Just like any other emerging technologies, Web3 is not risk-free. The advent of Web3 tech and its subsequent adoption in different innovations such as blockchain, DeFi, and cryptocurrencies also sparked a wave of potential risks that those adopting the technology need to be wary of.
Novice users are often caught in this wave of threats that include cybersecurity, and financial and privacy breaches. To prevent this, blockchain cybersecurity company CertiK deploys what it calls best-in-class formal verification and AI technology to secure and monitor blockchains, smart contracts, and Web3 apps.
Verification Framework For Smart Contracts
Founded in 2018 by by Prof. Ronghui Gu and Prof. Zhong Shao of Columbia and Yale Universities respectively, its mission is to secure the Web3 ecosystem by applying its cutting-edge innovations from academia to enterprise and enabling mission-critical applications to scale with safety and correctness.
CertiK is a smart contract and blockchain auditing company that has developed a cutting-edge formal verification framework for smart contracts and blockchain ecosystems. This platform mathematically validates the security of smart contracts attempting to bypass the limitations of manual detection.
CertiK told Afcacia that it has worked with nearly 4,000 enterprise clients, secured over $360 billion worth of digital assets, and detected nearly 70,000 vulnerabilities in blockchain code, and currently has clients including leading Web3 projects like PAX Gold, Aave, Crypto.com, Polygon, Binance Chain, Terra, Yearn, and Chiliz.
Minimizing Risks in Web3
Christopher Kanabi-Mulinde – business development representative for CertiK in Africa – says the startup basically seeks to find ways to help the regulators to demystify the Web3 and crypto industry and also help users minimize the risks involved in the crypto space.
“Roughly 86% of sub-Saharan African countries have some form of restriction on crypto use. One sub-Saharan African country accepts crypto as legal tender. And over 21% of African countries have a complete ban on the use of cryptocurrencies,” Mulinde told delegates at the CV VC Africa Summit in Cape Town in May. “And this is the space that we work in. Regulators often find it difficult to regulate a space that they don’t comprehensively understand, is volatile, and keeps changing. They, therefore, resort to just working with a balancing act of minimizing risks by finding ways in which they can protect consumers.”
Many regulators still see the crypto industry as a threat and a way to circumvent local rules that touch on finances and monetary policies, according to Mulinde. CertiK seeks to build trust among consumers and regulators and protect their investments and assets in the crypto ecosystem while safeguarding the developers and tech startup founders from insider threats.
Transparency in Web3
“Transparency is key in every Web3 project. Anonymity would therefore raise some questions as rogue operators may take advantage of the anonymity concept that the industry mostly deploys in its operatives. CertiK, accordingly, ensures that users understand the legitimate operators in a blockchain project,” Mulinde says. “In this case, we basically help distinguish rogue operators from the legitimate ones.”
Using a full-stack approach, CertiK also provides on-chain monitoring of activities in a project and reports any issues in real time through a post-deployment monitoring and analysis system.
“Certik, which audits projects ranging from DeFi, DAO, DEX, NFT, to metaverse platforms, also develops Skynet monitoring tools, performs due diligence and KYC, and provides secure KYC for Web3 projects,” Mulinde notes.
In the first half of 2024, more than $1.1 billion worth of cryptocurrency was lost to Web3-related cybersecurity incidents, according to Certik. These losses spanned 408 on-chain security breaches, averaging $2.9 million per incident.
The incidents revealed stark variations, with median losses reported at $230,784. Among the attack vectors, phishing emerged as the most widespread threat, accounting for 150 incidents and $497.7 million in total losses. This underscores the significant risks posed to users in the decentralized Web3 environment.