CertiK Blog

The Telegram escrow market has gradually evolved into an underground service ecosystem that integrates escrow matching, fund settlement, merchant management, and traffic distribution, showing clear signs of “platformization” and network-based development.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

An overview of regulatory developments in the United States in February 2026, including the Senate Banking draft, GENIUS Act implementation, and the SEC “Task Force” transition.

Learn more about the Virtual Assets Regulatory Authority (VARA), which provides licenses for virtual asset services located in Dubai. CertiK works with VASPs at every stage of the VARA licensing process.

An overview of regulatory developments in the United States in January 2026, including the Senate Banking draft, GENIUS Act implementation, and the SEC “Task Force” transition.

Smart contracts are blockchain-based programs that automate agreements without intermediaries. Learn how smart contracts work, their uses, benefits, and risks.

Standards like EIP-8004 and EIP-8183 are strong foundations, but as we build more complex layers, such as scoring systems, hooks, and AI evaluators, new risks are introduced.

After the publication of our February 2026 Wrench Attacks Report, we now look at the continued escalation of wrench attacks, which have become a structural threat for cryptocurrency holders.

AI Auditor was originally built as an internal tool for CertiK’s own auditors, but is now available to the public after more than six months of rigorous application. In evaluations against 35 real-world Web3 security incidents from 2026, AI Auditor achieved an 88.6% cumulative exact hit rate, all while being engineered specifically to deliver high detection with exceptionally low noise.

Gate's Web3 Wallet now displays CertiK Skynet Scores directly within its Earn product pages, giving users on-chain security intelligence at the point of investment decision-making.

CertiK has completed an independent Proof of Reserves (PoR) audit for Gate Technology FZE, the Dubai-based entity of the Gate Group. Gate Dubai exchange is licensed by the Virtual Assets Regulatory Authority (VARA). The audit verified that the platform's on-chain reserves fully back its user liabilities across all in-scope assets as of December 31, 2025.