The rise of crypto hacks over 2022 has skyrocketed demand for blockchain security experts, with some auditors making upwards of $430,000 per year.
Speaking with Cointelegraph, blockchain recruitment firm CryptoRecruit founder Neil Dundon said that while security audit services have long been in demand, the rise of decentralized-finance (DeFi) protocols has opened up opportunities for auditors to review potentially vulnerable smart contracts:
“There’s always been a demand for security auditors [...] But since DeFi apps have been out there, there has been quite a big increase in demand for security audits across the space because one small vulnerability in the protocol can potentially lead to the loss of hundreds of millions of dollars.”A report from Chainalysis earlier this month revealed that hackers extracted more than $2 billion from cross-chain bridge protocols alone this year.
In a Bloomberg report on Aug. 22, CEO of decentralized lending service Morpho Labs Paul Frambot said that crypto security audits have moved from a “nice to have” business expense to a “must have” one.
“Security is, in my opinion, not taken sufficiently seriously in DeFi,” he said.
The rise in demand for crypto security auditors has seen a plethora of “for hire” ads across the industry.
According to job advertisements posted on Cryptocurrency Jobs, blockchain audit companies mostly look for experienced programmers with an understanding of blockchain technology, cybersecurity, and cryptography.
While most security audit salaries fall within the $100,000 - $250,000 range, some companies are willing to pay upwards of $430,000 per year, according to Web3.career’s job board.
Crypto recruitment firm Plexus Resource Solutions Zeth Couceiro made a similar comment to Bloomberg, noting that in some cases, blockchain security auditors have been raking up to $400,000 annually.
Couceiro added that these auditors tend to make about 20% more than Solidity-focused developers, which is the most popular programming language used to deploy smart contracts on Ethereum and other Ethereum Virtual Machine (EVM) compatible blockchains.
Related: What is a smart contract security audit? A beginner's guide
Among the top vulnerabilities that security auditors look for in smart contracts include timestamp dependency, reentrancy attacks, random number vulnerability, and spelling mistakes.
The Bloomberg report noted that venture capital firms have already poured $257 million into crypto security audit companies this year, which is up 38.9% from all of 2021, according to CB insights.