<><><>Risk Reasons</> - contextual reasons explaining why a risk is present (e.g.,a malicious label)</><>

<><>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<><>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation.&nbsp;<>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.</>&nbsp;This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<><>Risk Reasons</> - contextual reasons explaining why a risk is present (e.g.,a malicious label)</><>

<><>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation.&nbsp;<>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.</>&nbsp;This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation.&nbsp;SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.&nbsp;This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.</> This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK’s threat intelligence models.</> designed to enhance security, compliance, and transparency across the blockchain ecosystem. It leverages a real-time API framework to deliver actionable insights by aggregating, classifying, and analyzing data from wallets, smart contracts, and transactions.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. <>SkyInsight is CertiK's on-chain intelligence and risk analytics platform</> designed to enhance security, compliance, and transparency across the blockchain ecosystem. It leverages a real-time API framework to deliver actionable insights by aggregating, classifying, and analyzing data from wallets, smart contracts, and transactions.</><>

<>Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation.&nbsp; <>SkyInsight is CertiK's on-chain intelligence and risk analytics platform</> designed to enhance security, compliance, and transparency across the blockchain ecosystem. It leverages a real-time API framework to deliver actionable insights by aggregating, classifying, and analyzing data from wallets, smart contracts, and transactions.</><>

Crypto High-Rollers Go Big on Bodyguards to Deter Kidnappers

Enter your job title

Job Title

Name

Our PoR service is managed by the same security engineers who conduct CertiK's world-class audits. We bring a deep understanding of your security posture, ensuring a more rigorous and context-aware verification process.

Penetration testing reports are comprehensive and contain the details of all identified vulnerabilities. These are classified by severity, from Critical to Informational. Each finding includes a clear description, reproduction steps, proof-of-concept, and tailored remediation recommendations.

Request the latest threat intelligence and newest custom research based on relevant Web3 contextual factors. This unique service is the only way to unlock direct access to CertiK Intelligence Analysts

See the API endpoints section for a more detailed description of each endpoint.

When an error is encountered, you will receive an HTTP status code along with a message and error code in the body of your query response. We use the following status codes for errors:

Account Settings

Profile

Sign Out

Watchlists

Have your code reviewed by CertiK’s team of seasoned security experts, who have audited 1000’s of projects

Effective findings culminated through performing thousands of audits and a cross-check against a large internal database of security vulnerabilities.

Receive rich reporting, covering findings and recommendations on how to remediate vulnerabilities.

Our unparalleled expertise in Web3 security and risk management ensures that clients make informed decisions about their investments.

Architectural Support for Programming Languages and Operating Systems

Whether a project has been audited by CertiK

Smart Contract Audit Process

Audited by CertiK

Active Bounty

CertiK Contract Verified

CertiK Formal Verification

CertiK KYC

CertiK Penetration Testing

CertiK Skynet

Top 10% Code Security Score

Top 10% Community Trust Score

Top 10% Fundamental Health Score

Top 10% Governance Strength Score

Top 10% Market Stability Score

Top 10% Operational Resilience Score

Top 10% Security Score

Top 10% Trust Score

Top 10% Watchlisted

CertiK is Web3's leading smart contract auditor and provides a comprehensive suite of tools to secure the industry at scale.

Provable Trust For All.

Elevating Your Entire

Journey

Identify and eliminate security vulnerabilities in blockchains, smart contracts, and Web3 apps using the most rigorous and thorough cybersecurity techniques.

You can now discover projects within the same categories or ecosystems, by clicking the ecosystem icon or category tag within their security leaderboard columns.

ACM Conference on Computer and Communications Security

Crowdsourcing from a list of the world's top ethical hackers to provide you continuous assessment, for uncovering vulnerabilities before anyone else does.

About

companyItemTitle.blog

Blogs

We're Hiring

Disclaimer

Worker Validation

Partnership

Research

Resources

Testimonials

Ventures

The research department's work spans blockchain security, smart contract verification, and system security, covering critical domains like Mobile Systems, Trusted Execution Environments, and Decentralized Physical Infrastructure Networks.

