Computer Emergency Response Team · Web3
When the chain is on fire, someone has to answer the phone.
0xCERT is an independent computer emergency response team for public blockchains. We coordinate incident response, advisories, and stolen-fund recovery across smart contracts, bridges, wallets, and Web3 infrastructure — 24/7, across every chain that matters.
› on-call · Initial triage within 60 minutes, 24/7
Stolen in 2025
$2.1B+
across tracked exploits
Median response
< 60 min
from report to triage
Chains covered
40+
L1s, L2s, and app-chains
Coverage
24/7/365
on-call rotation
Mission
A neutral coordination point for a multi-chain world.
Traditional CERTs were designed for IP networks, TLS certificates, and a small set of vendors. Blockchains have none of those assumptions. Code is the bank, the ledger is public, and the attacker keeps the funds the moment a transaction lands.
0xCERT exists because no one owns the incident. Protocols, bridges, wallets, validators, and exchanges all touch the blast radius of a single exploit, but none of them have the standing to coordinate the others. We do.
We are non-commercial, vendor-neutral, and chain-agnostic. We don't sell a product. We answer the phone, run the war room, publish the advisory, and feed the IOC list to everyone who needs it — for free.
Services
What we do, around the clock.
Advisories & Vulnerability Disclosure
CVE-style advisories for smart contracts and Web3 infrastructure.
learn more ›Threat Intelligence & IOC Feeds
Curated indicators of compromise for the Web3 attack surface.
learn more ›Phishing & Drainer Takedowns
Coordinated takedown of malicious sites and front-end takeovers.
learn more ›Stolen-Fund Tracing & Recovery Support
On-chain forensics to follow stolen assets across chains and mixers.
learn more ›Awareness & Training
Tabletop exercises and IR training for protocol and infra teams.
learn more ›Recent advisories
Coordinated disclosure, made public.
Reentrancy via fallback in cross-chain settlement adapter
An unchecked external call in a widely deployed settlement adapter allows attacker-controlled tokens to re-enter and double-spend settlement messages. Patched in v2.4.7.
Front-end takeover of a top-50 DEX via compromised CDN bucket
Attackers replaced bundle.js to inject a wallet drainer for ~3.5 hours. Affected users were re-routed to a malicious permit2 signer. IOCs published.
Phishing campaign abusing legitimate ENS subdomains
Coordinated phishing campaign using purchased ENS subdomains pointing to drainer kits. Domain list distributed to wallet vendors.
Active incident?
Don't wait. Triage starts the moment you reach out.
If funds are moving, a key is exposed, or a front-end is serving malicious code — open a report. Our on-call engineer is paged immediately.