LEGALAUDIT

Scam Watch

How can you recognize Forged CertiK / OpenZeppelin / Hacken audit badges?

TLDR

Project displays 'Audited by CertiK/OpenZeppelin/Hacken/PeckShield' badge but no verifiable report. Examples: Lymex $300k falsely listed CertiK; Swaprum $3M rug 'CertiK audited'. Indicators: (1) audit badge links to project site (not...

How it works

Project displays 'Audited by CertiK/OpenZeppelin/Hacken/PeckShield' badge but no verifiable report. Examples: Lymex $300k falsely listed CertiK; Swaprum $3M rug 'CertiK audited'. Indicators: (1) audit badge links to project site (not...

Red flags

  • Urgent pressure to click, pay, or share codes immediately.
  • A link or sender that does not match the official organization.
  • Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What to do

  1. 1Project displays 'Audited by CertiK/OpenZeppelin/Hacken/PeckShield' badge but no verifiable report.
  2. 2Indicators: (1) audit badge links to project site (not certik.com/skynet/projects/...); (2) PDF audit is generic with logo photoshopped; (3) auditor's Twitter doesn't mention project; (4) skynet.certik.com search returns zero; (5) report shows 'critical' findings 'fixed' without commit hash.
  3. 3WHAT TO DO: verify directly on auditor's site (skynet.certik.com, OpenZeppelin Blog, Hacken Coinscope).

Source

CertiK-Security

Source reviewed by Mythos Forensic Team

https://www.certik.com/resources/blog/misuse-of-the-certik-brand-fake-audits-and-social-media-frauds

FAQ

Is Forged CertiK / OpenZeppelin / Hacken audit badges a real scam pattern?

Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.

What are the first warning signs?

Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What should I do first?

Project displays 'Audited by CertiK/OpenZeppelin/Hacken/PeckShield' badge but no verifiable report.; Indicators: (1) audit badge links to project site (not certik.com/skynet/projects/...); (2) PDF audit is generic with logo photoshopped; (3) auditor's Twitter doesn't mention project; (4) skynet.certik.com search returns zero; (5) report shows 'critical' findings 'fixed' without commit hash.; WHAT TO DO: verify directly on auditor's site (skynet.certik.com, OpenZeppelin Blog, Hacken Coinscope).

Can LegalAudit check my case?

Yes. Start a free chat and paste the message, link, sender, or payment details for triage.