Crypto whitehat hackers continue to favor Ethereum as their primary blockchain, despite a decline in overall interest compared to 2023. A recent report by Immunefi, a leading bug bounty and security services platform, highlights the preferences of ethical hackers in the web3 ecosystem.
Ethereum remains dominant, with 87% of ethical hackers expressing a preference for it, down from 94% last year. Polygon has emerged as a strong contender, with interest rising to 59%, while Solana increased from 32% to 42%, maintaining its position as the fifth most preferred blockchain.
Arbitrum and Optimism, newer Ethereum Layer 2 solutions, have also gained popularity, standing at third and fourth with 47% and 45% interest respectively. Other notable mentions include BNB Chain, Base, Avalanche, Cosmos, and Tezos, while Near, Polkadot, and Fantom have lost traction since last year.
While most whitehats (58%) do not use AI tools in their security practices, 42% have integrated services like ChatGPT and Codeium for smart contract auditing. However, only 4% feel highly confident in AI's ability to detect vulnerabilities.
This year, improper input validation has emerged as the most prevalent vulnerability, rising from 9% to 47%. This has displaced reentrancy attacks, which have dropped to 16% from 43% in 2023. Other common vulnerabilities include incorrect calculations and weak access control, at 35% and 32% respectively.
According to the report, bounty size is the primary consideration for 61% of whitehats when choosing bounty programs. Despite challenges such as a steep learning curve and limited educational resources, Immunefi reports having paid over $100 million to ethical hackers in the past three years.
Most ethical hackers (46%) are aged 20-29, with 30% between 30-39. Despite an increase in female participation, 88% of whitehats are still male. The majority work in crypto for over three years, with 63% considering hacking their primary job.
Immunefi's CEO, Mitchell Amador, notes the growing interest in financial and career opportunities among security researchers, emphasizing the need for a supportive environment for the next generation of whitehats.