and dump schemes — also exist in the crypto space. In this blog, we’ll explore some of the most common manipulation tactics in the crypto markets and discuss how these practices impact the industry as a whole.

In a recent DeThings interview, Professor Ronghui Gu, Co-Founder of CertiK, addressed the question, "Who monitors the monitors?" and discussed how security companies self-regulate. Read to learn about key findings from the interview.

Welcome to Hack3d: The Web3 Security Report for Q3 2024. Hack3d serves as an essential resource and record of statistics for understanding security challenges and vulnerabilities in the Web3 space. It equips stakeholders with the knowledge and insights needed to fortify their defenses and make informed decisions in an increasingly high-stakes environment.