Whitehat hackers focus on Ethereum, Solana and Avalanche: Immunefi

Quick Take

  • Crypto whitehat hackers identified Ethereum as their preferred blockchain, followed by Solana, Avalanche, Cosmos and Tezos.
  • Money wasn’t the only motivation, with interest in solving technical challenges and career opportunities also ranking highly among respondents.

Crypto whitehat hackers are mostly interested in the Ethereum blockchain.

That’s according to a breakdown of the ethical hacker ecosystem compiled by web3-focused bug bounty platform Immunefi in its 2023 report, aimed at mapping the interests, challenges and opportunities of whitehats in web3. But money isn’t everything, with the majority motivated by solving the technical challenges of decentralized applications.

Blockchain preferences

Ethereum was the overwhelming preference among whitehats, with 92% of respondents attracted to the blockchain. Solana came in second place at 31%, with Avalanche (20.4%), Cosmos (13.3%) and Tezos (8%) making up the top five. Polygon, Arbitrum, Optimism, Near, Polkadot, BNB Chain, Fantom and zkSync were also on their radar.

However, interest in Ethereum fell from 96.4% in Immunefi’s previous survey. Solana witnessed the most significant decrease, down 51.6%, while Tezos saw the biggest spike, rising 122.2%.

Attack vectors

Reentrancy attacks (enabling malicious parties to repeatedly drain funds from smart contracts by exploiting the code execution order) were cited as the most common vulnerability whitehats discovered when reviewing code (43.2%), followed by access control (18.2%), input validation (9.1%), oracle manipulation (6.8%) and logical errors (6.8%).

Most whitehats (76.1%) saw the attack surfaces in crypto growing. However, the majority (88.5%) also agreed that projects’ security measures were improving.

Bug bounty rewards

Bounty size was cited as the main factor (66.4%) for whitehats when selecting bounty programs, though trust, scope and efficient communication were also highly valued. 

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

After paying out over $52 million in rewards to ethical hackers for finding vulnerabilities in web3 protocols last year, Immunefi has come to dominate crypto bug bounty rewards. In contrast, the second-most popular platform, HackenProof, has paid a total of $4.8 million to whitehats.

Immunefi claims to have paid out more than $65 million in total bounties since 2020, helping to secure $25 billion in user funds across protocols like Chainlink, MakerDAO, The Graph, Polygon and Synthetix. The highest bounty facilitated by Immunefi was a $10 million award for a vulnerability discovered in Wormhole, a generic cross-chain messaging protocol. 

Last month, Immunefi reported that crypto ransomware payments generated more than $69.3 million from the top 10 attacks since 2020. In January, an Immunefi security researcher was awarded a $1 million bounty after saving a potential theft of $200 million from three Polkadot parachains.

Demographics and lifestyle

Most whitehats (54%) fall into the increasingly dominant 20-29-year old bracket, up from 45.7% in the previous period, with 21.2% of respondents between 30 and 39 and 12.4% between 40 and 49. Despite an increasing number of women joining the ethical hacker community, up 45.8% to 3.5%, male whitehats still make up the largest share (95.5%).

The majority of respondents have worked in crypto for around four years, and most (55.8%) considered hacking their primary job, though that’s down from 60.2% in the previous period. Outside of interest in solving technical challenges (77%) and gaining financial rewards (69%), career opportunities (62%) and community (38%) were also strong motivators.

Challenges and opportunities

When asked about the biggest challenges whitehats had experienced in web3 security, most respondents highlighted the steep learning curve required regardless of previous background or experience and a need for more available resources. The rapidly evolving nature of the technology was another pain point, along with the complexity of Solidity coding, protocols and possible attack vectors.

In terms of opportunities, respondents were excited about the challenge of learning and working on new technology, considering web3 a well-paid industry with long-term career potential in high-impact roles.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

James Hunt is a reporter at The Block, based in the UK. As the writer behind The Daily newsletter, James also keeps you up to speed on the latest crypto news every weekday. Prior to joining The Block in 2022, James spent four years as a freelance writer in the industry, contributing to both publications and crypto project content. James’ coverage spans everything from Bitcoin and Ethereum to Layer 2 scaling solutions, avant-garde DeFi protocols, evolving DAO governance structures, trending NFTs and memecoins, regulatory landscapes, crypto company deals and the latest market updates. You can get in touch with James on Telegram or X via @humanjets or email him at [email protected].

Editor

To contact the editor of this story:
Tim Copeland at
[email protected]