2025 was a big year for us. We expanded Updraft, strengthened our security offerings, and watched our community grow in ways that exceeded our expectations. More importantly, we saw developers level up their skills, protocols ship more secure code, and researchers find vulnerabilities that mattered.
This wrap-up covers the milestones and launches that defined our year. Each one gets us closer to what we're here for: building a safer, more capable, and more connected web3.
And here’s the story behind these figures…
Launch of developer certifications
We kicked off the year by launching Cyfrin Updraft's Blockchain Developer Certifications. Working with leading protocols and university groups, we built something to validate developer skills; Solidity, DeFi, Foundry, and smart contract security.
Certifications give developers a way to prove their skills and help teams hire with confidence, bridging the gap between learning and being job-ready by providing a trusted, verifiable benchmark for blockchain development skills and shipping more secure code.
Safe Hash for multi-sig security
The $50M Radiant Capital hack exposed a critical vulnerability in multi-sig workflows: compromised interfaces “tricking” transaction signers into approving malicious transactions that looked legitimate.
Safe Hash addresses this by enabling users to compute and verify the exact transaction hash before a transaction is signed. You can independently confirm that transaction data matches what’s expected; checking the target address, calldata, and parameters against the hash being signed.
The tool is open-source and works with any Safe multi-sig wallet. By adding an independent verification step, you're not relying solely on the Safe UI or trusting that other signers did their homework. You’re actually confirming the transaction is doing what the UI says it’s doing.
Cyfrin ambassador program launch
We launched the Cyfrin Ambassador Program, inviting passionate blockchain enthusiasts, developers, educators, and security advocates to join our mission of advancing web3 security and education.
The program empowers ambassadors to organize local meet‑ups, create educational content, and bridge academia to industry through the Cyfrin Updraft initiative. Participants gain mentorship, premium resources, and official recognition, positioning them as leaders in the Cyfrin community and advocates for a secure‑blockchain community while directly contributing to the future of safe, scalable infrastructure.
CodeHawks introduces the Eagles program
CodeHawks introduced the “Eagles Elite Auditors” tier, a curated, hand-picked class of top‑performing security researchers who spearhead the platform’s highest‑stakes contests and are invited to participate in Cyfrin private audits.
This reinforces our commitment to scaling elite talent and elevating audit quality by matching the world’s most proficient auditors with leading web3 protocols. By formally recognizing and empowering these top‑tier contributors, we’re strengthening the competitive audit ecosystem, accelerating vulnerability discovery, and helping secure billions in protocol value more efficiently.
New Uniswap Updraft course
Cyfrin Updraft also expanded its curriculum with the launch of the Uniswap v3 Course, providing developers with a deep dive into DeFi protocol mechanics and hands-on guidance for building secure, high-performance smart contracts.
Launch of the Aderyn VS Code Extension
We rolled out the Aderyn VS Code Extension, a major upgrade to the Solidity static analyzer tooling designed to make smart‑contract security more efficient. The extension brings real‑time static analysis directly into the code editor, detecting over 100 vulnerabilities in real-time, as you write Solidity code.
Features include inline diagnostics with explanatory tooltips, a project‑wide vulnerability tree‑view, and fully local code analysis, so your private code never leaves your machine.
By integrating security into the dev workflow from the start, this release reinforces our commitment to “secure by default” in web3 development and helps engineers catch issues early, before they reach production.
Cyfrin joins the Circle Alliance Program
In May, Cyfrin officially joined the Circle Alliance Program, a global initiative to advance DeFi infrastructure and bring more of the financial world on‑chain.
By aligning with Circle, we’re reiterating our commitment to accessible, secure, and scalable blockchain systems and enabling stronger collaboration with protocols, developers, and institutions.
Launch of Wise Signer to empower secure transaction signing
In June , we unveiled Wise Signer, an interactive training platform designed to sharpen users’ ability to safely verify wallet transactions.
Wise Signer gives learners hands-on experience by verifying transaction data in a safe, isolated, testing environment. They build skills through realistic, browser‑based simulations of signing scenarios, including attacks like domain spoofing, malicious calldata, and unsafe multi‑signature wallet flows.
Whether you're on the leadership team of a protocol, a member of a DAO treasury, part of a multi‑sig workflow, or simply holding assets in self‑custody, this tool helps you learn how to verify transaction data and stay one step ahead of the next exploit.
New courses on Updraft
June saw a major expansion of the Cyfrin Updraft curriculum with three new courses designed to fast-track developers’ skills in cutting-edge blockchain technologies.
Fundamentals of Zero-Knowledge Proofs (ZKPs) delivers a concise, one-hour introduction to zero-knowledge proofs and privacy-first protocols, giving learners a strong foundation in this rapidly growing area.
