CertiK Logo
Products
Company
CertiK Resources
Blogs, Latest News, Announcements, and more
CertiK audited a total of over 3700 projects to date and reported on many incidents. In this report, you will learn about
5/18/2022
What is Privileged Access Management Risk?
Blogs
Privileged access management risk refers to the risk of compromise surrounding accounts that have access to critical network controls. Having accounts with privileged access provides hackers with a single point of attack that, when compromised, incurs catastrophic damage to the wider network. This blog post takes you through what privileged management risk is, and the best ways of mitigating it.
5/24/2022
The AfricanBlockchainReport 2021
Reports
This report demonstrates that Africa is not only a Crypto continent but an international driver in the utilization of blockchain as a transformative technology for humanity.
5/23/2022
AMA Recap | Security Leaderboard LIVE! Showcase x Ridotto
Videos
#Ridotto #RDT #CertiK #Live #AMA Each week, CertiK hosts a Security Leaderboard LIVE Showcase with top #DeFi projects that utilize our suite of security solutions. We check in on how the initial auditing process went, how their platform has evolved since launch & what the future holds. Watch the full interview: https://youtu.be/XoqTn05qC4w
5/19/2022
Security Leaderboard LIVE! Showcase x Ridotto
Videos
#Ridotto #RDT #CertiK #Live #AMA Each week, CertiK hosts a Security Leaderboard LIVE Showcase with top #DeFi projects that utilize our suite of security solutions. We check in on how the initial auditing process went, how their platform has evolved since launch & what the future holds.
5/19/2022
A Security Checklist For New Crypto Investors
Blogs
Entering the world of cryptocurrency for the first time can be a daunting experience. With this in mind, we have put together a checklist of some best practices for any new crypto investor looking to step into the exciting world of web3.
5/18/2022
Introducing Badges and Honors on CertiK’s Security Leaderboard
Announcements
Blogs
Today, we debut a badge system designed to increase visibility to the projects we secure and celebrate the most exceptional security practices across our clientbase. Badges make it simpler to identify vetted crypto projects and give us a new way to showcase noteworthy practices across projects we audit.
5/18/2022
The State of DeFi Security 2021
Reports
CertiK audited a total of 1,737 projects in 2021. Using this data CertiK produced a report that discusses the most common types of security attacks, and incidents seen.
5/18/2022
HACK3D: The Web3 Security Quarterly Report - Q1 2022
Reports
CertiK audited a total of over 3700 projects to date and reported on many incidents. In this report, you will learn about
5/18/2022
What is a Rug Pull?
Videos
Bite Size Blockchain A new CertiK series giving users bite-size tips and info to stay informed and safe in the #crypto space. Episode 1: What is a Rug Pull? Check it out to learn what a #rugpull is, how it happens, what to look out for, and more! https://www.certik.com/resources/blog Transcript: Rugpulls are one of DeFi's most common frauds. They occur when a project's founders depart and liquidate their tokens on the open market. Scammers exploit the features of a decentralized exchange, known as a DEX, to pull off their rugpulls. They often pair their token with a real asset for purchase. As their token skyrockets in price due to hype, the founders liquidate their tokens on the market, once they have made enough money from the pairing of the real asset, causing the value of their tokens to crash. Here are some indicators of a rugpull. One, the yields are too high. Two, the creators remain anonymous. Three, the coin prices skyrocket. Four, there are extensive marketing tactics, and five, there is no liquidity lockup. To learn about rugpulls and how to avoid them, visit CertiK.com/resources.
5/16/2022
FEG Token Flashloan Exploit Analysis
Analysis Reports
On May-15–2022 08:22:49 PM +UTC, the FEG token has experienced a flurry of flashloan attacks on both Ethereum and BNBChain, leading to approximately $1.3M worth of assets loss.
5/15/2022
Bite Size Blockchain - What is a Flash Loan?
