CertiK is excited to announce the release of a new Skynet Trust Score, Cohort Analysis Panel, and Highlights and Alerts section!

In web3 security, a vulnerability refers to anything that can be leveraged by a hacker to exploit the protocol. This post will take you through some of the most common vulnerabilities that occur in blockchain, and the steps that projects and users can take to avoid them.

On June 8, 2022 ApolloX token (APX) dropped by 52.12% resulting from a hack and loss of ~$1.5M

On June 7, 2022 Osmosis suffered a funds loss of around $5M due to a code pitfall in function `MaximalExactRatioJoin`

GYM Network deployed a new function to their smart contract, on June 08 2022, GYM Network was exploited.

The May Stats Graphic shows datas of hacks in May, 2022.

The April Stats Graphic shows datas of hacks in April, 2022.

In total, 32 NFTs were stolen from a variety of projects which included 2 MAYC, 1 BAYC, 1 BAKC and 5 Otherdeed.

A new CertiK series giving users bite-size tips and info to stay informed and safe in the #crypto space. Episode 11: What is Centralization vs Decentralization vs Distributed Networks? Learn more in under 2 mins! https://www.certik.com/products/pentest Transcript: Centralization, decentralization, and distributed networks are three different systems used for storing data. Centralization has been the status quo for web technology, making websites easy to use. A centralized network processes and stores data on a specific server. They allow engineers to roll out updates and fixes to the host server. Centralized networks often hire security firms to do penetration testing, which simulates a network attack. With centralization, if a server suffers downtime the entire network grinds to a halt. Decentralization offers more security and helps mitigate attacks. A decentralized network operates across many different nodes. Each node holds the entire database and verifies its version against each other to achieve consensus. A decentralized network requires more effort to update, has a greater environmental impact through its energy consumption. A distributed network operates like a decentralized system but may not require each node to host all of its data independently. Increased transparency is a key feature with each node having equal access to the data. This also makes it difficult to change information in the network. Smart contract auditing has risen from new types of attacks on decentralized and distributed networks. Whether it be Penetration Testing or Smart Contract Auditing choosing the right technology will ensure greater success. To learn more about centralization, decentralization, and distributed networks, visit CertiK.com/resources.

We take a look at some examples of insider trading in the Web3 space, and its legal implications.

Outdated software leads to mispricing of mAssets.

Web3 security can refer to the multiple attack vectors that web3 projects and users are confronted with, and the various means by which they can defend themselves. It also refers to a pivotal goal for the web3 more broadly, with the success of all web3 projects dependent on the security of the web3 ecosystem.

CertiK is excited to announce the launch of our new Verified Contract Badge for project teams!

#girlgonecrypto #certik #auditreport #education #defi #crypto #blockchain CertiK has teamed up with Girl Gone Crypto to help you understand audits 🧠 An audit is a good first step for every project, but as a user or investor, what do the results mean? See where to go, what to look for, and more on your #crypto journey at: https://certik.com https://www.youtube.com/c/GirlGoneCrypto Transcript: Okay so let’s say you’re checking out a project and are doing your research and you see that it’s been audited. Great, phew, sigh of relief… but hold up… just because a smart contract was audited doesn’t necessarily mean the audit was good. When doing your own research, it’s important to go one step further and actually check out the audit report. Now reading audit reports might sound a little complicated and technical, but it’s actually a lot easier than you think. So in this video, we are going to dive into how to read and evaluate a CertiK audit report. So first of all - what kind of information do these reports actually look at? A security audit is a line-by-line inspection of a smart contract's code. Smart contracts are self-executing agreements between a buyer and seller that are stored on a blockchain. Security audits can reveal vulnerabilities in a smart contract by identifying coding errors and potential risks. CertiK essentially examines these smart contracts and blockchain ecosystems. CertiK’s security experts manually review these contracts, using AI solutions and mathematical approaches to analyze their quality. So now let’s dive into the HOW. Where do you go to find this information and what should you be looking for? When you visit CertiK.com, you’ll notice a search bar on their Security Leaderboard. Type in the name of the particular project you’re interested in. This will take you to the project’s full audit report. Under the Findings section, check to see that the vulnerability issues have been identified and fixed. If a project has unresolved issues, it’s important to research why. CertiK only audits contracts sent to them, so make sure to check which contracts were audited and always review the report in detail. To learn more about smart contracts and security audits, and how you can better do your own research - visit CertiK.com/resources

