CertiK Alert

#CertiKStatsAlert 🚨 Combining all the incidents in February we’ve confirmed ~$35.7M lost to exploits with ~$8.5M of the total attributed to phishing. This figure is the lowest monthly loss since March 2025. More details below 👇

#CertiKInsight 🚨 The @cysic_fdn account has been compromised. Please disregard any suspicious posts during this time. x.com/cysic_xyz/stat… Stay Vigilant!

2/ The stolen funds were split across 3 different wallets and swapped for ETH: - 616.81 ETH (~$1.4M) to: 0x9F6f1ac48E4c7E53495A99ce49974Cd1914fE17E - 114.24 ETH (~$266k) to: 0xf1A50bbebA19a85dB20432c6c201aa89604dfd2B - 38.14 ETH (~$89k) to: 0x6fE314fD4CF845f35fc461eD98e2FB8d9356B566 Stay vigilant!

1/ The exploit occurred after the victim interacted with the malicious contract 0x9F68523efdc91ADbE53c3776Aa927f41aB4FE17E and provided a Permit signature.

#CertiKInsight 🚨 Our monitoring system has detected a wallet being drained of ~$1.76M USDC. skylens.certik.com/tx/eth/0xfd741…

Thanks to @beincrypto for featuring CertiK among the top security solutions in the space. We appreciate the recognition of our work in formal verification and blockchain security, and we remain committed to helping secure the Web3 ecosystem.

#CertiKInsight 🚨 We previously highlighted that France had the highest number of wrench attacks in 2025 with a total of 19 attacks. Since the beginning of the year, France has recorded at least 13 wrench attacks, making it the country most affected by this type of incident.

1/ To learn more about wrench attacks, read our full report here 👇 certik.com/blog/skynet-wr…

#CertiKInsight 🚨 A recent physical attack resulting in a ~$24M loss serves as a grim reminder: "Wrench attacks" are a surging threat in the crypto space. With 29 documented cases in Europe in 2025 alone, security is no longer just about your private keys.

#CertiKInsight 🚨 We have seen ~$24M worth of aEthUSDC taken from @sillytuna, reportedly under threat of physical harm. The majority of the funds are at: 0xd0c2C387A7F10CD1FBb1078FaCC834eC43c9dd3E 0xdCA9F78a5740bd19D4652F877B7a10a6Ad3eC9C4 x.com/sillytuna/stat… Stay Vigilant!

#CertiKInsight 🚨 We have seen an exploit in skylens.certik.com/tx/eth/0xb9350… After manipulating @InverseFinance's sDOLA balance with ~$30M flashloaned, the exploiter was able to liquidate 27 users' sDOLA collateralized positions and profited ~$240K. Stay Vigilant!

#CertiKInsight 🚨 On 14 February and 22 February 2026, SOF and LAXO tokens were exploited, resulting in losses of ~$248K and ~$190K respectively, due to their burn logic. To learn more about what happened, read our full analysis here 👇 certik.com/blog/sof-laxo-…

#CertiKInsight 🚨 Earlier this morning @ploutos_money was exploited and lost 187.36 (~$388k) due to an apparent price oracle misconfiguration. skylens.certik.com/tx/eth/0xa17dc… Since the attack, the Ploutos website and social media accounts have been deleted.

2/ Transaction Hash: skylens.certik.com/tx/eth/0xce204…

#CertiKInsight 🚨 We have seen a ~$1.8M exploit/whitehat rescue on @FOOMCASH lottery contract. The root cause may be the delta2==gamma2 setting of the Groth16 verifier at 0xc043865fb4D542E2bc5ed5Ed9A2F0939965671A6. This enables the exploiter to compute 'pC' needed for different 'nullifierHash' while all other inputs are the same, and repeatedly collect ZOOM tokens. Stay Vigilant!

1/ An earlier, smaller such case has been well studied in coinsbench.com/forging-zksnar…

🇺🇸@EthereumDenver has officially started! If you’re in Denver this week, make sure to drop by and say hi 👋 Looking forward to connecting with builders, founders, and the broader Web3 community. See you there.

/3 Immediate Action & Best Practices: 1. Do Not Comply: Close the prompt immediately. 2. Verify Source: Only download updates from official wallet sources. 3. Remember: Your seed phrase is the master key to your funds. Keep it offline and private. Stay vigilant!

/2 This malicious "update" is a deceptive ploy. Upon completion, the system prompts users to "import" or "verify" their seed phrase. NEVER enter your seed phrase, private key, or recovery credentials in response to a prompt from a wallet, website, or service.

#CertiKInsight 🚨 Be aware smithii[.]io is currently compromised. Users connecting to the platform are being prompted with a fake "security update" for their wallet.