Videos
#certik #flashloan #defi #blockchain #cryptocurrency A new CertiK series giving users bite-size tips and info to stay informed and safe in the #crypto space. Episode 9: What is a Flash Loan? Learn how a #flashloan works and more in under 2 mins! https://certik.com/products/skynet Transcript: A flash loan is an uncollateralized short-term loan. They are a new invention in the Defi space, introduced by the lending protocol, AAVE. A smart contract is used to borrow and repay flash loans in the same transaction. If a flash loan isn’t repaid in the same transaction, the transaction fails, making it as though the loan never happened. Flash loans present an opportunity for high-frequency and arbitrage traders with the ability to instantaneously access capital, allowing a trader to sell on one exchange and purchase on another. Arbitrage was more common when liquidity was low and exchanges didn’t share price feeds. Flash loans have been used to attack exchanges and protocols. This occurs when a malicious user takes out a flash loan from a lending protocol and uses the borrowed funds to manipulate prices on another protocol. Flash loan attacks are very lucrative because the attacker does not have to deploy a lot of capital to carry out the attack. Smart contract audits are a necessary first step in mitigating a flash loan attack. CertiK’s Skynet on-chain monitoring helps recognize these attacks in real-time and broadcasts community alerts on the Security Leaderboard. From smart contract audits to on-chain monitoring, there are tools in place to help projects build safer protocols from the ground up. To learn more about flash loans, visit CertiK.com/resources.
5/13/2022
Skynet Datasheet
Datasheets
Powering on-chain security monitoring and data insights for Web3 Applications.
5/12/2022
Security Audit Datasheet
Datasheets
A comprehensive security assessment of your smart contracts, blockchains and web3 Apps.
5/12/2022
What is an Online Attack?
Blogs
One of the promises of blockchain technology is its ability to bolster the safety of online activity through the greater security afforded by decentralization. However, despite this added security, it is naive to assume that online attacks will just go away. With that in mind, this post provides an overview of some of the most infamous online attacks, how they intersect with blockchain technology, and some of the ways of defending against such attacks.
5/8/2022
Security Leaderboard LIVE! Showcase x Melos. Studio
Videos
Each week, CertiK hosts a Security Leaderboard LIVE Showcase with top #DeFi projects that utilize our suite of security solutions. We check in on how the initial auditing process went, how their platform has evolved since launch & what the future holds.
5/5/2022
What is a Soft Rugpull vs a Hard Rugpull?
Blogs
Rugpulls are the bane of any new investor trying to get rich quick. Yet often, all investors need to avoid them is a little more information on what to look out for. With that in mind, this article takes you through the two types of rugpull and gives tips on how to spot them.
5/4/2022
CertiK's Earn Your Badge
Videos
CertiK is excited to announce the launch of our new Badges and Honors for project teams! Badges and Honors are designed to increase the visibility of the projects we secure and to celebrate the most exceptional security practices across our client base. Transcript: CertiK’s mission is to Secure the Web3 World. CertiK’s badge system is designed to increase visibility, identify, and celebrate the projects we audit with the most exceptional security practices. The Verified Contract Badge certifies proof that CertiK has audited a given contract in the exact state in which it has been deployed. The Skynet Badge certifies that a project uses CertiK's live, on-chain security monitoring and data insights to flag security events across their platform. The KYC Badge indicates successful completion of CertiK's KYC program, the most rigorous KYC program available for Web3 projects. The Top 10% Security Score honors projects with the leading security marks in our industry. This score covers our audits and general best practices. The Top 10% Watched honor, acknowledges projects on our site with the most followers. Sign up to add your favorite projects to your watchlist. CertiK is the only major security provider that offers a public symbol of trust. To learn more about the badges and honors on CertK’s leaderboard, visit CertiK.com/resources.
5/4/2022
Bite Size Blockchain - What is Centralization Risk?
Videos
A new CertiK series giving users bite-size tips and info to stay informed and safe in the #crypto space. Episode 8 What is Centralization Risk? Learn what #centralizationrisk is, how it works, how you can minimize your risk with CertiK's auditing, and more all under 2 mins! https://www.certik.com/resources Transcript: Centralization risks are vulnerabilities that can be exploited both by malicious developers of a project as well as outside attackers. They can be taken advantage of in rug pulls, infinite minting exploits, and other types of attacks. In token minting contract exploits, if someone gains access to the private key of the contract, they can mint as many new tokens and send them anywhere they’d like. With rug pulls, project founders can sell all of the tokens they hold - draining the liquidity from a decentralized exchange. Other rug pulls involve founders stealing tokens from a presale lockup contract. Rug pulls thrive on decentralized exchanges because they allow free listings of new tokens with no requirement of a smart contract audit. Smart contract audits are a necessary first step in identifying centralization risk. CertiK smart contract audits highlight all centralization risks by identifying 5 types of issues: Critical, Major, Medium, Minor, and Informational. Users can be confident in the security of a project that follows CertiK’s recommendations, such as implementing timelocks and multi signature custody solutions. To learn more about centralization risks, visit CertiK.com/resources.
