모든 블로그

Introducing CertiK Hunt, The Invite-Only Security Platform for Web3 Projects and Top Security Researchers

Introducing CertiK Hunt, The Invite-Only Security Platform for Web3 Projects and Top Security Researchers

CertiK Hunt is an invite-only platform connecting elite security researchers with web3 projects through bug bounty programs, audit competitions, and AI challenges.

What Are Decentralized Apps (dApps)?

What Are Decentralized Apps (dApps)?

Decentralized apps (dApps) run on blockchain networks like Ethereum, Solana, BSC, SUI, and Avalanche. Learn what dApps are, how they work, examples, and their advantages in Web3.

Advancing Sui: The Evolution of Sui’s Payment Pipeline

Advancing Sui: The Evolution of Sui’s Payment Pipeline

Explore how Sui's Address Balance layer powers gasless stablecoin transfers, providing a frictionless user experience while tackling complex engineering challenges at the execution and settlement level.

CertiK Skills: Bringing Blockchain Security Intelligence Into AI Agents

CertiK Skills: Bringing Blockchain Security Intelligence Into AI Agents

Discover CertiK's open-source AI Agent Skills for Claude Code, Codex, and Cursor. Easily plug in SkyInsights, Skylens, and Skynet Score to access real-time Web3 wallet screening, EVM forensics, and project security intelligence directly within your agent workflow.

JaredFromSubway MEV bot Incident Analysis
새로운 · 리서치 ·사고 분석

JaredFromSubway MEV bot Incident Analysis

On 20 June 2026, the JaredFromSubway MEV bot lost 4,424 ETH (~$7.5M) due to an approval hijacking flaw. The attacker deployed fake arbitrage pools and bait tokens that appeared to offer profitable trading opportunities, causing the bot’s automated strategy to interact with malicious contracts and grant token approvals.

Security Considerations for Passkey-Based Web3 Wallets

Security Considerations for Passkey-Based Web3 Wallets

This article analyzes that security model across the full asset-control lifecycle. It traces a single transaction through Clave's open-source implementation, surveys past vulnerabilities in WebAuthn, FIDO2, and CTAP, maps them onto the lifecycle of a typical Passkey Wallet, and ends with implementation checks for teams building one.

Catch Runtime Bugs Before They Become Mainnet Incidents: CertiK Grey Box Chain Audit

Catch Runtime Bugs Before They Become Mainnet Incidents: CertiK Grey Box Chain Audit

CertiK's Grey Box Chain Audit catches runtime bugs before they become mainnet incidents, using fault injection and live network testing to surface chain-critical failures that static analysis alone cannot detect.

GnosisPay Incident Analysis

GnosisPay Incident Analysis

On 01 June 2026 an attacker drained dozens of GnosisPay Safes on Gnosis Chain. The attack vector was a signature-verification flaw in the GnosisPay Delay module.

May 2026 Regulatory Recap: Significant Movement with the CLARITY Act

May 2026 Regulatory Recap: Significant Movement with the CLARITY Act

A massive turning point arrived in July 2025 when the Trump Administration’s pro-crypto stance coalesced into historic legislative action: the passage of both the stablecoin-focused GENIUS Act and the landmark CLARITY Act by the House.

Quantum Computing Threats to the Blockchain Industry

Quantum Computing Threats to the Blockchain Industry

This report examines how future fault-tolerant quantum computers may compromise blockchain cryptography, and what protocols, validators, custodians, and ecosystem participants must do to migrate before the window closes.

Skynet 2026 Stablecoin Threat Intelligence Report

Skynet 2026 Stablecoin Threat Intelligence Report

CertiK's Skynet 2026 Stablecoin Threat Intelligence Report examines the two defining stablecoin security threats of 2026: escalating attacks on interconnected financial infrastructure and the rise of state-sponsored sanctions evasion through A7A5, a Russian-ruble-backed stablecoin that processed over $110 billion in transactions within its first year.

Post-Quantum Signatures, Part 2: From Trees to Forests

Post-Quantum Signatures, Part 2: From Trees to Forests

XMSS builds on one-time signatures by organizing OTS keys into Merkle trees and hyper-trees, delivering a practical post-quantum signature scheme with compact proofs, fast verification, and a critical trade-off: strict state management.

전시 1-12 ~의 768 품목