Ethereum Retains Top Spot Among Whitehat Hackers

Despite a decline in interest compared to 2023, Ethereum remains the preferred choice for crypto whitehat hackers, while Polygon, Arbitrum, Optimism, and Solana are gaining traction.

According to Immunefi’s 2024 report, which analyzes the ethical hacker ecosystem, whitehats are motivated not only by financial incentives but also by the technical challenges that decentralized applications present and the career opportunities they offer.

Blockchain and Technology Preferences

Ethereum is still favored, with 87% of respondents choosing it, down from 94% in 2023. Polygon has overtaken Solana to rank second at 59% interest, while Solana grew from 32% to 42% in 2024, maintaining its fifth position among whitehats’ preferences.

Arbitrum and Optimism, two newer Ethereum Layer 2s, have climbed to third and fourth place, showing interest levels of 47% and 45%. Other blockchains like BNB Chain, Base, Avalanche, Cosmos, and Tezos are also noteworthy, although Near, Polkadot, and Fantom have declined in popularity since 2023.


A majority of whitehats (58%) do not currently use AI tools in their security practices, although 42% utilize services like ChatGPT for smart contract auditing. Only 4% have high confidence in AI’s ability to identify vulnerabilities.

Most Common Attack Vectors

This year, improper input validation emerged as the leading exploit vulnerability among whitehat hackers, rising from 9% to 47%. Reentrancy attacks, previously dominant, fell to 16% from 43%. The next most common vulnerabilities were incorrect calculations (35%) and weak access control (32%).

Most whitehats (74%) believe that attack surfaces in crypto are expanding, although this is a slight decrease from 2023. A significant majority (88%) agree that security measures in projects are improving.

The primary threats in the web3 space include vulnerability exploitation (63%), phishing and social engineering (57%), insider threats (47%), third-party software exploitation (25%), and nation-state actors (23%).

Bug Bounty Reward Incentives and Challenges

Bounty size remains the leading criterion (61%) for whitehats when selecting programs, though this figure dipped from 66% in 2023. They also prioritized scope, brand trust, and effective communication.

Immunefi claims to host the largest blockchain security community with over 45,000 researchers, having saved over $25 billion in user funds across various protocols. They’ve disbursed more than $100 million in bounties in the past three years, with $183 million now available on their platform. The highest bounty awarded was $10 million for a vulnerability in Wormhole’s cross-chain protocol.

Nonetheless, over $1.3 billion has been lost to hacks and fraud so far this year, a 4% decrease compared to the same period last year, based on Immunefi data.

Respondents faced several challenges, including a steep learning curve, difficulties in crafting vulnerability reports, limited educational resources, challenging interactions with projects, and complex code reviews.

Demographics and Lifestyle

Most whitehats (46%) are aged 20 to 29, a decrease from 54% previously. 30% are between 30 and 39, and 11% are aged 40 to 49.

Although more women are joining the ethical hacking community, males still dominate, comprising 88%, down from 96%. Geographically, 40% of respondents are in Asia, 34% in Europe, and 13% in North America.

The majority have worked in crypto for over three years, with 63% considering hacking their primary job, an increase from 56%. Key motivators include financial incentives (77%), interest in solving technical challenges (71%), career opportunities (51%), and community engagement (28%).

Mitchell Amador, Immunefi’s founder and CEO, stated, “Security researchers are increasingly attracted to financial and career opportunities while seeking technical challenges. Providing an enabling environment is crucial for nurturing the next generation of security researchers to safeguard the crypto ecosystem.”