5/4/2022
CertiK's Listen & Learn - Celer Network & Electric Sheep NFT
Podcasts
Listen to our chat with Celer Network and Electric Sheep for an #AMA discussing #NFT and Crosschain Security. Broadcasted April 29th, 14:00 UTC/10 AM EST https://www.certik.com/ https://www.celer.network/ https://discord.com/invite/ultiverse
5/3/2022
Security in 60 Seconds - Hoge
Videos
New Security in 60 Seconds episode Give us 1 minute, and we'll give you the findings. Check out the review of Hoge's audit report on CertiK's Security Leaderboard. https://www.certik.com/projects/hogefinance Transcript: Auditing is a complicated and essential step in the security process. At CertiK, we review the top DeFi projects to help you better understand the findings from our experts. HOGE is an ERC20 token on the Ethereum blockchain. It has a 2% tax on every transaction. One-half of that tax is transferred back to wallet holders. The other half is burned forever. This audit covers Hoge on the Ethereum platform. The summary describes the audit and the types of analyses used. Overview shows the programming language, the blockchain used, and a link to the project's codebase. The Vulnerability Summary lists issues that need resolution. Audit Scope displays which contracts were audited. Findings highlight all issues and ranks them in terms of severity from critical to discussion. In this audit, we found 0 Critical, 0 Major, 0 Medium, 2 Minor, and 3 Informational issues. The Hoge team has acknowledged all of the issues. Visit CertiK.com for the full report.
5/3/2022
Security in 60 Seconds - Position Exchange
Videos
New Security in 60 Seconds episode Give us 1 minute, and we'll give you the findings. Check out the review of Position Exchange's audit report on CertiK's Security Leaderboard. https://www.certik.com/projects/positionexchange Transcript: Auditing is a complicated and essential step in the security process. At CertiK, we review the top DeFi projects to help you better understand the findings from our experts. Position Exchange is The Next-Gen Decentralized Trading & Crypto Platform with a whole Ecosystem running fully on-chain. This audit covers Position Exchange on the Binance Smart Chain platform. The summary describes the audit and the types of analyses used. Overview shows the programming language, the blockchain used, and a link to the project's codebase. The Vulnerability Summary lists issues that need resolution. Audit Scope displays which contracts were audited. Findings highlight all issues and ranks them in terms of severity from critical to discussion. In this audit, we found 0 Critical, 2 Major, 2 Medium, 3 Minor, and 1 Informational issues. Position Exchange has all of the issues pending. Visit CertiK.com for the full report.
5/2/2022
What is a Reentrancy Attack?
Blogs
This blog post will take you through one of the most infamous exploits in blockchain security: the reentrancy attack, and best practices for defending against them
5/2/2022
What is a Mintable Token?
Blogs
Trying to get your head around the difference between ‘mintable tokens’ and ‘mineable tokens’ can be a complicated affair, primarily because there is a lot of slippage in the terminology between the two. The difference is that to mint new tokens through mining requires a lot more time, resources and effort.
4/29/2022
CertiK Receives Additional $60 Million in Funding, from SoftBank
Announcements
We are pleased to announce an additional $60 million USD investment from SoftBank Vision Fund 2 and Tiger Global, bringing the total amount invested to $290 million.
4/22/2022
What is Pseudonymity and Anonymity?
Blogs
The debate between the importance of maintaining pseudonymity and anonymity or implementing regulation is still very much ongoing, and whilst it can be heated at times, it is a necessary conversation if cryptocurrencies are to reach widespread adoption.
4/22/2022
What is dApp Security?
Blogs
The systematic set up of decentralized apps unfortunately leaves them susceptible to hackers in some situations. As more businesses migrate to dApps and other cloud-based structures, it is important to keep safety and security in mind. Even as technology changes, cybercriminals will look for ways to infiltrate it.
4/8/2022
CertiK Doubles Its Valuation to $2 Billion in Just 3 Months
Announcements
Just three months after our last funding round where we announced we were nearly a $1 Billion company, here we are again, announcing that now we are a $2 Billion company. We are excited to bring on a new set of investors, as well as receive continued funding support from existing ones.
4/6/2022
What is Tornado Cash?