Comprehensive Research

CertiK audits all of Web3, from decentralized applications to the blockchains they’re built on. We work closely with clients to deliver tailor-made security solutions.

Leverage industry experts for market analysis and data-backed insights, keeping a pulse on the overall market

Research & Analysis Expertise

Our industry-leading audit methodology and tooling includes a review of your code’s logic, with a mathematical approach to ensure your program works as intended.

Our industry-leading L1 chain auditing process combines expert manual review of smart contract code with advanced AI and mathematical techniques to ensure blockchain protocols work as intended.

CertiK’s speed in execution of audits at scale leaves the competition behind. But don't just take our word for it, listen to what our customers are saying:

Every smart contract audit involves comprehensive manual review by our team of experienced security experts. Automated AI-powered review provides an additional layer of security. Formal verification is an optional further step that certifies smart contract behavior with respect to custom function specifications. This helps developers get a handle on the entire scope of their platform.

How Does a Smart Contract Audit Work?

Every audit involves comprehensive manual review by our team of experienced security experts. Formal verification certifies L1 chain code behavior with respect to custom function specifications, helping developers get a handle on the entire scope of their platform. The process of auditing an L1 is the same as for auditing a smart contract. The five-step process is as follows:

Report an incident if you are under cyber attack and need help!

24/7 Incident Response

Our researchers' expertise and insights are also showcased at major industry conferences, such as BlackHat, DEFCON, HITB, POC, and CanSecWest, where they share groundbreaking findings with the global security community. This engagement not only underscores CertiK's position as a thought leader but also strengthens its role in shaping the future of cybersecurity standards.

This dedicated team is at the cutting edge of security research, advancing core areas of formal verification, cryptographic integrity, and zero-knowledge proof systems.

Advancing Security Innovation

At CertiK Ventures, our evolving investment thesis serves as both a guiding framework and an open invitation for collaboration. 
We believe the best ideas emerge through dialogue and collective wisdom. This living document reflects our thinking as of November 2024 and will continue to evolve with the industry. We welcome your engagement and input as we refine our approach and push the boundaries of what’s possible in crypto and blockchain.

An L1 chain audit provides a comprehensive security assessment of a Layer 1 blockchain to identify vulnerabilities and recommend ways to fix them.

CertiK has audited nearly a dozen L1s, along with projects written in all major programming languages, thousands of Web3 projects, and tens of thousands lines of code. As a pioneer in the blockchain security industry, CertiK brings expertise that can only be gained from years of experience with thousands of projects to each and every L1 chain audit.

Through a powerful blend of academic rigor and industry acumen, CertiK's research department continues to drive transformative solutions to meet the complex security challenges of blockchain and emerging technologies. With our focus on applied research and a proven record of impactful discoveries, CertiK's research team stands as a leading force in advancing cybersecurity for Web3 and beyond.

Skynet Leaderboard

Network and Distributed System Security Symposium

What's New

Visit the project’s profile page directly for more details about their status. Some projects may temporarily display as ‘Pending’ but will be available soon.

CertiK has audited thousands of Web3 projects and tens of thousands lines of code written in all major smart contract programming languages.

We bring expertise that can only be gained from years of experience with thousands of projects to each and every audit.

When it comes to security, only the best will do.

Proceedings of the ACM on Programming Languages

Connect portfolio companies to CertiK's extensive partner network for accelerated growth

Ecosystem Partnerships

productsItemDescription.proof-of-reserves-audit-mobile

productsItemDescription.security-scores-ranking

productsItemDescription.skynet-scores-ranking

SkyNode

Advisory Service

Bug Bounty

productsItemTitle.compliance-aml

Formal Verification

Incident Response

Team Verification

L1 Chain Audit

Penetration Testing

Proof of Reserves Audit

Proof of Reserves

Security Score

Security Scores & Ranking

Sky Harbor

SkyHarbor

SkyInsights

Skynet

Skynet Score

SkyTrace

Smart Contract Audit

Web 3 Security Audit

Protect Your Project Today

Apply to CertiK Ventures

Founded in December 2017 by professors from Columbia and Yale, CertiK stands at the forefront of blockchain and Web3 security, pioneering advancements in Formal Verification and AI-driven technologies to safeguard blockchains, smart contracts, and decentralized applications. As a recognized leader in the field, CertiK's mission is to establish resilient standards across the rapidly evolving Web3 landscape, ensuring that emerging technologies are secure and reliable for global adoption.

