.png)
Former Certik Clients Question Security Firm’s Stronghold On Protocol Audits
The post Former Certik Clients Question Security Firm’s Stronghold On Protocol Audits appeared on BitcoinEthereumNews.com. A Solana cybersecurity researcher said that the firm does the bare minimum when auditing protocols. Certik found a vulnerability in crypto exchange Kraken and proceeded to hold $3 million of the exchange’s funds hostage last week. As other of the blockchain security firm’s clients come forward, their experiences show the judgment lapse may have not been a one-off. These red flags call into question one of the most well-known security firms in the space. Certik has raised more than $140 million from venture capital firms including Sequoia Capital, Coinbase Ventures, and Tiger Management Capital among others. According to the company, they have audited more than 5,021 smart contracts, and 685 “formally-verified” projects, in a space where expert analysis of smart contract code is crucial with $5.7 billions lost in exploit in the past two years alone, as per data from Web3 bug bounty firm ImmuneFi. Certik did not reply to multiple requests for comment from The Defiant. Did “Bare Minimum” Three years ago, Matías Barrios was employed at Stacktical, a French company that made smart contracts on the Ethereum blockchain. Stacktical employed Certik to audit their code. According to Barrios, who is currently an offensive security engineer for blockchain cybersecurity company Halborn and one of the foremost security experts on Solana, Certik did the bare minimum, and left their code without a deeper review. “Instead of running three layers of audits, which includes static analyzers, manual review, and then testing, they only did the first,” he told The Defiant. The static analyzer, Barrios explained, is just an automated, “very basic,” review of the code. Barrios alleged that this is Certik’s modus operandi. “They go over the code through some automatic tooling, offer a very simple report, and leave it at that,” he said. According to Barrios, they never go through…
The post Former Certik Clients Question Security Firm’s Stronghold On Protocol Audits appeared on BitcoinEthereumNews.com.
A Solana cybersecurity researcher said that the firm does the bare minimum when auditing protocols. Certik found a vulnerability in crypto exchange Kraken and proceeded to hold $3 million of the exchange’s funds hostage last week. As other of the blockchain security firm’s clients come forward, their experiences show the judgment lapse may have not been a one-off. These red flags call into question one of the most well-known security firms in the space. Certik has raised more than $140 million from venture capital firms including Sequoia Capital, Coinbase Ventures, and Tiger Management Capital among others. According to the company, they have audited more than 5,021 smart contracts, and 685 “formally-verified” projects, in a space where expert analysis of smart contract code is crucial with $5.7 billions lost in exploit in the past two years alone, as per data from Web3 bug bounty firm ImmuneFi. Certik did not reply to multiple requests for comment from The Defiant. Did “Bare Minimum” Three years ago, Matías Barrios was employed at Stacktical, a French company that made smart contracts on the Ethereum blockchain. Stacktical employed Certik to audit their code. According to Barrios, who is currently an offensive security engineer for blockchain cybersecurity company Halborn and one of the foremost security experts on Solana, Certik did the bare minimum, and left their code without a deeper review. “Instead of running three layers of audits, which includes static analyzers, manual review, and then testing, they only did the first,” he told The Defiant. The static analyzer, Barrios explained, is just an automated, “very basic,” review of the code. Barrios alleged that this is Certik’s modus operandi. “They go over the code through some automatic tooling, offer a very simple report, and leave it at that,” he said. According to Barrios, they never go through…
What's Your Reaction?