Chainlink Fundamentals went live with an updated curriculum and an official proficiency exam, helping developers demonstrate practical knowledge of Chainlink’s core products, like decentralized oracle networks, data feeds, and CCIP.
Finally, the Full-Stack Web3 Development Crash Course offers hands-on experience building blockchain-powered applications with ZKsync, Circle, and Fleek, bridging theoretical knowledge with real-world development skills. Together, these courses are committed to equipping developers with both foundational and applied blockchain expertise.
Launch of Updraft Career Tracks
Updraft Career Tracks went live in July. Updraft now provides structured learning paths that guide developers from beginner to pro across blockchain foundations, Solidity, Vyper, DeFi, wallets, and smart contract security.
Each track is hands-on and expert-designed, giving learners practical skills while preparing them to launch a successful web3 career. This launch strengthens our mission to improve blockchain education and prove a learner’s job-ready capability.
New courses and certifications
Updraft continued to grow its curriculum with targeted courses and certifications designed to equip developers with practical, in-demand blockchain skills.
The Web3 Wallet Security track offers two courses combining foundational and advanced training to help developers read and understand transaction calldata and safeguard digital assets.
The Qualified Web3 Signer Certification provides a proctored exam where learners can prove their expertise in transaction verification, calldata review, and multi-sig wallet security.
Finally, the Noir Programming and ZK Circuits course teaches developers to write zero-knowledge circuits and build full-stack, privacy-preserving applications using Noir, Barretenberg, and Solidity.
These courses deliver theoretical knowledge and hands-on experience, preparing developers to tackle real-world blockchain challenges with confidence.
Meet the new Solodit
We also released an upgraded version of Solodit, the world’s most advanced platform for smart contract security research. The revamped interface features a streamlined UI, faster navigation, global search, and a fully updated checklist page.
With these improvements, researchers can more efficiently identify vulnerabilities, follow best practices, and contribute to a safer blockchain ecosystem.
Announcing the Solodit API
In November, we introduced the Solodit API, giving developers and researchers unprecedented access to over 49,000 smart contract security findings and reports.
Designed to power AI security agents and streamline security workflows, the API is currently in beta, with access granted to vetted researchers and organizations to make the most out of the Solodit data. It’s an important step forward in making smart contract security more transparent, actionable, and accessible to the web3 community.
AI First Flights: On-Demand Audit Practice
We closed out 2025 with the launch of AI First Flights on Cyfrin CodeHawks, giving security researchers flexible, on-demand practice for smart contract auditing. Unlike traditional First Flights that run on a schedule with manual judging, AI First Flights are always available and provide instant feedback through AI-powered evaluation. Researchers choose from 10 practice audits at varying difficulty levels, submit their vulnerability findings, and receive detailed AI feedback in minutes, all on their own timeline with zero reputation risk.
AI First Flights complement rather than replace traditional First Flights. Use AI First Flights for flexible practice with instant feedback while you build pattern recognition across different codebases. Use traditional First Flights when you want scheduled contests with manual judging and community participation. Together, they expand learning opportunities and help researchers develop the skills needed for competitive auditing.
In 2025, we completed 75+ private audits, helping secure protocols across multiple blockchain ecosystems and $50 billion in TVL. Our work continues to support leading protocols, including Metamask, Wormhole, Linea, Monad, Aztec, Ethena, Uniswap, Chainlink, and more–as well as 3 institutional clients.
Throughout these audits, we identified and helped remediate more than 1000 vulnerabilities, including 37 critical, 82 high, and 164 medium-severity issues.
We also found a range of average Crit/High vulnerabilities throughout the audits for 2025, indicating the state of vulnerabilities for each protocol category:
Each finding reinforced the security posture of the protocols we worked with, protecting user funds and improving trust in web3.
Our First Flight program, in tandem with the Updraft education platform, continues to provide targeted opportunities for young security researchers to learn and gain experience. This approach allows us to focus on high-impact audits while still engaging the community of auditors.
From completing 75 private audits and discovering over 1,000 vulnerabilities to launching innovative security tools like Wise Signer, Safe Hash, and the Aderyn VS Code Extension, each achievement has advanced our mission to protect billions in protocol value and strengthen web3 security in 2025.
We're grateful to our community of elite auditors, security researchers, and protocol partners for driving these accomplishments forward. Working alongside the best teams securing the space, from Metamask and Wormhole to Uniswap and Chainlink, continues to make our work both possible and meaningful.
The progress we've made this year sets the stage for an even more ambitious 2026. With new security tools, deeper protocol partnerships, and expanded audit capabilities on the horizon, we're excited to keep building a safer, more secure, and more trusted blockchain world. Thank you for being part of this journey; the best is yet to come.
We’re rethinking when security happens and how protocols test and deploy.
The traditional workflow is about to shift.
Stay tuned in 2026.
