Crypto Security and Auditing Firms are Thriving During the Bear Market

Crypto security companies are raking in a fortune despite the bear market that has bloodied firms across the rest of the industry.

Zeth Couceiro – founder of crypto recruitment company Plexus Resource Solutions – recently told Bloomberg that salaries for experienced blockchain auditors can run as high as $400,000 per year. 

Overwhelming Demand for Auditors

According to Couceiro, the typical blockchain auditor currently gets paid about 20% more than Solidity-focused developers. Solidity is one of the most commonly-used programming languages in the crypto sphere – most notably in Ethereum. 

“The reason for that is the need to come from a coding background but also understand the architecture to establish vulnerabilities,” Couceiro said. 

ConsenSys – a blockchain software technology company that builds Ethereum infrastructure – claims to have received 1,161 smart contract auditing requests from external parties since the start of 2022. By comparison, the company received just 247 requests throughout all of 2020. 

The wait times for these audits can be as long as nine months and can cost up to $320,000.

Meanwhile, rival firm Trail of Bits has raised its fees by 20% to 25% over the past 12 months to address overwhelming demand, according to Vice President Nick Selby.

The desire for audits is a response to the overwhelming number of hacks and exploits that take place throughout the blockchain ecosystem today. Over $2 billion have been lost to Web 3 hacks throughout the first half of 2022. 

Why Demand is So High

Many hacks take place within the sphere of decentralized finance (DeFi). Unlike traditional banking, DeFi relies on open-source and “trustless” code to deliver financial services in a fully transparent fashion. 

However, bugs and vulnerabilities in such code are a honey-pot for hackers, who can exploit their systems and steal users’ funds without leaving a trace. In fact, many systems have been exploited through “governance attacks” whereby a hacker purchases a substantial number of governance tokens that allow him to alter the protocol however he likes. 

But it’s not just DeFi: blockchain bridges are some of the biggest honeypots for hackers, against which two of the three largest crypto hacks ever were perpetrated this year. Bridges are centralized entities that store reserves for blockchain assets that have been tokenized and “bridged” to other chains. 

Sky Mavis, the developer of Axie Infinity, has already been forced to compensate players that lost money after its Axie Infinity-connected Ronin Bridge was hacked for $600 Million in March. The reputational and financial harm caused by these events has other organizations scrambling for auditors. 

“We have spent sooooo much money on audits,” said Paul Frambot, CEO of crypto startup Morpho Labs, in a text message to Bloomberg. “Security is, in my opinion, not taken sufficiently seriously in DeFi.”

One audit is often not enough, however. A report from Beosin found that over half of the major DeFi projects hacked in Q2 2022 had already been audited. 

As such, “bug bounties” are now growing in popularity, whereby projects offer hefty rewards to any “whitehat” hackers that can identify security vulnerabilities in their systems. Like full-time auditors, whitehat hackers are also making millions. 

Slope wallet recently offered a 10% bounty to the hacker that stole funds from over 8000 of their users earlier this month, as long as he returned the other 90%.