Security isn’t optional: What builders are factoring into chain choice
Security is no longer an afterthought in blockchain development. Builders are looking beyond incentives to long-term infrastructure stability. Here's why resiliency is critical and how the Polkadot Assurance Legion is helping developers launch safely.
By Community Member•March 31, 2025
Over the last few years, the Web3 developer landscape has grown dramatically. According to Electric Capital, there were over 24,000 monthly active Web3 developers in 2024. That number is expected to reach 1 million by 2030.
Historically, liquidity and user activity have been major decision drivers. Liquidity appeals to end-users and, therefore, appeals to developers as they gravitate towards the most active chain to build on. But as more teams deploy live products and think beyond short-term gains, factors like stability, tooling, and security are gaining traction, especially for those transitioning from Web2 to Web3.
This is why we started the Polkadot Assurance Legion (PAL), a non-profit, community-led initiative focused on making open-source security more accessible within the Polkadot ecosystem. We’ve seen how quickly strong infrastructure can be deprioritized in the race to ship quickly or capture mass market attention, and we believe long-term adoption depends on reversing that trend.
Why risk tolerance is shifting
As with many emerging technologies, the early stages of Web3 have attracted builders and users who are typically comfortable operating in unknown environments, sometimes even associated with a high-risk tolerance. This mindset helped drive rapid experimentation and growth, but it also means that security was often reactive, rather than taken into consideration from the outset.
We don’t expect this trend to last. While it was an understandable tradeoff in early-stage development, it becomes increasingly unsustainable as the Web3 ecosystem matures. With rising corporate interest and more production-ready applications coming online, factors like security and proven liveliness are starting to define what makes a chain truly viable.
Making safe deployment more accessible
PAL formed out of a shared recognition: many projects want to prioritize security, but the resources to do so aren’t always accessible, especially in open, decentralized ecosystems. Our goal is to help fill that gap within the Polkadot ecosystem.
We provide funding from the Polkadot Treasury to help subsidize security audits for rollups, smart contracts, and common-good projects on Polkadot. Teams building on Polkadot can get up to 80% of their audit costs covered through PAL. We’ve also introduced a bug bounty reimbursement program, offering reimbursements of up to 50% of eligible payouts to support one of Web3’s most critical and community-driven security practices. PAL also runs programs to cover up to 50% of smart contract audits and the development of general security tools that benefit the Polkadot ecosystem.
To make this possible, we’ve onboarded 16 auditing firms, including OpenZeppelin, Trail of Bits, Hacken, and others, ensuring that teams across the ecosystem have access to reputable, experienced partners. Beyond audits, we also fund the development of open-source security tooling, that’s freely available to the Polkadot ecosystem.
Most of us at PAL work in security full-time elsewhere and contribute because we believe in decentralization, transparency, and the long-term resilience of the Polkadot network. Our goal is simple: to reduce the barriers for teams that want to launch safely and sustainably from day one.
Security is starting to shape real-world decisions
We’re already seeing the effects of this broader shift toward prioritizing security with teams building in sectors like gaming, prioritizing chain reliability and customizability as core requirements. The Mythos chain, with releases like NFL Rivals and the upcoming FIFA Rivals and Pudgy Party, started on Ethereum but later migrated to Polkadot. Speed, cost, and infrastructure resilience played a major role in that decision.
While attention and monetary incentives have largely influenced where developers build, they don’t always align with long-term infrastructure development. Large-scale enterprises, in particular, are less concerned with bootstrapping developer interest, as they often have internal teams and established distribution pipelines. What they need is infrastructure they can rely on—stable, customizable, and engineered for long-term integrity.
Security alone may not be the only factor in choosing a blockchain, but it’s becoming much harder to ignore. For teams looking to launch real products, the cost of overlooking security is just too high. If you’re building in the Polkadot ecosystem and need support with auditing or security best practices, the Polkadot Assurance Legion is here to help.
About the Polkadot Assurance Legion
The Polkadot Assurance Legion (PAL) is made up of some of the ecosystem’s most experienced contributors, many of whom hold full-time security roles and contribute to PAL in their spare time. Their work is driven not by commercial incentives but by a shared belief in decentralization, transparency, and the long-term sustainability of the Polkadot network.
