CertiK Blog

On 01 June 2026 an attacker drained dozens of GnosisPay Safes on Gnosis Chain. The attack vector was a signature-verification flaw in the GnosisPay Delay module.

This report examines how future fault-tolerant quantum computers may compromise blockchain cryptography, and what protocols, validators, custodians, and ecosystem participants must do to migrate before the window closes.

The Telegram escrow market has gradually evolved into an underground service ecosystem that integrates escrow matching, fund settlement, merchant management, and traffic distribution, showing clear signs of “platformization” and network-based development.

A massive turning point arrived in July 2025 when the Trump Administration’s pro-crypto stance coalesced into historic legislative action: the passage of both the stablecoin-focused GENIUS Act and the landmark CLARITY Act by the House.

CertiK Co-Founder and CEO, Rongui Gu, and XDC Foundation’s Billy Sebell discuss trade finance, tokenization, AI-driven cybersecurity risks, and the infrastructure needed for institutional blockchain adoption.

CertiK Co-Founder and CEO, Rongui Gu, and CoinW’s Marketing Director Manfred Chew discuss exchange security, AI-driven cyber threats, transparency, and the future of user trust in Web3.

XMSS builds on one-time signatures by organizing OTS keys into Merkle trees and hyper-trees, delivering a practical post-quantum signature scheme with compact proofs, fast verification, and a critical trade-off: strict state management.

This article explores potential security issues related to Soroban contract state storage and highlights key considerations during development, helping Soroban smart contract developers avoid storage-related vulnerabilities.

Smart contracts are blockchain-based programs that automate agreements without intermediaries. Learn how smart contracts work, their uses, benefits, and risks.

CertiK Skill Scanner establishes a standardized security layer for third-party AI Skills, identifying execution-stage risks before they reach user data, assets, or systems.

CertiK joined IDAI Summit 2026 to explore the growing security risks of AI adoption in Web3, analyzing structural agent vulnerabilities like indirection gaps and memory poisoning, and why intelligent, real-time auditing is now essential for protecting digital assets.

AI Auditor was originally built as an internal tool for CertiK’s own auditors, but is now available to the public after more than six months of rigorous application. In evaluations against 35 real-world Web3 security incidents from 2026, AI Auditor achieved an 88.6% cumulative exact hit rate, all while being engineered specifically to deliver high detection with exceptionally low noise.