All Blogs
The Summer Regulatory Crunch: All Eyes on the CLARITY Act
An overview of notable crypto regulatory developments that happened in June 2026.
CertiK Hack3D: H1 2026 Report
Web3 security losses exceeded $1.31 billion in H1 2026 across 344 incidents, with wallet compromise emerging as the most financially destructive attack vector and phishing shifting toward fewer, higher-value social engineering attacks.
CertiK Named Official Vendor for Hub71, Bringing Security and Compliance Support to Abu Dhabi's Startup Ecosystem
CertiK has been named an official vendor for Hub71, offering portfolio companies a 20% service discount, a $200K subsidy pool, and free access to the CertiK Compliance Tool for UAE licensing and compliance.
Introducing CertiK Hunt, The Invite-Only Security Platform for Web3 Projects and Top Security Researchers
CertiK Hunt is an invite-only platform connecting elite security researchers with web3 projects through bug bounty programs, audit competitions, and AI challenges.
What Are Decentralized Apps (dApps)?
Decentralized apps (dApps) run on blockchain networks like Ethereum, Solana, BSC, SUI, and Avalanche. Learn what dApps are, how they work, examples, and their advantages in Web3.
Advancing Sui: The Evolution of Sui’s Payment Pipeline
Explore how Sui's Address Balance layer powers gasless stablecoin transfers, providing a frictionless user experience while tackling complex engineering challenges at the execution and settlement level.
CertiK Skills: Bringing Blockchain Security Intelligence Into AI Agents
Discover CertiK's open-source AI Agent Skills for Claude Code, Codex, and Cursor. Easily plug in SkyInsights, Skylens, and Skynet Score to access real-time Web3 wallet screening, EVM forensics, and project security intelligence directly within your agent workflow.
JaredFromSubway MEV bot Incident Analysis
On 20 June 2026, the JaredFromSubway MEV bot lost 4,424 ETH (~$7.5M) due to an approval hijacking flaw. The attacker deployed fake arbitrage pools and bait tokens that appeared to offer profitable trading opportunities, causing the bot’s automated strategy to interact with malicious contracts and grant token approvals.
Security Considerations for Passkey-Based Web3 Wallets
This article analyzes that security model across the full asset-control lifecycle. It traces a single transaction through Clave's open-source implementation, surveys past vulnerabilities in WebAuthn, FIDO2, and CTAP, maps them onto the lifecycle of a typical Passkey Wallet, and ends with implementation checks for teams building one.
Catch Runtime Bugs Before They Become Mainnet Incidents: CertiK Grey Box Chain Audit
CertiK's Grey Box Chain Audit catches runtime bugs before they become mainnet incidents, using fault injection and live network testing to surface chain-critical failures that static analysis alone cannot detect.
GnosisPay Incident Analysis
On 01 June 2026 an attacker drained dozens of GnosisPay Safes on Gnosis Chain. The attack vector was a signature-verification flaw in the GnosisPay Delay module.
May 2026 Regulatory Recap: Significant Movement with the CLARITY Act
A massive turning point arrived in July 2025 when the Trump Administration’s pro-crypto stance coalesced into historic legislative action: the passage of both the stablecoin-focused GENIUS Act and the landmark CLARITY Act by the House.