Trusted

Top Crypto Security Audit Firm Struggles: Major Failures Raise Concerns

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • CertiK founder has claimed crypto security supremacy.
  • Merlin DEX audit brought into question following $1.8M exploit.
  • CertiK warned over centralization issues.
  • promo

Crypto security audit firm CertiK has been busy recently. However, failures on previously audited projects have raised a few eyebrows.

On April 26, CertiK founder and professor at Columbia University, Gu Ronghui, spoke to Chinese media.

He told the outlet (translation) that “We [CertiK] have turned blockchain security into a track almost by ourselves, which has attracted a lot of attention.”

He went on to boast that CertiK achieved a 70% share of the crypto security market. Furthermore, the cost of web3 security audits has been reduced by more than 90% by the firm, Ronghui added.

On April 24, the company posted an update on recently completed crypto security audits.

Completed CertiK audits - Twitter/@CertiK
Completed CertiK Audits | Twitter/@CertiK

Crypto Security Audit Firm CertiK Investigates Merlin

However, not all is as rosy as it seems at the crypto security audit firm.

“On the same day that this interview was published, the project Merlin, which Certik had just completed auditing, was stolen,” reported industry analyst Colin Wu.

On April 26, CertiK reported that it was investigating an incident on the Merlin decentralized exchange.

It said that initial findings point to a potential private key management issue rather than an exploit as the root cause. However, in its own self-defense, the firm added:

“While audits cannot prevent private key issues, we always highlight best practices to projects.”

As reported by BeInCrypto, the Merlin DEX suffered a $1.82 million liquidity pool hack on April 26.

The zkSync-based DEX was exploited following an attack on its liquidity pool, depleting funds in USDC which were then bridged to Ethereum (ETH).

The Certik audit has come into question, but the firm stated it highlighted centralization risks.

“In the audit report ‘Merlin DEX,’ the centralization risk is highlighted under the section ‘Decentralization Efforts.’”

However, those details were vague, according to DeFi researchers. “@DefiIgnas” pointed out that vital information was omitted from the audit summary.

“Reading your audit, you mentioned that the ‘owner account may allow the hacker to take advantage of this authority.’ But the audit summary did not have this info.”

Audits Not a Guarantee

However, these audits do not prevent exploits, nor do they detect all vulnerabilities.

According to the Rekt Database, which monitors DeFi exploits, rug-pulls, and thefts, there have been a total of 31 exploits on Certik audited protocols.

Four of those have been in 2023, with the largest two, Orion Protocol and dForce, both losing over $3 million.

Exploits on CertiK audited protocols - de.fi/rekt-database
Exploits on CertiK audited protocols – de.fi/rekt-database

Nevertheless, it should also be noted that many of these exploited protocols have also been audited by other leading security firms. Certik has also previously warned over centralization issues on many exploited DeFi protocols.

Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

profile.jpg
Martin Young
Martin Young is a seasoned cryptocurrency journalist and editor with over 7 years of experience covering the latest news and trends in the digital asset space. He is passionate about making complex blockchain, fintech, and macroeconomics concepts understandable for mainstream audiences.   Martin has been featured in top finance, technology, and crypto publications including BeInCrypto, CoinTelegraph, NewsBTC, FX Empire, and Asia Times. His articles provide an in-depth analysis of...
READ FULL BIO
Sponsored
Sponsored