The CertiK research department is composed of a highly specialized team of researchers and engineers, combining expertise from prestigious academic institutions, including Yale, Georgia Tech, Tsinghua, and Peking University, with industry veterans from Microsoft, Samsung, and Intel.

CertiK Research

Security Score evaluates a project’s real-time security posture using on-chain and off-chain data.

Sign up and gain access to curated features like watchlist and so on in two simple steps.

SkyHarbor can quickly identify vulnerabilities or suspicious activities in your system, ensuring that your assets are safe and secure.

Actively monitor on-chain smart contracts in real time and present actionable security and Web3 app data insights for the community.

A comprehensive security assessment of your smart contract and blockchain code to identify vulnerabilities and recommend ways to fix them.

What’s in a Smart Contract Audit Report?

smartContractAuditSubtitle

The team's focus is not only on theoretical advancements but also on implementing practical solutions that elevate security standards in these high-stakes areas.

Practical Security Solutions

Provide not just financial backings but also operational expertise to founders

Financial & Business Support

Invest in projects centered around blockchain security and Web3 advancement

Tech Development & Security Focus

IEEE Transactions on Information Forensics and Security

An index measuring a crypto project's relative security, market performance, and social sentiment

Providing the largest coverage on languages and ecosystem, as well as faster onboarding options, depending on project code size.

Explore growth opportunities with CertiK Ventures.

As a Builder, Grown with Builders, Growth with Builders

CertiK Ventures is a initiative from CertiK to contribute back to its long-serving builder community. It acts as the Research, Investment and Incubation arm of CertiK.

CertiK Ventures

Clients receive rich reports on their smart contract code, complete with comprehensive vulnerability analyses and recommended remediations.

CertiK KYC provides private identity verification for project teams through a rigorous vetting process while maintaining the highest standards of data protection.

Welcome to Hack3d: The Web3 Security Report for Q2 + H1 2025. Hack3d is the industry's most comprehensive record of statistics and analysis of on-chain security incidents. It equips stakeholders with the knowledge needed to make informed decisions in an increasingly high-stakes environment.

Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2025

Stablecoins are a type of crypto-asset designed to maintain a stable price by linking each token to an external reference asset, most often a national currency like the U.S. dollar, but sometimes commodities like gold. In theory, every coin in circulation should be redeemable for an equal amount of that reference asset, protecting holders from the sharp price fluctuations typical of unpegged digital currencies.

Security Risks of Stablecoins

In Web3, private keys are critical for controlling assets, governance, and trust, but their mismanagement poses significant risks, including financial loss and reputational damage. This article explores secure private key generation, storage, and usage to mitigate these vulnerabilities.



Private Key, Public Risk

Building on our previous analysis of basic token functionalities across Solidity, Sui Move, and Aptos Move, this report focuses on the advanced features of fungible tokens. We specifically explore how these platforms implement fungible token standards, with extensions such as whitelisting/blacklisting, fee mechanisms, pausing, and whitelisting/blacklisting.

Move for Solidity Developers: Token Standard II — Advanced Fungible Token Extensions

A Pet Rock No Longer: Bitcoin’s Innovation Awakening provides a comprehensive overview of the Bitcoin ecosystem's evolution over the last year.

A Pet Rock No Longer: Bitcoin's Innovation Awakening

Binance Wallet is enhancing user security by integrating Skynet Token Scan, a powerful tool developed by CertiK’s security researchers. This new feature puts on-demand security intelligence directly into the hands of Binance Wallet users, empowering them to make safer, more informed decisions.

