Certik is a platform founded by professors from Yale and Columbia University in 2018. The company is a pioneer in Web3 security. It uses formal verification and AI to protect and monitor blockchain protocols, smart contracts, and Web3 apps.
In July 2023, the company published a report that features interesting facts related to the crypto market.
Losses in numbers
In the second quarter of 2023, hackers stole 313,566,526 US dollars from Web3 protocols. This indicator is close to the number for the first quarter when 320 million US dollars was stolen from users, and 58% lower compared to 745 million US dollars lost in the second quarter of 2022.
In total, there were 212 separate incidents of security breaches in the second quarter of 2023. As a result, the average loss per a security breach amounted to 1,479,087 US dollars. This is just below the amount registered in the first quarter of 2023 — 1,562,595 US dollars.
A new hotline for hack victims
Users who have suffered from malicious activities can now seek help using a special telegram bot. Seal 911 is an experiment that is aimed at providing a hotline to Web3 users in case of emergencies. It was designed by a group of Web3 security experts.
A team of Web3 experts came together to design an emergency network and created the Seal 911 bot.
“Our experimental solution: a Telegram bot which anyone can use during emergencies to get in touch with trusted members of the security community and their extensive network of contacts,” commented head of security at Paradigm, a research-driven technology investment firm.
The project has already won the support of independent researchers and security experts from such companies as Paradigm, ConsenSys, MetaMask, Yearn, and Polygon. When sending a private message to the bot, users can also click the “I have an emergency” button and contact an expert.
Deficit of reliable resources
Web3 security is a concern. A security issue can be effectively addressed by a knowledgeable expert, but many users do not know who they can turn to in this decentralized ecosystem. There is no single organization responsible for ensuring security.
“The effort so far has also revealed that there is a serious lack of resources available for your average crypto person who observes, investigates, or has lost money due to a hack, exploit, scam, rug pull, or phishing site,” said Taylor Monahan, member of the MetaMask team, who is involved with the initiative.
“There are so many instances where people want to share information and/or get the word out about a bad thing that is happening, but have no idea how to best do so,” he added.
Fake rescuers
Monahan comments that scammers often respond to posts concerning exploits and offer their services. However, instead of helping users to recover their assets they set up phishing links.
“It’s also often unclear to end-users who they should inform and what would be most productive. For example, if a project’s Twitter is taken over by hackers and blasts out a malicious URL to a fake airdrop scam related to a separate project, should the user ping the original project, the project the airdrop scheme was impersonating, their wallet software, or someone else?” Monahan said.
According to Taylor Monahan, the industry should foster the efforts in order to collect and exchange best practices that can be used to warn of a scam and spread information on the actions of scammers.
“SEAL 911 is obviously one of those resources but, given the diversity of Bad Things™ that happen in this industry, real progress will likely only come from a variety of efforts stemming from a variety of groups and people inside this ecosystem,” Monahan concluded.
