92% of Hackers are Focused on Ethereum, But Interest in Tezos Spiked By 122% YoY
Immunefi, the leading bug bounty and security services platform for web3 which protects over $60 billion in user funds, published its Hacker Ecosystem Survey 2023.
Home to the largest community of security talent in the crypto space, Immunefi surveyed whitehats to find out their interests, challenges, and the opportunities they see web3 as bringing. The survey provides important insights about where the industry is now, and where it might be headed.
- When it comes to preferred blockchains, whitehats are primarily interested in Ethereum (92%) with Solana (31%) in second place. Next comes Avalanche (20.4%), Cosmos (13.3%), and Tezos (8%). There has been a significant increase in interest in Tezos when compared to the previous period at 3.6%, representing a 122.2% YoY growth.
- When it comes to the growth of attack surfaces in comparison to increased security measures in the industry, whitehats seem to see a balance. While most of the whitehats (76.1%) see attack surfaces growing, the majority (88.5%) also see increased security measures by projects across the industry.
- Most whitehats mention reentrancy (43.2%) as the most common vulnerability they come across when reviewing code, followed by access control (18.2%). Other vulnerabilities mentioned include input validation (9.1%), oracle manipulation (6.8%), and logical errors (6.8%), followed by rounding errors (4.5%), gas optimization (4.5%), unchecked returned values (2.3%), uninitialized proxy (2.3%), and flash loans (2.3%).
- Money does not act as a crucial factor in driving whitehat hackers’ interest — most of the respondents (77%) are interested mainly in solving technical challenges, followed by money (69%), then career opportunities (62%), and community (38%).
- Most whitehats (55.8%) consider hacking their primary job, while 44.2% do it in their free time, spending most of their day as software developers within the web3 or security industries. There’s been a significant increase in whitehats hacking in their free time as compared to 39.8% in the previous period, representing a 11% YoY increase. Overall, more whitehats are joining the field and using their free time to work on transitioning to web3 cybersecurity full-time.
- On average, most whitehats have been working in cybersecurity for almost 4 years, and have been interested in web3 security for almost 2 years.
“We need to always stay ahead of bad actors, and one crucial way to do so is to keep ensuring we have the most talented security ecosystem in place, operating under a reliable incentivize system”, said Mitchell Amador, CEO of Immunefi. “Working closely with whitehats, sharing insights, and growing from their experience is of tremendous value and will continue to be beneficial, as they’re on the frontline of protecting the industry.”
Whitehats show particular excitement about being a part of a new, challenging, and evolving industry that promotes the concepts of decentralization and transparency. Web3 is a high-paying industry that offers greater career opportunities as the field grows. Whitehats feel their role in security is of high-impact for the industry and is generally well-rewarded, since the technology leads to monetary funds being directly at risk. Although web3 brings a host of possibilities, most whitehats highlight the steep learning curve, regardless of previous background in cybersecurity or web2 development, as a key challenge. The complexity of Solidity coding and protocols, the possible attack vectors in web3, and the fact that requirements are continuously evolving, make keeping up with the industry a difficult but important task in order for whitehats to succeed.
Immunefi is the largest and most widely adopted bug bounty platform in web3 which is trusted by established, multi-billion dollar projects like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix, and more. Immunefi has paid out the most significant bug bounties in the software industry, amounting to over $70 million, and has saved over $25 billion in user funds.
The full survey report is available on Immunefi’s website. In addition, Immunefi published the Crypto Losses Report in 2022, a report series where the team regularly assesses the volume of crypto funds lost by the crypto community due to hacks and scams by year and by quarter, and the Top Crypto Bounty and Ransom Payouts Report, detailing the most important industry bug bounty payments to date, as well as ransom payments.
Immunefi is the leading bug bounty and security services platform for web3, which features the world’s largest bounties. Immunefi guards over $60 billion in user funds across projects like Synthetix, Chainlink, SushiSwap, Polygon, Bancor, MakerDAO, TheGraph, Wormhole, Optimism, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $70 million, and has pioneered the scaling web3 bug bounties standard. For more information, please visit https://immunefi.com