The year 2024 was one of significant growth and collaboration across the Web3 landscape. From new grant funding initiatives to greater emphasis on security audits and privacy protections, the entire space saw a surge in technological innovation, research, and community-driven projects. At Least Authority, we leveraged our decade of experience in security consulting for distributed technologies to help projects successfully navigate these developments. Below is an overview of our contributions in 2024 and how they further advanced the Web3 movement and privacy-preserving technologies.
Expanding Security Audits and Privacy Reviews
Throughout 2024, we continued to deliver a broad spectrum of security audits—covering everything from blockchain protocols to decentralized applications (dApps), DeFi platforms, and implementations of zero-knowledge proofs. We passed a milestone of completing over 250 total audits to date, with more than 130 of these made publicly available. Our published audit reports emphasize transparency and industry-wide knowledge sharing, ultimately helping projects set higher security standards and avoid common pitfalls.
We also broadened our service offerings to incorporate Privacy Reviews and more comprehensive ecosystem support, addressing the rising interest in zero-knowledge proofs and privacy-preserving technologies.
By expanding our offerings, we continue to foster security and privacy innovation. This growth lays the foundation for a more secure and privacy-focused future across diverse ecosystems, especially as new regulations come into force.
Driving Zero-Knowledge and Privacy Tech Forward
From releasing an update to the MoonMath Manual, to hosting live streams at ZconV and sponsoring ZK Hack Meetups, to engaging with the broader zero-knowledge (ZK) community, we remained strong advocates for privacy-preserving technologies in 2024:
- Publications and Education: We released an updated version of our MoonMath Manual to help developers understand and implement ZK proofs.
- Contributions to Products: Our secure storage application, PrivateStorage, leverages zero-knowledge access passes (ZKAPs) to enhance data privacy.
- Community Events: By contributing to conferences like DWeb Camp and hosting gatherings such as Berlin Crypto, we helped bring cutting-edge discussions on cryptography and privacy to both local and global audiences.
Pioneering On-Chain Audit Reports
One of the highlights of our 2024 efforts was our experimentation with blockchain-based publishing of security audit reports. We have investigated the creation of Bitcoin digital artifacts, Ordinal inscriptions and equivalent approaches on other blockchains to store audit data. By storing audit data on-chain, we can take an important step toward broader accessibility for technical and non-technical audiences. This new approach offers several advantages:
- Permanent Record: Once inscribed or written on the blockchain, audit reports become an immutable reference for researchers, investors, and external developers.
- Machine-Readable Data: By providing structured data on-chain, we open the door for automated analysis tools, dashboards, and other services that can help projects track and respond to security-related concerns.
- Community Engagement: Publishing on-chain fosters transparency and reduces information asymmetry among various stakeholders, from end users to community auditors.
Industry Alliances and Recognitions
Beyond our day-to-day consulting, 2024 was marked by fruitful collaborations and new partnerships:
- New Collaboration with Bugcrowd: We now offer Bugcrowd’s crowdsourced vulnerability testing as an option alongside our professional code-auditing services, providing clients a multi-layered, continuous security approach.
- Resource Directories and Best-Of Listings: Recognitions in Polygon’s Trusted Resources Directory, the Gnosis Ecosystem Directory, and “Top 10” blockchain security providers underscored our ongoing commitment to rigorous auditing and innovative solutions.
- Zcash Ecosystem Security Lead: We stepped into the role of Zcash Ecosystem Security Lead, conducting audits of community projects, coordinating vulnerability responses, and engaging with projects to address emerging security concerns.
Strengthening the Web3 Grants Landscape
In the beginning of 2024, our research identified over 150 grant programs supporting a range of activities—from DeFi and NFTs to zero-knowledge projects and more. However, many of these grants did not include comprehensive support for security or privacy initiatives. Recognizing this gap, we:
- Maintained a Public Grant Directory: We created a list of Web3 grants to raise awareness with developers, entrepreneurs, and communities about existing opportunities. This included highlighting which programs fund security or privacy activities.
- Promoted Security Integration in Grants: We advised several ecosystems on incorporating subsidized audits, mandatory security consultations, and incident-response support into their grant frameworks. By integrating security early, projects can become less susceptible to costly vulnerabilities later.
- Highlighted Ethical and Inclusive Funding: In our advocacy, we continue to call for more diverse and inclusive grant allocations, encouraging a holistic approach that blends technical excellence, social impact, and robust security measures.
As funding for Web3 innovation continues to surge and new grant programs are launched, we encourage programs to consider increasing their support for security or privacy initiatives.
Laying Foundations for a Compliant Future
Amid ever-evolving regulations—like the EU’s MiCA and rapid changes to global data protection regimes—we assisted projects to strengthen their compliance. By offering strategic security audits, code reviews, and hands-on guidance, we ensure teams can adopt proactive measures that align with upcoming legal obligations. Our insights from attending high-profile conferences, such as the IAPP Europe Data Protection Congress, reinforce the importance of privacy-by-design and minimal data collection to reduce compliance risk.
In 2024, we completed a comprehensive Data Protection Impact Assessment (DPIA) audit for PrivateStorage, our privacy-focused data storage solution. This milestone reinforced our commitment to safeguarding user data and aligning with regulatory and ethical standards critical to Web3’s growth.
By proactively addressing data privacy risks through an external audit, we strengthened user trust and showcased our dedication to transparency and accountability. The insights gained enabled us to enhance our technology, ensuring it meets the evolving needs of Web3 projects.
Looking Ahead to 2025
In the coming year, our team plans to continue our efforts to foster a more secure, privacy-centric future for Web3. We will expand our on-chain publishing of security data and develop machine-readable audit frameworks so that regulatory bodies, researchers, and developers can seamlessly validate and analyze security findings. We also aim to roll out additional educational resources around zero-knowledge proofs, AI-driven privacy, and compliance best practices, continuing to meet the evolving challenges of decentralized systems. By working closely with blockchain protocols, grant programs, industry alliances, and user communities, we hope to further solidify the foundation of trust, collaboration, and safety that will enable Web3 to flourish in 2025 and beyond.
Why 2025 Will Be a Game-Changer for Security & Privacy Consulting
2025 promises an explosion in demand for specialized security, privacy, and compliance solutions across the Web3 and AI ecosystems. Growing regulations, such as the EU’s MiCA and AI Act, are making it mandatory for crypto-asset and AI service providers, amongst others, to undergo rigorous audits and implement robust risk management programs. Least Authority is uniquely positioned to help meet these new requirements:
- Cross-Chain Initiatives & AI-Web3 Integrations: As blockchain networks interconnect and AI increasingly merges with decentralized technologies, projects face new security and data privacy challenges. Our deep cryptographic expertise and track record of thorough audits make us the partner of choice.
- Zero-Knowledge Advancements: As more organizations integrate ZK solutions to safeguard data, the growth in adoption and improved tooling reflect a deepening interest in privacy-first development. Our extensive experience with zero-knowledge proofs makes us the most qualified team with which to work.
- Regulatory Audits & Compliance: Organizations subject to emerging legal standards will need expert guidance to navigate the complexities of privacy and security compliance—an area in which we excel.
- Machine-Readable Security: Our ongoing work publishing machine-readable, on-chain audit frameworks (e.g., Ordinal inscriptions on Bitcoin) will further reduce friction for developers, regulators, and investors looking to verify project security at scale.
By combining our proven auditing services with forward-thinking approaches to privacy-by-design, Least Authority will be the go-to provider for organizations looking to stay compliant, secure, and innovative in 2025—and beyond. If you’re ready to future-proof your project, let’s talk. Reach out to us at contactus@leastauthority.com.