On 17 January, 2023 the Yield Robot contract on the Binance Smart Chain (BSC) was drained of user deposits amounting to approximately $2.1 million. Initially, the Yield Robot team announced on social media channels that their project was exploited. However, clear on-chain evidence shows that this incident is an exit scam.

On 30 December, 2021 at 09:06 UTC Sashimi Swap was hacked for a total loss of approximately $210,000. Sashimi Swap suffered a flash loan attack by a threat actor targeting their UniswapV2Router02.

Contracts named CirculateBUSD, CirculateWBNB were drained of all assets due to a third party dependency that transferred all tokens to the contract deployer. The same actions took place on contracts named CirculateUSDC and CirculateWAVAX on Avalanche.

Criminals have always found efficient ways to launder the proceeds of their crimes and avoid increasingly stringent anti-money laundering regulations. One such technique, uncovered by CertiK, poses a direct threat to Web3 projects.

The security of private keys and mnemonic phrases is of paramount importance in the world of cryptocurrency, as they grant access to one's digital assets and their loss or theft can lead to financial ruin. With the rise of mobile wallet apps in the Web3 space, it's crucial to understand the various security mechanisms that are in place to protect these keys.

CertiK has recently identified an organized scammer group that is actively deploying fake wallets in order to fool users. This group, which we have named BombFlower, stands out due to the particular evasive anti-forensic feature used by the group.

The History of Ethereum & How It Works | Bite Size Blockchain | CertiK Vitalik Buterin, Ethereum’s co-founder envisioned a new use for blockchain after Bitcoin, one that went broader for a larger set of applications. Ethereum was built on a neutral, open-access infrastructure, controlled by no central entity. In 2013, Buterin released a white paper for Ethereum’s blockchain using the Turing complete programming language, based on Alan Turing’s concept of a Universal Turing machine, that allows any operation to be programmed within it. Ethereum uses smart contracts which are programs that permit users to transact with each other according to a set of predetermined rules, removing the need for third-party enforcement. These smart contracts allow developers to self-build and publish contracts onto the blockchain. Ethereum’s native currency, Ether, operates as a store of value for its users. Ethereum allows developers to build and distribute other cryptocurrencies using the same protocol as Ether. Ethereum consists of only one public blockchain. Developers must create a modified clone of Ethereum to use the technology on a private blockchain.

Listen as Threshold Network discusses Threshold cryptography, defi, TBTC, security & more Broadcasted January 19th, 2023

On 16 December, 2022 Raydium Protocol experienced a private key compromise due to a trojan virus. In total, approximately $5.5 million worth of customer assets were stolen.

CertiK is proud to announce a new partnership with Shima Capital, a leading venture capital firm founded by Yida Gao and focusing on crypto and blockchain technology.

Bitcoin works through a system in which it’s possible for a group of people to reach a consensus and agree on a single valid history of transactions by including them in the blockchain. Bitcoin miners are users who seek a business opportunity by purchasing powerful computers to solve complicated mathematical equations through what is known as proof of work. The miners are responsible for listening to and reporting all transactions that happen on the network. Miners record the transactions by adding them in batches called blocks. The mining analogy to gold is misleading. The purpose of mining is not to create Bitcoin but rather to process everyone’s transactions and update the database. Bitcoin is the first successful decentralized digital currency because it was the first to solve the double-spending problem of spending the same money twice. Double-spend attacks can happen through a 51% attack, where a hacker captures 51% of the hash power of the network. So far no such attack has occurred due to the difficulty of mining, cost of hardware, and electricity required.

In this post, we briefly explain the difference between reentrancy and cross-function reentrancy, and how Turing incompleteness can prevent some such attacks. We then provide an example of a cross-function reentrancy exploit not prevented by Turing incompleteness using Pact, the programming language utilized on the Kadena blockchain.

The CV VC Top 50 Report, in collaboration with Bank Frick, is a periodical report that analyzes the top 50 best-performing blockchain projects in Crypto Valley, based on market valuation, funding, and the number of employees.

Listen as Dexit Network discusses consensus mechanism, defi apps, nfts, gaming, security & more! Broadcasted January 13th, 2023

On 13 January, 2023 the multi-chain lending protocol LendHub announced on their Twitter account that they had suffered an exploit on 12 January resulting in the loss of approximately $6 million. The exploiter took advantage of a discrepancy between a retired IBSV cToken and a new token, where the former had not been removed from the protocol's old market despite no longer being in use.

