Only 18 projects out of 1,500 major cryptocurrencies are fully secured, according to damning new research given to CoinMarketCap.
Hacken Scout enlisted the help of 111 cybersecurity enthusiasts to perform a comprehensive audit of the DeFi sector in return for a financial reward.
And according to CER.live, which verified their findings, just 1.2% of coins on the list ended up passing an investigation with flying colors.
To be deemed fully secured, projects were required to have a bug bounty program and insurance — and ensure the code deployed for their platform and token matched the code that had undergone a security audit.
Meanwhile, 6.5% were described as well secured — but lack an insurance policy that would protect investors in the event something went wrong.
Overall, 32% of the projects that were scrutinized are currently using code that doesn’t match what was reviewed by a security firm, meaning they may be misleading investors if they claim to be audited.
CER.live said the findings show there are “serious security issues” in the Web 3.0 Space, adding:
“Projects still undervalue cybersecurity although it is one of the main factors impacting users’ investment decisions.”
What This Means for Crypto Users
Hacken and CER.live say it would usually take months to gather data about 1,500 cryptocurrencies, but this approach sped things up dramatically while offering a financial incentive to volunteers.
Both organizations claim that many projects no longer use a code that was verified by auditors — and worse still, some platforms have failed to publish the audited code for their projects on GitHub.
Investors are being urged to double-check whether the crypto projects they’re interested in are backed by insurance policies that protect the platform against the fallout from thefts or hacking incidents — as this ultimately protects the financial interests of end users.
Other top tips include verifying whether a platform’s security audits cover all of the smart contracts in operation. While a crypto project may offer token swaps, farming and staking, it’s possible that only one smart contract was scrutinized, leaving a high risk of vulnerabilities in the others.
Finally — if security vulnerabilities are identified through an audit — users should try to determine if a platform has fixed them, with CER.live accusing some projects of neglecting to take action because of a lack of time or resources.