CertiK Hosts Security Workshop in Turkey on CASP Compliance

CertiK Hosts Security Workshop in Turkey – Focus on CASP Compliance and Web3 Risk Management

Key Takeaways

CertiK held an institutional security workshop in Turkey on June 5, 2026, in collaboration with TÜBİTAK BİLGEM Blockchain Lab.
The event brought together financial institutions, crypto asset service providers and regulators to discuss compliance and security requirements.
Sessions covered Turkey’s technically prescriptive CASP framework, including HSM standards, multi party key management and infrastructure hosting rules.
CertiK engineers addressed the 2026 Web3 threat landscape, digital asset custody, incident response, and stablecoin and RWA smart contract security.

Workshop Brings Together Institutions and Regulators in Turkey

CertiK, a Web3 security services provider headquartered in New York, hosted an institutional security workshop in Turkey on June 5, 2026. The event was organized in collaboration with TÜBİTAK BİLGEM Blockchain Lab and gathered representatives from financial institutions, crypto asset service providers and regulatory bodies.

The workshop opened with remarks from Jason Jiang, Chief Business Officer of CertiK, Ünal Altinay, Head of TÜBİTAK BİLGEM Blockchain Lab, and Oguz Kucukcelebi, Head of Safety and Business Development at Forcerta. The stated objective was to address the security and compliance requirements shaping Turkey’s digital asset market.

For operators and service providers active in crypto related sectors, including platforms that rely on digital asset custody and transaction infrastructure, the focus on regulatory and technical standards directly affects how systems must be designed and maintained.

Turkey’s CASP Framework Sets Technical Requirements

A central topic of the workshop was Turkey’s regulatory framework for crypto asset service providers, often referred to as CASPs. According to the sessions presented, the framework sets technically prescriptive requirements for licensed providers.

These include standards for hardware security modules, multi party key management protocols, and mandates related to infrastructure hosting. Such requirements define how private keys are generated, stored and protected, as well as how operational systems are structured.

Ünal Altinay outlined Turkey’s regulatory hierarchy, explaining how primary legislation and communiqués from the Capital Markets Board, known as SPK, interact with technical mandates issued by TÜBİTAK BİLGEM. He also addressed the role of MASAK in enforcing anti money laundering and counter financing of terrorism rules, including Travel Rule obligations.

Altinay described the prescriptive nature of the framework as a structural feature for institutions building compliant digital asset infrastructure. For market participants, this means that licensing and ongoing operations are tied to clearly defined technical and compliance benchmarks.

Web3 Threat Landscape in 2026 Nearly Matches 2025 Exploits

CertiK security engineers delivered several technical sessions during the event. Peiyu Wang presented data on the 2026 Web3 threat landscape, stating that recorded exploits by May 2026 had nearly matched the total recorded for the full year 2025.

This comparison highlights the pace at which vulnerabilities and attacks continue to emerge across decentralized systems. For entities that custody digital assets or operate smart contracts, such as exchanges, DeFi protocols or tokenized platforms, the evolving threat environment requires ongoing monitoring and risk management.

Uzeyir Destan focused on digital asset custody architecture and incident response. His session included case studies from the WOO X and Kelp DAO incidents, illustrating how security weaknesses can translate into operational and financial disruptions.

Incident response planning was presented as a core component of institutional readiness. This includes predefined procedures for detecting, containing and mitigating security breaches.

Stablecoin and RWA Security Under Technical Review

Another session, led by Turgay Arda Usman, addressed stablecoin and real world asset smart contract security. The presentation covered common vulnerability classes and outlined an auditor’s checklist for tokenized asset infrastructure.

Stablecoins and tokenized real world assets are often used in trading, settlement and liquidity management across digital platforms. Weaknesses in smart contract design or governance mechanisms can create systemic exposure for operators and users.

By focusing on structured audit criteria and vulnerability patterns, the workshop highlighted the technical depth required to meet institutional standards in token issuance and management.

CertiK’s Role in Regulatory and Institutional Engagement

CertiK was founded in 2017 by professors from Yale University and Columbia University and applies formal verification methods to security challenges in Web3 and AI ecosystems. The company provides services including blockchain infrastructure assessments, smart contract audits, penetration testing, custody architecture reviews and compliance support.

According to the information shared at the workshop, CertiK has partnered with more than 5,000 enterprise clients worldwide, including Binance, Ant Group and banks in Europe and Singapore. The company also engages with regulators and financial institutions in policy development and regulatory consultations.

The Turkey workshop forms part of this broader engagement strategy, focusing on emerging digital asset markets with defined regulatory frameworks.

Our Assessment

The workshop in Turkey demonstrates structured interaction between a Web3 security provider, a national blockchain laboratory and market participants under a technically detailed CASP framework. The sessions addressed concrete requirements such as hardware security modules, key management standards, AML obligations and incident response planning.

For institutions operating in Turkey’s digital asset market, compliance is tied to explicit technical and regulatory criteria. The comparison of 2026 exploit data with 2025 totals underlines the continued relevance of security controls and audit processes. The event reflects ongoing coordination between private security firms and public institutions in shaping operational standards for digital asset services.