Blogs
One of the defining features of a cryptocurrency is that its ledger, containing all transactions that have ever taken place, is globally visible. However Tornado Cash believes a fundamental principle is that privacy is a human right, and the more everyone adopts privacy measures, the more secure it is for all of us.
3/29/2022
Security in 60 Seconds - ApeCoin
Videos
New Security in 60 Seconds episode Give us 1 minute, we'll give you the findings. Check out the review of APECOIN's audit report on CertiK's Security Leaderboard. https://certik.com/projects/ApeCoin Transcript: Auditing is a complicated and essential step in the security process. At Certik, we review the top DeFi projects to help you better understand the findings from our experts. APE will serve as a decentralized protocol layer for community-led initiatives that drive culture forward into the metaverse. This audit covers the ApeCoin Airdrop Smart Contract on the Ethereum platform. The project summary describes the audit and the types of analyses used. Overview shows the programming language, the blockchain used, and a link to the project's codebase. The Vulnerability Summary lists issues that need resolution. The Audit Scope displays which contracts were audited. Findings highlight all issues and ranks them in terms of severity from critical to discussion. In this audit, we found 0 Critical, 1 Major, 0 Medium, 0 Minor, and 3 Informational issues. The Ape Foundation has acknowledged all of the issues. Visit CertiK.com for the full report.
3/23/2022
Security in 60 Seconds - Kava
Videos
New Security in 60 Seconds episode Give us 1 minute, we'll give you the findings. Check out the review of KAVA's audit report on CertiK's Security Leaderboard. https://certik.com/projects/kava Auditing is a complicated and essential step in the security process. At Certik, we review the top DeFi projects to help you better understand the findings from our experts. Kava is a lightning-fast Layer-1 blockchain that combines the Ethereum and Cosmos ecosystems into a single, scalable, network. This audit covers the Kava Swap Module on the CosmosSDK platform. The project summary describes the audit and the types of analyses used. Overview shows the programming language, the blockchain used, and a link to the project's codebase. The Vulnerability Summary lists issues that need resolution. The Audit Scope displays which contracts were audited. Findings highlight all issues and ranks them in terms of severity from critical to discussion. In this audit, we found 0 Critical, 0 Major, 0 Medium, 3 Minor, and 4 Informational issues. The Kava team has acknowledged all of the issues. Visit CertiK.com for the full report.
3/22/2022
Security in 60 Seconds - Ceek
Videos
New Security in 60 Seconds episode Give us 1 minute, we'll give you the findings. Check out the review of CEEK's audit report on CertiK's Security Leaderboard. https://certik.com/projects/ceek Transcript: Auditing is a complicated and essential step in the security process. At Certik, we review the top DeFi projects to help you better understand the findings from our experts. Ceek, is an award-winning developer of premium social virtual, and augmented reality experiences. This audit covers the CEEK token on the Binance Smart Chain platform. The project summary describes the audit and the types of analyses used. Overview shows the programming language, the blockchain used, and a link to the project's codebase. The Vulnerability Summary lists issues that need resolution. The Audit Scope displays which contracts were audited. Findings highlight all issues and ranks them in terms of severity from critical to discussion. In this audit, we found 0 Critical, 0 Major, 0 Medium, 1 Minor, and 2 Informational issues. The Ceek team has acknowledged the Minor issue. Visit CertiK.com for the full report.
3/18/2022
Security in 60 Seconds - BabyDoge
Videos
Give us 1 minute, we'll give you the findings. Check out the review of BabyDoge's audit report on CertiK's Security Leaderboard to learn more.
3/15/2022
Security in 60 Seconds - 1inch Network
Videos
Give us 1 minute, we'll give you the findings. Check out the review of 1inch Network's audit report on CertiK's Security Leaderboard to learn more.
3/15/2022
Security in 60 Seconds - VCGamers
Videos
Give us 1 minute, we'll give you the findings. Check out the review of VCGamers's audit report on CertiK's Security Leaderboard to learn more.
3/15/2022
Security in 60 Seconds - Lunar
Videos
Give us 1 minute, we'll give you the findings. Check out the review of Lunar's audit report on CertiK's Security Leaderboard to learn more.
3/15/2022
What is a Crypto Scam?
Blogs
With an influx of new users and the DeFi boom, crypto scams were more prominent than ever. There are a few things that users can do to protect themselves from these crypto scams, but first we need to know what types of crypto scams there are and what to look out for.
3/7/2022