The past year has been a painful one for many in crypto. Malicious actors drained over $3.7 billion worth of assets from Web3 protocols in 2022, representing a 189% increase over the $1.3 billion lost in 2021.

Staking is a process in which users provide their coins or tokens to a project or protocol in order to receive rewards for their participation.

On 4 January, 2023 we observed the first major exit scam of the year. The scam resulted in a loss of approximately $2.6 million.

Whilst cryptocurrency can be an exciting and rewarding investment, it is vital to have an understanding of web3 security and the measures needed to protect yourself and your fund. Transparency and Accountability. CertiK KYC provides identity verification for project teams- to help investors make shrewder decisions based on an awareness of web3 security. Smart Contract Audits. Check out the CertiK Security Leaderboard, which rates and ranks all onboarded projects in terms of their security. Authentication Methods. In securing your accounts you should set up 2 Factor authentication so that a hacker would need to have both your password and the device to be able to access your account. Hot and Cold Wallets. People will hold some of their funds on a cold wallet for security, and some on a hot wallet to allow for a smoother flow of funds.

Not all threats come from external sources. Some of the most devastating can come from inside a project team, from a trusted member of the group. A vital element in reducing the risk of insider threats in crypto projects is to thoroughly vet new team members.

Anonymity and pseudonymity refer to two different ways of obscuring or concealing a person’s identity. Within De-Fi, the terms mean a way of protecting their identity and concealing their transactions. In the context of blockchain security, pseudonymity means that whilst the identity of the person making transactions is unknown, all of the transactions that they make can be linked to the same pseudonymous identity. By contrast, anonymity means that none of the transactions or activity conducted on the blockchain or on exchanges can be linked to one user, pseudonymous or otherwise.

The main event of the fourth quarter of 2022 has been – by far – the almost-overnight collapse of FTX.

Governance is one of the primary features of decentralized blockchain networks. Users come to consensus, or at least majority agreement, on the management of decentralized protocols. The unique features of blockchain governance systems offer many benefits, and a number of risks.

2022 was a painful year for many in crypto. Alongside a broad market downturn, the year was punctuated by a number of major exploits, collapses, and bankruptcies. With one major exception, the largest losses of user funds this year resulted from centralized platforms going insolvent, as falling asset prices exposed their unsustainable business practices. The spark that ignited this fire was also the exception to the trend. When Terra’s algorithmic stablecoin lost its peg in May, the collapse came swiftly. In a matter of days, $45 billion of value was wiped from the market capitalization of TerraUSD and its reserve asset: LUNA. This all occurred on-chain. It was a spectacularly visible collapse. What wasn’t so visible was the exposure that major centralized organizations had to the Terra ecosystem. Unsecured loans, opaque use of customer funds, and many allegations of outright fraud combined to create the perfect storm. Now that the dust has settled, at least for the moment, we can take stock of the major players that were wiped out over the course of 2022. With many billions of dollars now locked up in bankruptcy proceedings, the scale of losses from centralized crypto firms dwarfs the sum lost from decentralized protocols in 2022. But that doesn’t mean that all is well in the world of DeFi. 2022 has seen approximately $3 billion lost from Web3 platforms, the worst year on record. Web3 offers fundamental solutions to the underlying causes of centralized meltdowns. Real-time proof of solvency, on-chain transparency, and open-source applications combine to create a free and fair ecosystem. Centralized organizations that do not incorporate these values cannot legitimately be called crypto companies, they’re part of the same old system that Web3 is replacing. On the one hand, the industry seems to be learning the hard lessons of this year. It’s heartening to see a number of major exchanges adopting cryptographic proof of reserves, which are one way to bring the best of Web3 to centralized platforms. On the other hand, there’s still a lot of work to be done. Tto deliver on its fundamental promise, Web3 needs to address its security problem. It’s not enough to just lose less money than centralized finance, not when the tally is still in the billions of dollars. Web3 needs to be a safe, secure place for everyone to transact. In this report, we go through some of the year’s biggest losses and outline the steps Web3 needs to take to reach its revolutionary potential.