Binance Wallet Integrates CertiK’s Skynet Token Scan

https://images.ctfassets.net/v0qht4wq59vi/2FEvYYsPU5QuWxiCxx10Sf/6ea31875b8fa7865aad6b60d6f1301e2/Binance_Wallet-01__1_.webp

On 9 July 2025 GMX V1 vault was exploited by a white-hat for ~$42M due to a reentrancy issue. The funds were later returned to GMX who awarded the white-hat a 10% bounty. The whitehat had minted and then staked GLP before creating a short position directly from the vault contract through reentrancy. Executing in this order bypassed the ShortsTracker, and prevented the average short position price from being updated. This occurs when the market price exceeds the tracked average price, resulting in the protocol overestimating unrealized losses. As a result, the Assets Under Management (AUM) calculation was manipulated to inflate the apparent value of GLP.

GMX Incident Analysis

https://images.ctfassets.net/v0qht4wq59vi/182fGa8nGAIfZp68YfYaEv/15e5b85e764a8e5118a8591c9a33bb8b/Blog_Graphic__4_.jpg

On 15 July 2025, a malicious actor took advantage of a lack of input validation in Arcadia Finance’s Rebalancer contract to obtain assets by paying off a portion of a user’s debt and withdrawing the underlying assets for a net gain of ~$3.6M. 

Arcadia Incident Analysis

https://images.ctfassets.net/v0qht4wq59vi/2LqKpDjX82Mc8qh9GFbKcy/258f1e6a6fea93d44a8286805820348d/Blog_Graphic__3_.jpg

This third post in the Threshold Cryptography series provides a bird’s-eye view of the 9-round threshold ECDSA protocol implemented in tss-lib [1]. Detailed exposition of the underlying MtA secret share conversion protocol and zero-knowledge proofs will follow in the next two posts.

Threshold Cryptography III: Binance tss-lib’s 9-Round Threshold ECDSA

https://images.ctfassets.net/v0qht4wq59vi/624juiRi6b82g0mFwiH5EG/9fd22b978dc02f15f7abeb1dd4ddf7bd/Threshold_Cryptography_III-01.webp

https://images.ctfassets.net/v0qht4wq59vi/7wtuZfwzhEqjU5syjTvgOZ/f89a5f27bcdeca11c3d21b729c01d475/stablecoin-01.webp

Ronghui Gu, Co-Founder of Web3 security firm CertiK and Professor of Computer Science at Columbia University, delivered a compelling keynote speech at the University of Hong Kong Business School titled, “Scaling Web3: Balancing Innovation and Security for a Global Audience,” which outlined the critical importance of cybersecurity as the Web3 ecosystem matures. 

CertiK’s Co-founder Ronghui Gu Delivers Keynote Speech at HKU Business School on the Next Era of Blockchain Security 

https://images.ctfassets.net/v0qht4wq59vi/61K3rFcPCOwU6qR1ouTKEg/35691fb61abb441bb1bfa73de22295dc/e11f8cdb0a4430b9a4bcf5059d675d98.jpg

https://images.ctfassets.net/v0qht4wq59vi/15jSiBeiLGwyOzuyutDG1b/f57de363de126b41b9479f7d149766d5/hack3d-report-q2-01__1_.webp

Following the success of Proof of Talk 2025, more major Web3 events are on the horizon! From June 24 to 27, Seoul—the innovation hub of Asia—will host two flagship Web3 conferences. CertiK invites you to join us on this exciting journey into the future of Web3.