#certik #onlineattack #education #defi #blockchain #cryptocurrency A new CertiK series giving users bite-size tips and info to stay informed and safe in the #crypto space. Episode 10: What is an Online Attack? Learn about #onlineattacks and more in under 2 mins! https://certik.com/products/skynet Transcript: Through decentralization, blockchain technology can improve the safety of online activities. Many online attacks use Attack Vectors to exploit system weaknesses. DDoS, Eclipse, and a 51 Percent Attack are three common types. A DDoS, Distributed Denial of Service, attack, occurs when hostile hackers overload a network with requests. In blockchain, DDoS target crypto exchanges or mining pools. They disable a network's ability to serve users. Eclipse attacks control a single node inside an artificial environment. An attacker can manipulate communications with surrounding nodes to perform illegal transactions by isolating a node. When an assailant obtains control of 50% or more of a network's mining hashrate, it's called a 51 percent attack. The individual can submit fraudulent transactions, making the blockchain centralized. 51 percent attacks become difficult as a blockchain network increases in the number of honest nodes. Blockchain analytic tools such as CertiK’s Skynet help with online attacks by monitoring on-chain activity. To learn more about online attacks visit CertiK.com/resources.

Privileged access management risk refers to the risk of compromise surrounding accounts that have access to critical network controls. Having accounts with privileged access provides hackers with a single point of attack that, when compromised, incurs catastrophic damage to the wider network. This blog post takes you through what privileged management risk is, and the best ways of mitigating it.

This report demonstrates that Africa is not only a Crypto continent but an international driver in the utilization of blockchain as a transformative technology for humanity.

#Ridotto #RDT #CertiK #Live #AMA Each week, CertiK hosts a Security Leaderboard LIVE Showcase with top #DeFi projects that utilize our suite of security solutions. We check in on how the initial auditing process went, how their platform has evolved since launch & what the future holds. Watch the full interview: https://youtu.be/XoqTn05qC4w

#Ridotto #RDT #CertiK #Live #AMA Each week, CertiK hosts a Security Leaderboard LIVE Showcase with top #DeFi projects that utilize our suite of security solutions. We check in on how the initial auditing process went, how their platform has evolved since launch & what the future holds.

Entering the world of cryptocurrency for the first time can be a daunting experience. With this in mind, we have put together a checklist of some best practices for any new crypto investor looking to step into the exciting world of web3.

CertiK audited a total of over 3700 projects to date and reported on many incidents. In this report, you will learn about

Today, we debut a badge system designed to increase visibility to the projects we secure and celebrate the most exceptional security practices across our clientbase. Badges make it simpler to identify vetted crypto projects and give us a new way to showcase noteworthy practices across projects we audit.

CertiK audited a total of 1,737 projects in 2021. Using this data CertiK produced a report that discusses the most common types of security attacks, and incidents seen.

Bite Size Blockchain A new CertiK series giving users bite-size tips and info to stay informed and safe in the #crypto space. Episode 1: What is a Rug Pull? Check it out to learn what a #rugpull is, how it happens, what to look out for, and more! https://www.certik.com/resources/blog Transcript: Rugpulls are one of DeFi's most common frauds. They occur when a project's founders depart and liquidate their tokens on the open market. Scammers exploit the features of a decentralized exchange, known as a DEX, to pull off their rugpulls. They often pair their token with a real asset for purchase. As their token skyrockets in price due to hype, the founders liquidate their tokens on the market, once they have made enough money from the pairing of the real asset, causing the value of their tokens to crash. Here are some indicators of a rugpull. One, the yields are too high. Two, the creators remain anonymous. Three, the coin prices skyrocket. Four, there are extensive marketing tactics, and five, there is no liquidity lockup. To learn about rugpulls and how to avoid them, visit CertiK.com/resources.