100 Photos and videos
May 27
#PostQuantumSignatures #OTS
One-Time Signatures represent the theoretical bedrock of hash-based cryptography. They provide a provably secure signature mechanism with post-quantum resilience.
TL;DR
certik.com/blog/post-quantum…
45
Apr 19
#KelpDAO has paused rsETH contracts across mainnet and several L2s.
x.com/KelpDAO/status/2045595…
Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate.
We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA.
We will keep you posted as we learn more about this situation. Please follow only the official @KelpDAO handle for the updates.
121
Apr 17
#RheaFiance $7.6M hack. A hacker added liquidity in fresh pools with fake tokens to mislead the oracle and validation layer.
Apr 16
#CertiKInsight 🚨
We have seen an incident affecting @rhea_finance
The attacker created fake token contracts and added liquidity in fresh pools, likely misleading the oracle and validation layer.
In total, at least ~$7.6M was extracted
nearblocks.io/address/31ac7a…
1
2
179
Apr 17
#Tether has froze 3.29M USDT to the hackers.
x.com/paoloardoino/status/20…
Rhea Fiance has temporarily paused the contracts and are conducting a thorough investigation.
x.com/rhea_finance/status/20…
Apr 16
The RHEA team is aware of an incident affecting the protocol. As a precautionary measure, we have temporarily paused the contracts while we conduct a thorough investigation.
We are working closely with key partners, stakeholders, and security experts. Protecting user positions is our immediate priority, and our team is focused on minimizing any potential impact.
RHEA team has reached out to the responsible party through on chain transaction.
nearblocks.io/txns/6r5c2iZig…
3
112
Apr 7
#AIAuditor 28 out 35 real security incidents in 2026 are hit by #CertiK AI Auditor on the first run.
1
3
305
Daniel Tan retweeted
Apr 1
#CertiKStatsAlert 🚨
@DriftProtocol seems to be a victim of an exploit for ~$136M losses.
Funds are currently being laundered or moved.
~$109M in wallet 7RoMqGAcU7S6ESAhPDvB9iSXvASUhuoE8u7dYRxGBew9
solscan.io/account/7RoMqGAcU…
Stay vigilant!
6
16
27
6,516
Mar 11
#AAVEMisconfig A misconfiguration on Aave's CAPO oracle caused wstETH E-Mode liquidations, resulting in a loss of 345 $ETH.
Mar 10
1/ stETH CAPO Misconfiguration
Today, a misconfiguration on Aave's CAPO oracle caused wstETH E-Mode liquidations, resulting in a loss of 345 ETH.
No bad debt was incurred, and all affected users will be fully reimbursed.
More below.
1
179
Mar 3
#ZKVerifierBug on March 10th, the @CertiK Sr. Staff Security Engineer, #XifengJin, will dive into the ZK verifier attack patterns targeting DSL circuits, zkVMs, and proving systems with practical mitigation insights, in the X Space.
#CertiK #ZKVM #DSLCircuit #Audit
As ZK adoption accelerates, verifier-side security is increasingly critical.
In this X Space, CertiK Sr. Staff Security Engineer Xifeng Jin examines attack patterns targeting DSL circuits, zkVMs, and proving systems with practical mitigation insights.
Set a reminder below👇
1
242
Mar 11
A high-level perspective to look at the security in #zkcircuits that abstracts away from specific languages and proving system
docs.google.com/presentation…
39
Jan 22
#Makina $4M #PriceManipulation hack. The MIM-3CRV pool was manipulated by inflating the MIM price through a flashloan, which affects DUSD Caliber to reflect an inflated value, then propagated to the Machine AUM, the DUSD exchange rate, and ultimately to the DUSD/USDC Curve pool.
1
323
Jan 9
#TruebitProtocol exploit. The root cause of this $26M hack was that the price calculation #overflow and was manipulated.
In the vulnerable smart contract, the SafeMath library is not used, and the Solidity version 0.8.0 or higher is also not used.
Jan 9
#CertiKInsight 🚨
On 8 January 2026, @Truebitprotocol
was exploited due to an overflow issue, resulting in a loss of ~$26.6M.
To learn more about what happened, read our full analysis here 👇
certik.com/resources/blog/tr…
334
31 Dec 2025
#Top10HacksIn2025
1⃣Bybit Supply Chain $1.46B Attack
On Feb 21, 2025, #Bybit suffered the largest single hack in web3 history, losing $1.46B, due to the North Korean #LazarusGroup executing a supply chain attack, compromising a Safe Wallet developer's machine.
You’ve read the stats.
Now see the scale.
This video from the 2025 Skynet Hack3d Report brings Web3’s most critical security data into focus.
Watch the key trends that defined the year.
1
1
393
31 Dec 2025
🔟GMX Reentrancy $42M Exploit
On Jul 15, 2025, #GMX V1 lost $42M to a reentrancy attack. Ironically, the vulnerability was introduced by the team's own 2022 bug fix, which lacked proper audit. The hacker exploited a time gap in price updates. Most funds were later returned.
1
176