CertiK and YZi Labs Launch $1M Grant as DeFi Hacks Continue to Rise

[Ben Graham]

CertiK and YZi Labs announced a $1M security grant aimed at helping early-stage DeFi startups catch bugs before hackers do. The timing matters because DeFi users lost over $2.47Bn to hacks and scams in the first half of 2025 alone, according to CertiK data. This move comes at a time when trust, not token prices, determines whether everyday users stick with DeFi or seek out safer places to park their assets.

While and Ethereum remain above $90,000 and $3,000, respectively, capital continues to flow out of high-risk protocols following each high-profile exploit. These continuous exploits across DeFi explain why infrastructure news like this matters more than another short-term pump. Safety now drives adoption.

The story is bigger than just one grant. DeFi continues to grow rapidly, but attackers seem to be one step ahead, adapting faster than most teams can deploy fixes to buggy code and poor SecOps.

CertiK and @yzilabs have established a $1M audit grant program for all participants in the EASY Residency incubation initiative.

This partnership supports the next generation of Web3, AI, and biotech startups by embedding security from day one. pic.twitter.com/ZdRsBoeLt8

— CertiK (@CertiK) January 6, 2026

What Does This $1M Grant Program Mean for the Industry?

CertiK is a leading blockchain security and auditing firm. It audits smart contracts, which are self-executing code that moves funds without human oversight. They have long been the gold standard for crypto audits and have become a trusted partner to the largest Web3 companies.

YZi Labs, formerly Binance Labs, backs early crypto founders and helps projects reach market. Led by Binance founder Changpeng ‘CZ’ Zhao and Helen Yi, YZi Labs is a family investment office focused on AI crypto, Biotech, and Web3 projects.

Together, CertiK and YZi Labs plan to provide selected startups with audit credits, security tools, and hands-on guidance through this new initiative. The goal is simple: find flaws and exploits in weak code before it goes live and bad actors get there first.

If the two companies are successful in reducing the liquidity drained from the crypto community by DeFi hacks, it can only be positive. Trust will improve, potentially onboarding new users, which will lead to an increase in funds coming and hopefully staying on-chain.

Personally think the missing piece for more Defi retail adoption (besides better UX) is insurance.

Until retail isn't insured against hacks etc. we won't see significant adoption.

Even Aave wallet insurance (Relm) not enough, nobody knows Relm.

— f1go.eth (@FigoETH) January 8, 2026

DISCOVER: 13 New and Upcoming Coinbase Listings to Watch in 2026

Why Does DeFi Security Still Matter for Regular Users?

According to CertiK’s Hack3d report, hackers stole $2.3Bn in 2024. By the middle of 2025, this figure had already surpassed $2.47Bn in losses from DeFi exploits. Phishing and poor coding were identified as the primary causes of hacks in 2025.

For beginners, these staggering numbers explain why DeFi can feel risky and put new users off from entering the space. Inexperienced users can connect a wallet, approve a transaction, and see their funds vanish.

Clicking a malicious link, downloading scam software, storing private keys in email, and other actions are all ways these hacks can occur. The bottom line is that there is generally no customer support or chargeback option, making security grants such as those set up by YZi Labs and CertiK even more important for the space.

Security grants won’t stop scams overnight. But they push teams toward greater security awareness through thorough audits and testing, rather than prioritizing speed. That shift will only serve to protect end users in the long run.

DeFi platforms live and die on their TVL (Total Value Locked) metrics, which reflect the degree of trust users place in each protocol. A TVL number shows how much money users park in DeFi apps. When an exploit occurs, TVL declines quickly as users rush to withdraw before their funds vanish.

(SOURCE: DefiLlama)

Does This Actually Reduce Risk, or is it Just Good PR for YZi Labs and CertiK?

To put it bluntly, audits help, but they don’t guarantee safety for Web3 platforms or their end users. In May 2025 alone, code exploits drained $229.6M.

CertiK’s CEO, Ronghui Gu, warned that as code improves, attackers target people instead. Fake links/phishing, malicious approvals, and social engineering are the primary drivers of these significant losses over the past few years.

Many in the community believe the $1M grant from CertiK and YZi Labs is a PR stunt and will do nothing to address the reported $ 3.4Bn in crypto hacks in 2025.

Basic SecOps should be followed by anyone navigating the on-chain world, and, more importantly, DeFi protocols. Stick to platforms with public audits, use hardware wallets, and always read through transactions before approving.

If you decide to use hot wallets (self-custodial wallets with no enhanced security), never store a large amount of funds in them. And treat DeFi yields like a power tool. Useful but dangerous if basic security measures aren’t followed.

Initiatives like this grant and users following basic SecOps won’t make DeFi safe overnight, but they will help to stem the flow of hacks to both new and experienced DeFi firms and their customers.

EXPLORE: Best New Cryptocurrencies to Invest in 2026 

Follow 99Bitcoins on X for the Latest Market Updates and Subscribe on YouTube for Daily Expert Market Analysis 

The post CertiK and YZi Labs Launch $1M Grant as DeFi Hacks Continue to Rise appeared first on 99Bitcoins.