According to official CertiK sources, the X account was briefly stolen and hackers had previously posted false messages with phishing links. Currently, the CertiK X account has been restored to normal and all previous false messages have been deleted.

CertiK has stated on social media that they are currently investigating the theft of X account. Please do not interact with any posts until we confirm the security of the account.

CertiK, a global leader in blockchain security, recently introduced stablecoin security auditing and compliance consulting services, aimed at bolstering the safety of stablecoins and advancing Web3.0 technology applications. The firm provided expert advice on the regulatory framework for stablecoins to the Monetary Authority of Singapore (MAS), earning recognition. Their services include smart contract auditing and blockchain security evaluations, meeting compliance requirements across various regions globally, and fostering innovation and safety in the stablecoin sector.

CertiK tested devices equipped with TEE-based dedicated wallets, revealing a major vulnerability in the trusted execution environment (TEE) of mobile devices. TEE has always been considered the ultimate defense for device security, requiring users to access TEE wallets through a PIN code when setting up wallets in "secure mode" on the device. However, CertiK's test results show that attackers can easily extract the PIN code stored in the TEE, and then access the wallet and obtain the private key, successfully stealing assets. The manufacturer of the test device quickly contacted CertiK and fixed the problem with the TEE seed library in the latest version. CertiK emphasized that Web3 users must remain highly vigilant and guard against implementation flaws in security measures. When necessary, professional third-party security audits and technologies should be sought to protect their assets.

CertiK has discovered a critical bootloader vulnerability in Solana Phone. CertiK's testing experts were able to jailbreak the phone in just one minute and "clean out" all of its assets with just a few steps.<br>The vulnerability stems from an insecure "bootloader unlock" feature. In addition to stealing user assets, it also exposes all personal data stored on the device. Over 2,100 devices have been at serious risk since early April. Given the complexity of the vulnerability and the need for physical access, CertiK has informed Solana of the vulnerability and publicly released this vulnerability warning to protect Web3 users and encourage them to take effective measures to protect their asset security. <br>CertiK released a video analyzing the details of the vulnerability on November 15. They emphasized that the vulnerability is not limited to Solana Phone and recommended that relevant projects and developers take immediate action to strengthen bootloader protection.

Certik announced on X platform that Skynet Security Rating has been launched on Sonarverse. It is reported that Sonarverse was founded in 2022 and is a Web3 data analysis platform.

On October 23, at the ETH HK Side Event, a Web3 ecosystem security forum jointly held by CertiK and OKLink in Causeway Bay, Hong Kong, Professor Li Kang, Chief Security Officer of CertiK, shared his views on digital asset security construction. He pointed out that according to CertiK's statistics, the number of security incidents as of September 2023 has exceeded the total number in 2022. Hacking attacks and fraudulent behavior are still important threats, seriously hindering the development of the Web3 industry. Li Kang also mentioned the revolutionary feature of transparency in the Web3 field. The entire ecosystem can reduce security risks through public and transparent measures, such as asset management solutions. At the event, leaders from the Hong Kong Investment Promotion Agency, OKLink, and BlockSec shared their related work and latest developments in Web3 security construction. For example, CertiK and OKLink have received responses from multiple exchanges in asset tracking locking and data labeling. Finally, Li Kang hopes to further strengthen Hong Kong's position as a Web3 innovation gateway in the rapidly growing Asia-Pacific region through this sharing, and jointly promote the safe application and landing of Web3 technology.

CertiK announced on Twitter that the OxODexPool project was attacked by a flash loan, resulting in a loss of 40 ETH (approximately $61,000). It is reported that the stolen funds are currently held in the attacker's wallet.

According to the official CertiK Twitter, fake Base tokens with a large amount of liquidity have been removed. It is reported that the deployer has profited $544,000 by removing large amounts of liquidity through multiple similar actions. Their ETH address is 0x2025273c4B985a00bc60E871a9031a12FF216F9B.

According to an official tweet from CertiK, users should be cautious of a false Apecoin airdrop message posted by a verified account on Twitter. Users should not interact with the related links as the website will connect to a known automatic coin theft address.