모든 블로그
Introducing CertiK Hunt, The Invite-Only Security Platform for Web3 Projects and Top Security Researchers
CertiK Hunt is an invite-only platform connecting elite security researchers with web3 projects through bug bounty programs, audit competitions, and AI challenges.
What Are Decentralized Apps (dApps)?
Decentralized apps (dApps) run on blockchain networks like Ethereum, Solana, BSC, SUI, and Avalanche. Learn what dApps are, how they work, examples, and their advantages in Web3.
Advancing Sui: The Evolution of Sui’s Payment Pipeline
Explore how Sui's Address Balance layer powers gasless stablecoin transfers, providing a frictionless user experience while tackling complex engineering challenges at the execution and settlement level.
CertiK Skills: Bringing Blockchain Security Intelligence Into AI Agents
Discover CertiK's open-source AI Agent Skills for Claude Code, Codex, and Cursor. Easily plug in SkyInsights, Skylens, and Skynet Score to access real-time Web3 wallet screening, EVM forensics, and project security intelligence directly within your agent workflow.
JaredFromSubway MEV bot Incident Analysis
On 20 June 2026, the JaredFromSubway MEV bot lost 4,424 ETH (~$7.5M) due to an approval hijacking flaw. The attacker deployed fake arbitrage pools and bait tokens that appeared to offer profitable trading opportunities, causing the bot’s automated strategy to interact with malicious contracts and grant token approvals.
Security Considerations for Passkey-Based Web3 Wallets
This article analyzes that security model across the full asset-control lifecycle. It traces a single transaction through Clave's open-source implementation, surveys past vulnerabilities in WebAuthn, FIDO2, and CTAP, maps them onto the lifecycle of a typical Passkey Wallet, and ends with implementation checks for teams building one.
Catch Runtime Bugs Before They Become Mainnet Incidents: CertiK Grey Box Chain Audit
CertiK's Grey Box Chain Audit catches runtime bugs before they become mainnet incidents, using fault injection and live network testing to surface chain-critical failures that static analysis alone cannot detect.
GnosisPay Incident Analysis
On 01 June 2026 an attacker drained dozens of GnosisPay Safes on Gnosis Chain. The attack vector was a signature-verification flaw in the GnosisPay Delay module.
May 2026 Regulatory Recap: Significant Movement with the CLARITY Act
A massive turning point arrived in July 2025 when the Trump Administration’s pro-crypto stance coalesced into historic legislative action: the passage of both the stablecoin-focused GENIUS Act and the landmark CLARITY Act by the House.
Quantum Computing Threats to the Blockchain Industry
This report examines how future fault-tolerant quantum computers may compromise blockchain cryptography, and what protocols, validators, custodians, and ecosystem participants must do to migrate before the window closes.
Skynet 2026 Stablecoin Threat Intelligence Report
CertiK's Skynet 2026 Stablecoin Threat Intelligence Report examines the two defining stablecoin security threats of 2026: escalating attacks on interconnected financial infrastructure and the rise of state-sponsored sanctions evasion through A7A5, a Russian-ruble-backed stablecoin that processed over $110 billion in transactions within its first year.
Post-Quantum Signatures, Part 2: From Trees to Forests
XMSS builds on one-time signatures by organizing OTS keys into Merkle trees and hyper-trees, delivering a practical post-quantum signature scheme with compact proofs, fast verification, and a critical trade-off: strict state management.