CertiK Alert

about 11 hours ago

1/ It seems not all part of the submitted '_proofData' is properly verified: the computeRootHashes() only takes the beginning of '_proofData for verification, while the parameters handled by processDepositsAndWithdrawals() to transfer tokens are in the middle.

CertiKAlert's tweet photo. 1/ It seems not all part of the submitted '_proofData' is properly verified: the computeRootHashes() only takes the beginning of '_proofData for verification, while the parameters handled by processDepositsAndWithdrawals() to transfer tokens are in the middle. https://t.co/WAblZ2Amvc

0

3

0

2

2K

about 12 hours ago

#CertiKInsight 🚨 We have detected a suspicious transaction that drained @aztecnetwork Router contract of ~$2.19M by 0x0f18d8b44a740272f0be4d08338d2b165b7edd17 on Ethereum. https://t.co/MizKXnEkTM Stay Vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

We have detected a suspicious transaction that drained @aztecnetwork Router contract of ~$2.19M by 0x0f18d8b44a740272f0be4d08338d2b165b7edd17 on Ethereum.

https://t.co/MizKXnEkTM

Stay Vigilant! https://t.co/iUYMtenQYY

9

174

31

47

23K

Better Money Technology // @LayerZero_Fndn ㅤ

6 days ago

1/ An attacker withdrew 662 ETH from Tornado Cash and used it to obtain 50% of the TOP supply. https://t.co/gAcvz6tAkC Owning 50% of TOP allowed them to execute a vote on minting 10B TOP tokens which they then swapped for 944 ETH

CertiKAlert's tweet photo. 1/ An attacker withdrew 662 ETH from Tornado Cash and used it to obtain 50% of the TOP supply.

https://t.co/gAcvz6tAkC

Owning 50% of TOP allowed them to execute a vote on minting 10B TOP tokens which they then swapped for 944 ETH https://t.co/6D418Gkzf3

1

8

2

5

2K

Who to follow

LayerZero

@LayerZero_Core

AegisWeb3

@AegisWeb3

AegisWeb3• A @PeckShield Formation｜ Guard your assets with multi-dimensional protection

Layer3

@layer3xyz

Discover onchain finance with one app.

6 days ago

#CertiKInsight 🚨 We have seen an exploit affecting contract 0x0fa3E014fA2E751F78e53Dca766faC2223327329 BPool with a loss of 282 ETH (~$471k). https://t.co/eV1ksVdsdB

4

38

8

21

6K

6 days ago

2/ On Ethereum, the exploiter aggregate fund of 18,763 ETH (~$31.4M) to three addresses. On BSC, the "minter" continue to liquidize ethereum:0xcf5104d094e3864cfcbda43b82e1cefd26a016eb tokens and has acquired over 1300 BNB (~$780K).

CertiKAlert's tweet photo. 2/ On Ethereum, the exploiter aggregate fund of 18,763 ETH (~$31.4M) to three addresses.

On BSC, the "minter" continue to liquidize ethereum:0xcf5104d094e3864cfcbda43b82e1cefd26a016eb
tokens and has acquired over 1300 BNB (~$780K). https://t.co/Bjm8XzdGoJ

0

2

0

1

2K

6 days ago

#CertiKInsight 🚨 We have seen a series of wallet compromises involving @Humanityprot. $H tokens were transferred to and dumped for ~16320 ETH (~$27M) so far on six addresses: 0x456cb73b35022e4b524e5510807776453d984aef 0xee4b6b8967aa947ac3aef540ee07ea6099c566f7 0xaf2a4989922299eb14a29e332dad1012a8aad3a0 0x1dfe5cf3ed5a0ac82fdd0bfcdac7b6c6323f844a 0xd1ea823d421e0c829ee11f772af487fd352678ea 0x9e995952ef7665b243eeef0693acd7fed7150504 Stay Vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

We have seen a series of wallet compromises involving @Humanityprot.

$H tokens were transferred to and dumped for ~16320 ETH (~$27M) so far on six addresses:

0x456cb73b35022e4b524e5510807776453d984aef
0xee4b6b8967aa947ac3aef540ee07ea6099c566f7
0xaf2a4989922299eb14a29e332dad1012a8aad3a0
0x1dfe5cf3ed5a0ac82fdd0bfcdac7b6c6323f844a
0xd1ea823d421e0c829ee11f772af487fd352678ea
0x9e995952ef7665b243eeef0693acd7fed7150504

Stay Vigilant!

7

50

10

3

8K

6 days ago

1/ Additional 100M $H were minted and being dumped on BSC, after ownership of token admin contract has been transferred through a multisig, whose three signer addresses likely all compromised, and a malicious token implementation upgraded.

CertiKAlert's tweet photo. 1/ Additional 100M $H were minted and being dumped on BSC, after ownership of token admin contract has been transferred through a multisig, whose three signer addresses likely all compromised, and a malicious token implementation upgraded. https://t.co/BCOctBLP2r

1

10

1

0

2K

CertiKAlert retweeted

8 days ago

.@proofoftalk 2026 was one to remember.🇫🇷 From meaningful conversations and new connections at our booth, to insightful interviews, an incredible panel discussion, and a fantastic VIP Dinner we were proud to co-host — it was a memorable few days. See you at the next one.

