The evolution of the Web3 sector in recent years has brought in more curious Web2 users and encouraged more innovation, but it also attracted threat actors that, unfortunately, are also evolving with time.
As cybersecurity risks emerge in the burgeoning industry, events like Remedy CTF 2025, the largest Web3-focused Capture The Flag (CTF) competition, are putting a spotlight on industry efforts to catapult security at the forefront of Web3 evolution.
Remedy CTF 2025, hosted by Hexens, attracted over 2,200 participants from across 1,452 teams, featuring the largest prize pool in Web3 CTF history at $52,000, breaking records for previous CTFs in the industry.
In an exclusive with International Business Times, Hexens Co-founder Vahe Karapetyan delved into the importance of CTF events in Web3, and why it is crucial to make security a priority in the space.
Why CTFs are Essential in Web3
The link between Web2 and Web3 has become more visible in recent years, which is why for Hexens, security around the two sectors should be treated the same. “We don’t believe in putting Web2 and Web3 security into different boxes – it’s all part of the same big picture. That’s why events like CTF competitions, including Remedy CTF 2025, matter so much to us,” Karapetyan said.
While CTFs are a way for cybersecurity experts to learn, share knowledge, and have fun, it is more than just a competition with expected rewards for winning teams or individuals.
Events like Remedy CTF 2025 tackle real-world problems that affect Web3, such as smart contract vulnerabilities and blockchain exploits. Such events help pros in the security realm to hone their skills and bring fresh ideas into the field.
“Plus, blending Web2 and Web3 challenges at these competitions shows just how connected everything is in today’s digital space,” Karapetyan noted.
Challenges Ahead for a Promising Segment
As with other promising industries, there are also hurdles in the face of Web3 security, especially as hackers get smarter and evolve their creative tactics.
“They’re mixing traditional attack methods with new blockchain-specific exploits. It’s always been a cat-and-mouse game, but the stakes are higher now,” Karapetyan pointed out.
He noted how “old-school threats” such as social engineering, phishing, and DNS hijacking are starting to make a comeback in the Web3 world, “just with a new twist.”
He added how phishing scammers target private keys and seed phrases, and more infrastructure attacks on cross-chain bridges and platforms are being carried out.
The $620 million hack of the Ronin network back in 2022 “is a prime example of how vulnerable these systems can be,” Karapetyan said.
To ensure that systems are safe to drive growth, it’s crucial to “think beyond traditional audits and code reviews,” he noted. What does this mean?
- Wide-range skills – Security firms should be equipped with a vast range of skills that cover not just the Web3 space but also Web2, since some threats from the Web2 world are being transported by hackers into Web3.
- User education – It’s important to constantly provide materials and notices to users about what they can do to improve their own account security.
- Host CTFs – These events help security pros stay on top of things by sharing insights and learning from each other.
Web3 Security Growth in 2025 to Lean on 3 Key Factors
If there are challenges, then there are also opportunities for growth.
The Web3 security segment is expected to only grow further in the coming years, even as hackers and malicious actors are lurking around, waiting for the right time to strike.
Karapetyan said growth in Web3 security will rely upon these three factors:
- Market movements – Market conditions matter a lot in a Web3 segment’s growth. “When there’s a bull market, new projects and innovations in Web3 are popping up left and right,” he said, which could trigger more development.
- AI developments – The rise of artificial intelligence in Web3 was highlighted last year, but it is expected to skyrocket this year. Karapetyan did note that “AI is a game-changer for both good and bad actors.”
- Scalability – With Web3 continuously expanding, scalability is becoming a real problem. To keep up with the pace of growth in an ecosystem where everything is interconnected, there need to be scalable tools and community-driven efforts such as CTFs to encourage tackling scalability-related challenges and find new ways to keep the space secure.
Karapetyan warned that while growth is inevitable, more money pouring into an ecosystem also means more assets will be at risk as hackers get drawn to emerging industries.
AI’s integration into blockchain systems also poses potential risks, as AI can be used by threat actors as tools to automate their attacks.
For Web3 security firms, the goal should be to use AI “to fight back while being aware of how it’s being used against the industry,” Karapetyan said.
Hexens’ Role in Web3 Security Development
Aside from its work on Remedy CTF 2025, Hexens provides top-notch security services to some of the Web3 space’s most prominent players, including Polygon, 1inch, Lido, EigenLayer, LayerZero, and Risc0.
“We know that solving Web3’s security challenges isn’t something any one company can do alone. It’s about working together, learning from each other, and staying ahead of the curve. At Hexens, we’re committed to making sure that security is a core part of Web3’s future, not just an afterthought,” Karapetyan said.
Hexens’s R.xyz platform brings together whitehat hackers and security pros to share knowledge and participate in bug bounty programs. It also has tools such as smart contract query engine Glider that helps experts detect vulnerabilities across blockchain networks.
Security will always be an issue when assets are involved, but for Hexens, it’s a mission to “push the boundaries of what’s possible in security” for a Web3 future where “trust is verified.”
The post Expert’s Take: Hexens Co-Founder Talks Security As A ‘Core’ Of The Web3 Future appeared first on International Business Times.
