CertiK Logo
CertiK Logo
Products
Company
incident-response
CertiK Resources
Blogs, Latest News, Announcements, and more
Highlighted Stories
Blogs
CertiK has unveiled an underground ring of KYC actors for hire, used by rogue developers to scam Web3 communities.
11/17/2022
Move Capture the Flag Competition Recap
Blogs
Move is a programming language specifically designed for building secure smart contracts that can be formally verified. Recently, Sui hosted a Capture the Flag competition on its developer testnet. In this article, we run through each of the challenges and their solutions. The Contest includes four challenges. In the followings, we will introduce them one by one: Challenge 1 - CheckIn Challenge 2 - SimpleGame Challenge 3 - FlashLoan Challenge 4 - MoveLock
11/22/2022
Deribit Incident Analysis
Analysis Reports
On November 2nd, 2022, Deribit Exchange’s hot wallet was compromised. A private key leak may have led to the loss of ~$28m in USDC.
11/22/2022
Mango Market Incident Anaylsis
Analysis Reports
On October 11, 2022 Mango Market was attacked causing a loss of $116M. The attacker was able to manipulate the price of MNGO token and borrowed more assets on the platform than permitted.
11/21/2022
Jump Satoshi Exit Scam
Analysis Reports
Case Studies
On 09 October 2022 JUMPN aka Jump Satoshi, withdrew $1.1 million from their JST token by which all the project's socials, including their website had been taken down. Two days later, all contracts associated with Jump Satoshi were drained of assets in an exit scam totaling $3.9m.
11/20/2022
Loser Coin Incident Analysis
Analysis Reports
Reports
On May 14, 2022, loser coin ($lowb) experienced a flash loan attack, leading to approximately ~$10K USD worth of asset loss.
11/19/2022
Space Dumpling Incident Analysis
Analysis Reports
On May 15, 2022, the Space Dumpling token (SDUMP) was exploited, leading to a loss of 7.6 BNB around ~$2,000 at time of incident. The attacker took advantage of Space Dumpling anti-whale mechanism and drained funds from its liquidity pools. The attacker obfuscated the profits through Tornado Cash on June 1, 2022.
11/19/2022
Upgradeable Proxy Contract Security Best Practices
Blogs
Proxy patterns enable contracts to upgrade their logic while maintaining their on-chain address and state values. This article gives an overview of the types of proxy contracts, associated security incidents and recommendations, as well as best practices when implementing a proxy contract.
11/18/2022
Formal Verification, the Move Language, and the Move Prover
Blogs
Case Studies
In this post, we take a deep dive into the formal verification of Move programs.
11/18/2022
Introducing Social Influencer Profiles
Blogs
CertiK is excited to announce the release of a new due diligence tool to help you conduct social analysis: Social Influencer Profiles.
11/18/2022
Unveiling the KYC Actor Industry
Blogs
CertiK has unveiled an underground ring of KYC actors for hire, used by rogue developers to scam Web3 communities.
11/17/2022
Novo Defi Incident Analysis
Analysis Reports
On 29 May 2022, Novo Defi’s token, Novo, was exploited via a flash loan attack. The incident caused a loss of ~278 BNB
11/17/2022
Hackerdao Incident Analysis
Analysis Reports
On May 24th 2022, the Hackerdao (Hackerdao) token was exploited by flashloan attacks, causing a loss of around 200 BNB, which was around $65K at the time of incident.
11/16/2022
Nirvana Finance Incident Analysis
Analysis Reports
On July 28th, 2022, Nirvana Finance was exploited via flash loan attack with the attacker profiting 3.5M.
11/15/2022
Moving the Immovables: Lessons Learned From Our Aptos Smart Contract Audit
Blogs
While auditing smart contracts written in Move, we've encountered multiple instances of developers neglecting to use Move’s built-in protection mechanisms or adopting programming patterns that work counter to Move’s design philosophy. This post presents a few such examples along with our suggestions for how to fix them.
11/14/2022
An Introduction to Move
Blogs
Case Studies
Move is a relatively new programming language which has seen application in a number of Web3 projects. We recently audited a novel Layer 1 blockchain which supports smart contracts written in Move, and thought we’d take this opportunity to give a general overview of Move.
11/11/2022
Moola Market
Analysis Reports
On October 18th, 2022 Celo-based Moola Market lending protocol was hacked for ~$8.4M through network manipulation
11/11/2022
DFX Finance
Analysis Reports
On Nov 10, 2022, DFX Finance's swapping contracts were attacked, leading to a loss of approximately $5M.
11/10/2022
The Law Never Sleeps: $3.36 Billion Seized By Feds 10 Years After Silk Road Exploit
Blogs
The U.S. Department of Justice announced on November 7, 2022 the seizure of $3.36 billion worth of Bitcoin in relation to a Silk Road investigation dating back to 2012.
11/9/2022