DeFi has entered its next phase - an era when security is written into the DNA of every chain, protocol and exchange. 

The industry reached $2.5 trillion in onchain value in 2025. But success breeds risk. New vulnerabilities, attack vectors, and gaps were exposed in the security posture across the blockchain ecosystem. In this critical moment, companies have recognized that security isn’t just about identifying bugs before launch - it’s about ensuring that systems remain secure as they evolve and scale to support the ever-changing needs of their users.

Certora hasn’t simply kept pace. We’ve proven ourselves to be the partner that DeFi demands. 

Last year our security footprint expanded across new chains, languages, and infrastructure layers. 

Our security research team quadrupled in size. 

And our work drove home the importance of long-term security partnerships.

The numbers below tell that story: not just what we secured in 2025, but the momentum that’s carrying Certora and DeFi as a whole into a safe new world.

We’re Trusted at the Top. Where Do You Land?

In 2025, we expanded our role as the security partner for the majority of DeFi’s most important protocols. Fourteen of the top 20 protocols by TVL and seven of the top 10 rely on us not just for one-off audits, but for continuous, long-term security engagement.

70% of the top 20 DeFi protocols by TVL are Certora customers.
70% of the top 10 work with Certora on a continuous, long-term basis.

Which platforms work with us continually?

Aave: 5+ years
Compound: 5+ years
Sky: 4+ years
Morpho: 4 years
Silo: 4 years
Safe: 3+ years
EigenLayer: 3+ years
Lido: 3 years
Stellar: 2 years

And that’s just the top of the list. Dozens of others rely on us to secure their platforms. In 2025 alone, 44 new protocols entered security engagements with Certora, including Fluid, Jito, Navi, Polygon, Suilend, and many more.

That’s why we protected $196.5 billion in assets last year.

Security at Scale

Modern protocols don’t live on a single chain or language. In 2025, we reviewed hundreds of thousands of lines of code (LOC) across the entire web3 landscape:

• EVM: 200,700 LOC
• Solana: 206,600 LOC
• Sui: 33,000 LOC
• Aptos: 16,300 LOC
• NEAR: 6,000 LOC
• Blockchain Infrastructure: 90,000 LOC
• Mobile Applications: 14,000 LOC
• Off-Chain Systems: 36,000 LOC for EigenLayer Hourglass, SafeNet, Cork, Lido tooling, and more

We’ve tackled every environment and every execution model. We’ve corrected failure modes and developer pitfalls. That’s because security means understanding how systems behave under stress regardless of the particular chain, language, or timeframe.

What Value Really Means

TVL doesn’t tell the full story. Certora’s work spans across infrastructure layers, governance systems, and user-facing applications.

• $90B of the assets we secured were through design review and formal verification of protocol invariants, meaning correctness was mathematically proven and not assumed
• 150 audits were completed across chains, execution environments, and system layers
• 720+ vulnerabilities were identified and prevented before deployment
• 99% of all findings were fixed by teams prior to launch
• 11 protocols were paused before deployment after uncovering severe risks

Security in 2025 wasn’t about checking boxes. It was about changing outcomes.

The Hacks That Never Happened

In 2025, Certora identified:

• 80 critical vulnerabilities
• 180 high-severity vulnerabilities
• 360 medium-severity vulnerabilities

These weren’t just cosmetic issues. They included bugs that could have caused:

• Insolvency without an exploit
• Permanent freezing of user funds
• Unliquidatable debt positions
• Governance capture
• Silent economic drift that only manifests months later

In one case, a single protocol contained up to 80 distinct issues, highlighting just how fragile complex systems can be under real-world conditions.

Certora also uncovered 10 live bugs in already-deployed systems. Another reminder that security doesn’t end at launch, but requires ongoing scrutiny as markets, usage, and chains evolve.

The Shifting Frontier

In 2025, we repeatedly uncovered failures that weren’t rooted in syntax but economics, assumptions, and cross-system interactions.

We protected our customers from:

• A math error that could inflate effective interest rates by up to 2,000×
• A subtle liquidation failure mode introduced by Ethereum’s Fusaka upgrade, where per-transaction gas limits could create unliquidatable positions
• Rounding errors that violated core invariants such as share rate monotonicity

These were not bugs that could be caught with pattern matching. They required deep protocol understanding, economic reasoning, and awareness of chain-level changes.

Built to Last

In 2025, much of our work focused on ensuring the economic solvency of our customers over time. Our goal is to help our customers build protocols that last - for years, decades, and beyond - and our audits take into account the long-term implications of each calculation. Through our work, we uncovered multiple accounting flaws that would only manifest in the distant future, eventually triggering disasters that include:

• Overpaying interest
• Breaking solvency invariants without an exploit
• Accumulating “ghost debt” that permanently distorts system economics

Although these protocols appeared correct at a snapshot in time, they failed when state transitions were examined across time.

Why Formal Verification is a Guarantee

Protocols need proof of correctness, not just confidence. In 2025, our formal verification processes moved beyond checking functions in isolation and came to include system-wide invariants (i.e. properties that must always hold).

Here are just some of the properties that we proved:

Aave v4:
• Share rate is monotonic
• User actions cannot make healthy accounts unhealthy
• No collateral implies no debt

Euler Earn & Kamino:
• Protocol solvency is formally proved

Silo:
• Consistency is balanced across supply and withdrawal queues

Stellar:
• Expired allowances cannot be reused

The Biggest Brains in the Business

Our work is only as good as our talent, and we’ve built a deep bench of expertise. In 2025, that bench became a lot wider.

We quadrupled our security research team to 40 experts, including 25 PhDs across formal methods, cryptography, and systems.

And we now have four dedicated research teams.

Every Certora audit is conducted by best-in-class researchers under team-lead supervision, and their work is supported by formal verification, automated analysis, and repeated manual review. Our researchers build deep partnerships with our customers - working together across multiple audits, versions, and projects. Our auditors stick with our customers through deployment and beyond - reviewing every aspect of protocol launch, initialization, and on-going governance.

Security at this level isn’t incidental, it’s engineered.

The Path Ahead

The protocols that succeeded in 2025 didn’t just move fast. They partnered with us early, verified deeply, and treated security as foundational infrastructure, not just a checkbox.

Certora is proud to be the security partner behind those companies, and we’re even more excited about what comes next.