8

42

9

0

5K

10 days ago

#CertiKInsight 🚨 On 1 June, GnosisPay was exploited, resulting in a loss of ~$265K. To learn more about what happened, read our full analysis here 👇 https://t.co/VIFD5sjrLO

0

40

8

6

5K

10 days ago

1/ On May 30, the attacker minted fake Osmosis tokens with fabricated strings containing real Ethereum addresses, used the permissionless deployERC20() function to corrupt the token registry mapping fake balances to real custody assets, and withdrew $5.4M from Gravity Bridge.

CertiKAlert's tweet photo. 1/ On May 30, the attacker minted fake Osmosis tokens with fabricated strings containing real Ethereum addresses, used the permissionless deployERC20() function to corrupt the token registry mapping fake balances to real custody assets, and withdrew $5.4M from Gravity Bridge. https://t.co/eqfCpqIIwV

0

7

4

2

3K

10 days ago

#CertiKInsight 🚨 The @gravity_bridge exploiter deposited another batch of 1180 ETH (~$2.06M) into Tornado Cash. Of the 2600 ETH stolen (~$5.4M at time of exploit), 2020 has been deposited into Tornado from two EOAs, with the remaining dispersed to CEXs. Stay Vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

The @gravity_bridge exploiter deposited another batch of 1180 ETH (~$2.06M) into Tornado Cash.

Of the 2600 ETH stolen (~$5.4M at time of exploit), 2020 has been deposited into Tornado from two EOAs, with the remaining dispersed to CEXs.

Stay Vigilant! https://t.co/V3lrzR3Hef

2

49

14

11

8K

11 days ago

1/ The attacker EOA 0x7e7C1f0D567c0483f85e1d016718E44414CdBAFE is responsible for other exploits on token contracts since 2025.

CertiKAlert's tweet photo. 1/ The attacker EOA 0x7e7C1f0D567c0483f85e1d016718E44414CdBAFE is responsible for other exploits on token contracts since 2025. https://t.co/h3uVLEZ66y

0

2

1

3

4K

11 days ago

#CertiKInsight 🚨 We have seen an exploit of ~$243K on ATM token. The transferFrom() includes logic to swap 20% transfer amount of ATM for BSC-USD, so the attacker can repeatedly swap out extra after transfer. https://t.co/mf6uhujZgK Stay vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

We have seen an exploit of ~$243K on ATM token. The transferFrom() includes logic to swap 20% transfer amount of ATM for BSC-USD, so the attacker can repeatedly swap out extra after transfer.

https://t.co/mf6uhujZgK

Stay vigilant! https://t.co/hwN1B3Xt0m

6

83

16

37

9K

CertiKAlert retweeted

12 days ago

Bonjour, Paris! 🇫🇷☕️ We’re kicking off Day 2 of @proofoftalk and would love to meet you. Stop by the CertiK booth for a coffee, a chat about Web3 security, and a look at how we’re helping secure the future of the industry. See you there! 👋

CertiK's tweet photo. Bonjour, Paris! 🇫🇷☕️

We’re kicking off Day 2 of @proofoftalk and would love to meet you.

Stop by the CertiK booth for a coffee, a chat about Web3 security, and a look at how we’re helping secure the future of the industry.

See you there! 👋 https://t.co/RiHQqhQLOu

9

50

9

0

5K

CertiKAlert retweeted

19 days ago

Today we’re launching CertiK Skill Scanner — a security layer for third-party AI Skills and autonomous Agents. Built for marketplaces, enterprises, and developers, Skill Scanner identifies execution-stage risks before deployment. Learn more👇 https://t.co/6JmLcyebrx

13

159

80

12

180K

24 days ago

#CertiKInsight 🚨 We have seen a private key compromise affecting the "Polymarket UMA CTF Adapter Admin" and potentially two other addresses, resulting in the draining of ~$575K in Matic and USDC. https://t.co/EOzKWUtrYM Stay Vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

We have seen a private key compromise affecting the "Polymarket UMA CTF Adapter Admin" and potentially two other addresses, resulting in the draining of ~$575K in Matic and USDC.

https://t.co/EOzKWUtrYM

Stay Vigilant! https://t.co/UCVZFp70Pq

Polymarket Developers

@PolymarketDevs

24 days ago

We’re aware of the security reports linked to rewards payout. User funds and market resolution are safe. Findings point to a private key compromise of a wallet used for internal top-up operations, not contracts or core infrastructure. More updates to follow.

31

239

52

12

50K

0

34

13

3

8K

CertiKAlert retweeted

24 days ago

🚨 Physical attacks against crypto holders surged 75% in 2025, with 72 confirmed incidents and $41M in known losses. @Bloomberg featured our Skynet Wrench Attacks report, highlighting the growing real-world threat landscape facing the crypto ecosystem.👇 https://t.co/hiG6Oycwb3

4

37

16

0

5K

25 days ago

#CertiKInsight 🚨 @TransitFinance exploiter has deposited 832.9 ETH (~$1.8M) into https://t.co/0lwPdz0OWi from Ethereum EOA 0x9db82d911328196d50C36450B1Ef5985DF15732B. Stay Vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

@TransitFinance exploiter has deposited 832.9 ETH (~$1.8M) into https://t.co/0lwPdz0OWi from Ethereum EOA 0x9db82d911328196d50C36450B1Ef5985DF15732B.

Stay Vigilant! https://t.co/twmI073Fg4

2

38

10

6K