CertiK and TÜBİTAK BİLGEM hold Web3 security workshop in Turkey

CertiK and TÜBİTAK BİLGEM held a one-day institutional Web3 security workshop in Turkey on June 5, 2026. The event brought together banks, crypto asset service providers (CASPs) and regulatory representatives to discuss technical and compliance requirements for operating in Turkey’s regulated digital asset market.

Attendees included financial institutions, licensed CASPs and officials from regulatory bodies. Speakers were Jason Jiang, CertiK’s chief business officer; Ünal Altinay, head of TÜBİTAK BİLGEM’s Blockchain Lab; and Oguz Kucukcelebi, head of safety and business development at Forcerta. CertiK security engineers Peiyu Wang, Uzeyir Destan and Turgay Arda Usman delivered technical sessions.

Presentations covered Turkey’s CASP regulatory framework, the 2026 Web3 threat landscape, custody and key management architectures, stablecoin and tokenized real-world asset smart contract security, and real-time incident response. Altinay explained how primary legislation and Capital Markets Board (SPK) communiqués interact with technical mandates from TÜBİTAK BİLGEM and compliance obligations enforced by MASAK, including AML/CFT measures and the Travel Rule.

The workshop outlined specific technical requirements for licensed CASPs. These include hardware security module (HSM) standards, multi-party key management protocols and infrastructure hosting mandates. Altinay described the technical criteria as intended to guide institutions in building infrastructure that meets regulatory expectations.

Peiyu Wang reviewed recent attack trends and noted that recorded exploits by May 2026 had nearly matched the full-year total for 2025. Uzeyir Destan presented custody architecture models and incident response practices, using the WOO X and Kelp DAO incidents as case studies to show failure modes and remediation steps. Turgay Arda Usman examined common vulnerability classes in stablecoin and tokenized asset contracts and presented an auditor’s checklist for tokenized asset systems.

Sessions included practical demonstrations of operational security measures, key management best practices and steps for real-time incident handling. Speakers discussed implementing multi-party computation and HSM solutions, designing custody environments to reduce single points of failure and coordinating with regulators during security incidents.

Jason Jiang described Turkey’s CASP framework as one of the most technically rigorous globally and said TÜBİTAK BİLGEM’s security criteria reflect a clear understanding of institutional digital asset infrastructure requirements. He added that the workshop aimed to help institutions understand the regulatory standards and the threat environment they will face.

CertiK, founded in 2017 by academics from Yale and Columbia and headquartered in New York, provides blockchain infrastructure assessments, smart contract audits, formal verification, penetration testing and custody architecture reviews. The workshop formed part of CertiK’s engagement with regulators, financial institutions and CASPs in emerging digital asset markets.