CertiK Blog

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

Security infrastructure is becoming a common bottleneck in VASP licensing. This guide covers what regulators evaluate, the documentation gaps that trigger follow-up cycles, and a practical sequencing framework to get ahead of them.

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

CertiK has completed an independent Proof of Reserves (PoR) audit for Gate Technology FZE, the Dubai-based entity of the Gate Group. Gate Dubai exchange is licensed by the Virtual Assets Regulatory Authority (VARA). The audit verified that the platform's on-chain reserves fully back its user liabilities across all in-scope assets as of December 31, 2025.

An overview of regulatory developments in the United States in February 2026, including the Senate Banking draft, GENIUS Act implementation, and the SEC “Task Force” transition.

The Top10 AI Agent Projects on BNB Chain showcases the most trending AI Agent projects based on Skynet Score. These rankings reflect a comprehensive evaluation of security posture, operational maturity, market presence, and ecosystem traction. As autonomous on-chain agents gain adoption, security and infrastructure reliability remain the primary determinants of sustainable growth and institutional trust.

Security infrastructure is becoming a common bottleneck in VASP licensing. This guide covers what regulators evaluate, the documentation gaps that trigger follow-up cycles, and a practical sequencing framework to get ahead of them.

For years, the industry has struggled with this exact question. In this article, we are going to dive deep into an emerging privacy solution: zERC20. zERC20 is a pragmatic, immediate implementation of a concept known as plausible deniability (originally proposed in EIP-7503), which means the cryptographic evidence of an action equally supports a completely innocent explanation. For zERC20, depositing funds into the privacy protocol is mathematically indistinguishable from a user accidentally sending tokens to a dead address.

When an institution sends digital assets to an address provided by a counterparty, it is relying on the counterparty's claim that they control it. The blockchain will settle the transaction regardless of who is on the other end. This gap between how institutions want to use digital assets and what the compliance infrastructure can actually verify is becoming harder to ignore as more regulated capital moves on-chain.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

OpenClaw is an open-source, self-hosted personal AI agent platform designed to run on a user’s local machine or server. It supports long-term memory, autonomous operation, integration with mainstream LLMs, and remote control through messaging platforms like Telegram.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

Security infrastructure is becoming a common bottleneck in VASP licensing. This guide covers what regulators evaluate, the documentation gaps that trigger follow-up cycles, and a practical sequencing framework to get ahead of them.

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

In our previous video, we discussed Advanced Formal Verification of ZKP: Verifying a ZK Instruction. By formally verifying each zkWasm instruction, we were able to completely verify the technical security and correctness of the entire zkWasm circuit. In this video, we will focus on the bug discovery aspect, examining specific bugs encountered during the process and the lessons learned.

Skynet Quest is a brand new platform that unlocks Web3 security with engaging learning experiences and tools. By completing quests, users gain practical knowledge of Web3 security, earn rewards, and unlock valuable tools. Whether you're a novice or an expert, Skynet Quests has something to teach everyone.

In December 2023, we shared an Aptos-related bug report with the Wormhole Bug Bounty Program. We were impressed at Wormhole’s quick and effective resolution of the issue. A patch resolved the issue within 3.5 hours of the initial report.