보고서

Crypto ATM fraud is one of the fastest-growing financial crime categories in the United States. Criminal organizations exploit the speed and pseudonymity of crypto kiosks to extract funds from vulnerable populations at an accelerating pace. In the Skynet Crypto ATM Fraud Report, we discuss types of crypto ATM attacks, global statistics, attacker profiles, key enforcement actions, detection and mitigation strategies, and recommendations to protect against these types of fraud.

In February 2026 two separate exploits occurred on the BNB Smart Chain (BSC), affecting SOF and LAXO tokens, leveraging the same class of vulnerability: a flawed token burn mechanism that allowed price manipulation within a single transaction.

Prediction markets crossed into the mainstream in 2025, with annual trading volume growing 4x and a small number of dominant platforms emerging. Kalshi, Polymarket, and Opinion now control the vast majority of global volume, each pursuing distinct regulatory and technical strategies.

On 30 January 2026, Gyroscope announced via their X account that they had paused liquidity pools due to an issue with their cross-chain contract. The issue led to losses of 6M Gyro Dollar (GYD) tokens with approximately $807k of liquidity extracted by the attacker.

In 2025, wrench attacks unfortunately crossed a critical threshold. What was once treated as an edge-case risk has become a structural threat to digital asset ownership. Attackers are no longer acting opportunistically; they are operating as organized, transnational groups that combine OSINT-driven targeting, social engineering, and extreme physical violence to extract private keys.

On 20 January 2026, DeFi protocol MakinaFi suffered an exploit resulting in the theft of 1,299 ETH, valued at approximately $4.13 million.

On 08 January 2026 Truebit was exploited for ~$26.6M due to an overflow issue. A malicious actor minted tokens for zero ETH that they then sold for ~$26.4M in the same transaction. The exploit was followed up by a second attacker who was able to extract a further ~$224k.

CertiK이 2025 Skynet Hack3D 보안 보고서를 발표했습니다. 본 보고서는 블록체인 및 스마트 컨트랙트 보안을 규정하는 주요 공격 사례, 취약점, 그리고 트렌드를 심층적으로 분석합니다. 또한 개별 사건에 대한 상세 분석과 기술적 인사이트는 물론, Web3 업계 전반의 해킹·사기·취약점 악용 사례에 대한 가장 포괄적인 통계가 담겨 있습니다.

This report summarizes the legal mechanics, market-structure impacts, and operational requirements of this new regime. It also examines the remaining fragmentation at the state level (the ‘Preemption Gap’) and shows how a de facto ‘Universal Baseline’ of cybersecurity and AML/CFT expectations now governs multi-state operators.

On 3 November 2025, Balancer and its forks Beets and Bex were exploited, resulting in a combined initial loss of approximately $130M.

This report introduces the Skynet DAT Security & Compliance Framework, a model that moves beyond surface-level metrics to provide an assessment of a DAT's operational integrity. By analyzing five critical pillars: Custodian & Third-Party Diligence, Internal Controls & Operational Security, On-Chain Risk Exposure, Capital Strategy Resilience, and Regulatory & Disclosure Posture, the framework reveals significant disparities in the quality and resilience of leading firms.

2025 RWA 보안 보고서에서는 RWA의 진화하는 보안 환경을 살펴보고, CertiK의 스카이넷 RWA 프레임워크가 프로토콜 위험을 평가하기 위한 구조화된 기준을 제공하는 방법을 설명하며, 온도 파이낸스, 팍소스, 테더와 같은 주요 플랫폼의 성과를 조명합니다.