CertiK’s Korea Event Attendee Guide: June 2025

https://images.ctfassets.net/v0qht4wq59vi/3H6twcClSHvwfJHMtTDA9E/0c06cbe81e1b9c84b7d853ff1d1d9e77/Screenshot_2025-06-22_at_2.58.56â__PM.png

https://images.ctfassets.net/v0qht4wq59vi/Jh8Oxa2HFz7SVSuUaDYiE/7071332e283d12680b9566cd4f750379/Private_Key__Public_Risk-01.webp

https://images.ctfassets.net/v0qht4wq59vi/ysa9WZ0P182Hu3LtvMQep/cbfa56b1aa786deaae53a89070db11fd/Solidity_Developers_I-01.webp

The second post in our Threshold Cryptography series explores the FROST threshold signing protocol, as proposed in FROST: Flexible Round-Optimized Schnorr Threshold Signatures [1], and highlights a potential issue that arises when implementing the protocol in a decentralized setting. This issue allows a malicious participant to send inconsistent nonce commitments, leading to honest participants to be falsely accused of misbehavior.

Threshold Cryptography II: Unidentifiability in Decentralized FROST Implementation 

https://images.ctfassets.net/v0qht4wq59vi/5HEaBz6O7xJsMG61h8uy4l/3015f85916c1f5cc7484154360f68b0f/Threshold_Cryptography_II-01.webp

CertiK, the largest Web3 security firm, is proud to announce its role as the Platinum Security Partner of Proof of Talk 2025, the premier Web3 and AI summit held at the iconic Louvre Palace in Paris on June 10-11. This sponsorship marks CertiK’s most significant event presence of the year, and underscores its deep commitment to advancing trust and security in the decentralized ecosystem. 

CertiK Joins Proof of Talk 2025 as Platinum Sponsor

https://images.ctfassets.net/v0qht4wq59vi/5BJsW0yMJAkPSjGb10euTb/735f62f9d373e1017551a865e75924f2/Screenshot_2025-06-09_at_2.51.02â__PM.png

In Part 1 of this blog series, we examined the integration of EVM and Cosmos at the application layer, and the risks associated with merging these stacks. Part 2 introduces a novel method for interacting with Cosmos through EVM transactions. Specifically, it details the workflow of specialized precompiled contracts engineered to overcome functional limitations and establish a connection between the two ecosystems.

EVM – Cosmos Convergence Research From Security Base: Part 2

https://images.ctfassets.net/v0qht4wq59vi/3Dc2sQS93NnP71jcJ1SWlr/3764f243bc1c3d0da389ea204f2b07fb/EVM_-Cosmos.jpg

This guide offers a comprehensive overview of CertiK’s presence at Proof of Talk 2025, helping you make the most of your time and plan your interactions with us effectively.

CertiK at Proof of Talk 2025: Attendee Guide

https://images.ctfassets.net/v0qht4wq59vi/5kE75VgZCyWLxJUVRdGRw6/b7e8326c092f5973b4ffb41819044099/Screenshot_2025-06-06_at_10.54.37â__AM.png

In this blog, we look at how Tornado Cash works, the history of its sanctions, and how its usage has shifted since the sanctions were lifted. 

How Tornado Cash Usage Has Changed Since Sanctions Were Lifted 

https://images.ctfassets.net/v0qht4wq59vi/6oioAP5096ZMZRrCWjZeXw/ed24a7722bbea3bab73f717ce6768693/Tornado_Cash.jpg

On May 28, 2025, asset-pegged insurance CorK Protocol suffered a ~$12M security breach.
The attacker exploited a lack of parameter checks, to set up a fake market, and the relatively open access of its AMM extension (CorkHook) to induce double counting of derivative token weETH8DS-2 on two markets, and acquire a large amount of derivatives which they redeemed for 3,761 wstETH.

Cork Protocol Incident Analysis

https://images.ctfassets.net/v0qht4wq59vi/KYlPIXdAfVLu5hB60FogV/97a61bb184ceda87eef7ab4ff2e13c4e/Cork_cover.png

This post introduces Distributed Key Generation (DKG), which allows multiple participants to jointly generate a secret key without ever reconstructing the full secret key, enhancing security and fault tolerance. It is fundamental to decentralized consensus, secure multiparty computation, and threshold signatures.

Products & Technology

Featured Ecosystems

Company