It's also emerged that 20% of projects have failed to fix critical security bugs after they have been identified through an audit — potentially putting their users in danger.
Only 18 projects out of 1,500 major cryptocurrencies are fully secured, according to damning new research given to CoinMarketCap.
Hacken Scout enlisted the help of 111 cybersecurity enthusiasts to perform a comprehensive audit of the Defi sector in return for a financial reward.
And according to CER.live, which verified their findings, just 1.2% of coins on the list ended up passing an investigation with flying colours.
To be deemed fully secured, projects were required to have a bug bounty program and insurance — and ensure the code deployed for their platform and token matched the code that had undergone a security audit.
Meanwhile, 6.5% were described as well secured — but lacked an insurance policy that would protect investors in the event something went wrong.
Overall, 32% of the projects that were scrutinized are currently using code that doesn’t match what was reviewed by a security firm, meaning they may be misleading investors if they claim to be audited.
Another concerning statistic reveals that just 21% of platforms have an active public bug bounty program in place — schemes that incentivize white-hat hackers to discover exploits that could be used by malicious actors for financial gain.
It’s also emerged that 20% of projects have failed to fix critical security bugs after they have been identified through an audit — potentially putting their users in danger.
CER.live said the findings show there are “serious security issues” in the Web 3.0 Space, adding:
“Projects still undervalue cybersecurity although it is one of the main factors impacting users’ investment decisions.”
Each of the 1,500 cryptocurrencies that were scrutinized will now receive a rating — and it’s hoped projects that score poorly will be encouraged to pay closer attention to security. As well as receiving a reputational boost, other benefits include securing investment from new users and reducing the risk of an outflow of assets.
What This Means for Crypto Users
The cybersecurity scouts who volunteered to investigate each cryptocurrency collectively earned 352,000 Hacken tokens — worth $24,000 at current market rates.
Hacken and CER.live say it would usually take months to gather data about 1,500 cryptocurrencies, but this approach sped things up dramatically while offering a financial incentive to volunteers.
Both organizations claim that many projects no longer use code that was verified by auditors — and worse still, some platforms have failed to publish the audited code for their projects on GitHub.
Investors are being urged to double-check whether the crypto projects they’re interested in are backed by insurance policies that protect the platform against the fallout from thefts or hacking incidents — as this ultimately protects the financial interests of end-users.
Other top tips include verifying whether a platform’s security audits cover all of the smart contracts in operation. While a crypto project may offer token swaps, farming and staking, it’s possible that only one smart contract was scrutinized, leaving a high risk of vulnerabilities in the others.
Finally — if security vulnerabilities are identified through an audit — users should try to determine if a platform has fixed them, with CER.live accusing some projects of neglecting to take action because of a lack of time or resources.
This article contains links to third-party websites or other content for informational purposes only ("third-party sites"). Third-party sites are not controlled by Cryptogpt, and Cryptogpt is not responsible for the content of any third-party site, including any links to any third-party site, or any changes or updates to any third party. Party site. Cryptogpt is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation of Cryptogpt or any association with its operators of the site. This article is for use and should be used for informational purposes only. It is important to do your own research and analysis before making any material decisions regarding the products or services described. This article is not intended to be financial advice and will not be considered. The views and opinions expressed in this article are those of the author [of the company] and do not necessarily reflect those of Cryptogpt.