CertiK spotlights web3 security priorities at Abu Dhabi Fintech Week 2025
CertiK placed web3 security firmly at the center of the fintech agenda during Abu Dhabi Fintech Week 2025, emphasizing that the next wave of digital finance will be defined not only by innovation, but by trust, transparency, and resilience. Speaking at the Global Blockchain Show on December 10, CertiK Chief Business Officer Jason Jiang addressed senior figures from global banks, regulators, and technology companies, outlining both the scale of current security challenges and a framework for tackling them.
Abu Dhabi Fintech Week, widely regarded as the most influential fintech gathering in the Middle East, served as a strategic backdrop for this message. The region is rapidly evolving into a global hub for digital assets and financial innovation, drawing stakeholders who are actively shaping rules, infrastructure, and best practices for the next generation of finance. In this context, Jiang’s keynote framed web3 security not as a niche concern, but as a foundational requirement for sustainable growth.
Drawing on findings from CertiK’s 2025 H1 Web3 Security Report, Jiang highlighted the financial reality behind the rhetoric. In just the first six months of 2025, web3 security incidents led to an estimated 2.47 billion dollars in losses. According to Jiang, the majority of these losses stemmed from wallet theft and phishing attacks—relatively simple yet highly effective exploits that continue to target both retail users and institutional players. This pattern, he noted, underscores that web3’s weakest links are often human behavior, poor key management, and gaps in user education, rather than only sophisticated technical vulnerabilities.
Jiang went on to introduce CertiK’s web3 security framework, structured around three core pillars: trust, transparency, and resilience. Trust, in this context, is not just a marketing term, but the outcome of verifiable security practices, rigorous audits, and predictable behavior from protocols and platforms. Transparency involves clear communication about risks, security posture, and incident handling—giving regulators, institutions, and everyday users enough information to make informed decisions. Resilience focuses on how systems respond when something goes wrong: the speed of detection, the ability to limit damage, and the capacity to recover with minimal disruption.
To illustrate these pillars, Jiang shared practical defense strategies adopted across different segments of the web3 ecosystem. For protocols and DeFi platforms, he pointed to the importance of combining pre-deployment code audits, continuous monitoring, and real-time alerting to identify anomalies such as suspicious transactions or abnormal contract interactions. For exchanges and custodians, he stressed layered defenses, including hardware-based key storage, access controls with strict separation of duties, and incident playbooks that can be executed within minutes, not hours.
User-facing risks—especially wallet theft and phishing—were a focal point of his remarks. Jiang argued that the sector must invest as heavily in user protection as it does in product features. This includes more intuitive wallet interfaces that nudge users away from risky actions, clearer transaction prompts that explain where funds are going, and built-in safeguards against known scam patterns. Educational campaigns, he noted, should move beyond basic warnings to provide concrete examples of malicious tactics, helping users recognize red flags before they sign a transaction or share sensitive information.
Jiang also explored the regulatory dimension, noting that virtual asset frameworks are maturing worldwide, with the Middle East emerging as an important testbed for harmonizing innovation and oversight. He positioned robust security practices as a bridge between builders and regulators: the more transparent and verifiable security standards become, the easier it is for policymakers to differentiate responsible actors from opportunistic ones. This, in turn, can accelerate licensing, enable institutional involvement, and foster cross-border cooperation on enforcement and information sharing.
Zooming out, Jiang placed the current state of web3 in historical perspective. “It took the traditional finance system around 450 years to mature,” he observed. “Blockchain technology has only been around since 2009. It will take the collective work of builders and participants to develop a more mature technology stack and ecosystem and to welcome true mass adoption. At CertiK, we believe the future is about building trust, transparency, and resilience. We are ready.” His remarks underscored the idea that, although web3 is still early, the decisions made now about security standards and accountability will shape the industry’s trajectory for decades.
Beyond the keynote, the themes Jiang raised resonate with several structural trends in global fintech. Tokenization of real-world assets, institutional staking, and on-chain identity are moving from experimentation to implementation. As more value migrates on-chain—ranging from tokenized securities and real estate to trade finance instruments—the potential impact of security failures grows exponentially. A single exploit no longer risks only speculative capital; it can disrupt real economic activity and undermine confidence in digital financial infrastructure as a whole.
This is especially relevant for institutions exploring exposure to digital assets. Many are constrained not only by regulatory uncertainty but also by internal risk frameworks that demand demonstrable, auditable security controls. Jiang’s emphasis on on-chain verifiability, clear incident reporting, and standardized security metrics speaks directly to these concerns. When security assurances can be independently validated—rather than simply stated—entry barriers for conservative institutions begin to fall.
The conversation also extends to the labor and operational side of web3. As teams become more distributed and pseudonymous, verifying the identity, experience, and track record of contributors becomes more complex. Poor verification can open the door to insider threats, compromised accounts, or fake applicants with malicious intent. Integrating on-chain credentials, signed code contribution histories, and tamper-resistant reputation systems can help organizations reduce these risks while preserving the openness that makes web3 attractive.
From a technological standpoint, Jiang’s framing of resilience suggests that focusing solely on “bigger” or “faster” blockchains is insufficient. Scaling solutions must be paired with robust security assumptions, verifiable state transitions, and mechanisms for graceful failure. Concepts like modular architectures, where execution, data availability, and settlement are separated but interoperable, require coordinated security policies across layers. Without this, efficiency gains can simply multiply the blast radius of any successful attack.
For builders operating in this environment, Jiang’s message translates into a clear set of priorities. Security cannot be bolted on at the end of development; it must be woven into product design, user experience, and governance from day one. Teams are encouraged to budget for ongoing audits and monitoring, implement bug bounty programs, establish clear incident response processes, and communicate openly with their communities about both strengths and limitations of their security posture. In the long run, projects that treat transparency as an asset rather than a liability are more likely to earn durable trust.
End users, too, have a role to play. While they may not control protocol-level security, they can adopt safer practices—such as using hardware wallets, segregating funds across accounts, scrutinizing transaction prompts, and treating unsolicited messages or urgent requests for action with extreme caution. As wallet interfaces and security tools mature, users will gain more support, but personal vigilance will remain a critical line of defense against phishing and social engineering.
In Abu Dhabi, Jiang’s remarks ultimately framed web3 security as a cooperative endeavor spanning developers, companies, regulators, and users. The region’s ambition to become a leading center for digital assets depends on more than favorable regulations; it requires a culture of accountability and a willingness to confront uncomfortable truths about current vulnerabilities. By anchoring its message in data—such as the 2.47 billion dollars in losses during the first half of 2025—and pairing it with a forward-looking framework, CertiK aimed to move the conversation from abstract concern to concrete action.
As Abu Dhabi Fintech Week 2025 concluded, one theme was clear: the next chapter of web3 will not be won by speed or speculation alone. The ecosystems that endure will be those that internalize security as a shared responsibility, align incentives around transparency, and build systems resilient enough to withstand both human error and deliberate attack. In setting out its vision in Abu Dhabi, CertiK positioned itself as a key stakeholder in that transition—arguing that only by prioritizing trust, transparency, and resilience can the industry unlock true, global-scale adoption.