Klaytn is a cutting-edge public blockchain platform developed by Ground X, a subsidiary of the South Korean Internet giant Kakao. By using a modified version of the Ethereum Virtual Machine (EVM) as its smart contract engine, Klaytn makes it easy for developers to migrate their existing Ethereum-based dApps to its ecosystem.
Our security research study analyzed 150 projects within the Klaytn ecosystem, including 96 dApps, 37 infrastructure projects, and 17 wallets. The findings provide valuable insights into the platform’s security landscape.
Most projects are unprotected
The research revealed that a staggering 61.3% of the projects in the Klaytn ecosystem are unprotected, meaning they lack proper security measures to safeguard against potential threats. This leaves a significant portion of these projects vulnerable to hacks, fraud, and other malicious activities.
Infrastructure Projects: The Most Vulnerable
Among the three categories analyzed, infrastructure projects were found to be the least protected. This is a cause for concern, as these projects form the backbone of the Klaytn ecosystem and serve as the foundation for other projects, including dApps and wallets. The lack of adequate security measures in infrastructure projects could lead to systemic vulnerabilities, compromising the entire Klaytn network.
Wallets: The Safest Choice
On a positive note, wallets were identified as the most protected category of projects within the Klaytn ecosystem. Given that wallets store and manage users’ digital assets, it is crucial that they have strong security protocols in place to prevent unauthorized access, theft, and other threats.
Bug Bounties: A Neglected Opportunity
Bug bounties have long been recognized as an effective way to improve the security of software projects by incentivizing external researchers to identify and report vulnerabilities. However, the Klaytn security research found that almost all projects in the ecosystem, especially dApps, do not run bug bounty programs. This lack of bug bounties could potentially result in undiscovered vulnerabilities and expose users to risks.
Conclusion
The Klaytn security research has highlighted several areas of concern in the Klaytn ecosystem. The high percentage of unprotected projects, the vulnerability of infrastructure projects, and the lack of bug bounty programs all point to a need for increased focus on security. Developers, stakeholders, and the Klaytn community must work together to address these security challenges and ensure that the platform remains safe and reliable for its users.
