Ethereum remains the preferred blockchain for crypto whitehat hackers, with 87% still favoring it. However, other blockchain networks like Polygon, Arbitrum, Optimism, and Solana are gaining traction, according to Immunefi, a bug bounty and security services company.
The report offers key insights into the 2024 trends within the crypto whitehat hacker ecosystem. It explores motivations and challenges to opportunities in the web3 space.
Ethereum dominates whitehat preferences as Polygon surges
Ethereum maintained its high popularity among whitehats, with 87% of crypto whitehat hackers drawn to the blockchain, down from 94% in 2023. Polygon pushed Solana out of second place, climbing to 59% interest. However, Solana increased its percentage share from 32% in 2023 to 42% in 2024 and remains the sixth most desired network among whitehats.
The comparatively newer Arbitrum and Optimism Ethereum Layer 2s climbed to third and fourth place, with 47% and 45% of the hackers interested in the chains, respectively. BNB Chain, Base, Avalanche, Cosmos, and Tezos were also popular among whitehats, although Near, Polkadot, and Fantom have fallen out of favor after 2023.
The majority of whitehats reported not using AI tools in their security practices. However, some say they incorporate tools like ChatGPT, Gemini, and CensysGPT for tasks such as smart contract auditing.
Bounty size drives whitehat participation amid a growing blockchain security community
Whitehat hackers only seek vulnerabilities or exploits when they are legally permitted to do so. Among the major issues pointed out by crypto whitehat hackers this year was improper input validation, which has risen from 9% to 47% of all vulnerabilities targeted by whitehat hackers.
Reentrancy attacks, which entail using code execution to deplete smart contracts, decreased from 43% in 2023 to 16%. Incorrect calculations and inadequate access control were also significant vulnerabilities, accounting for 35% and 32%, respectively. While 74% of whitehats believe the attack surfaces in crypto are expanding, this marks a slight decline from 2023.
Meanwhile, bounty size continues to be the primary factor influencing whitehat participation in programs, though this has decreased from 66% in 2023 to 61%. Other important factors include program scope, trust in the brand, and communication efficiency.
With over 45,000 researchers, Immunefi claims to operate the largest blockchain security community. Additionally, they say they have saved over $25 billion in user funds and have paid out more than $100 million in bounties. The highest reward to date was $10 million for a vulnerability discovered in Wormhole’s cross-chain protocol.
Mitchell Amador, founder and CEO of Immunefi, emphasized the growing interest in both financial and technical opportunities within the sector. He noted that as more researchers pursue hacking as a primary job, the industry must create an environment that supports the next generation of security experts.