Penetration Testing Web3 Games

4 min readFeb 16, 2023


With the rising use and popularity of Web3 and blockchain technologies, we thought it best to jump right into the world we know. As the leading online games penetration testing team on the market, we are uniquely placed to tackle the rising security requirements found in blockchain and Web3 games. We’ve talked about best practices to securing your Web3 development before, now it’s time to delve into penetration testing. To begin to explain what makes penetration testing Web3 games different, we need to compare them to traditional online game penetration tests.

Online Games V.S Web3 Online Games

We have a very simple objective in our cybersecurity services. Stopping hackers and cheaters at the door before they get onto the game’s property and start ruining experiences and systems.

An online game is simple, any player who’s played a multiplayer game in the past fifteen years knows how they work. A dedicated server or peer to peer (which is not secure!), the players connect to a secondary party and meet online. To collaborate or compete, that is the way of life we’ve known in online gaming since its conception.

Web3 games are leveraging blockchain gaming technologies on top of their online components. You have likely heard of them already. Smart contracts, NFTs, wallets, and cryptocurrency, any or all of these might be integrated. And usually these are built into the foundation of the game’s economy design to best utilise the potential of blockchain. Weapons, armour, items, mounts, summons, companion NPCs, and more, all tradeable and sellable to another player.

At its core, it is simply a game utilising blockchain technology. And from there, it implies use of multiple Web3 components as listed above.

Why is Cyrex the best fit for Web3 Game Penetration Testing?

For the past eight years, the Cyrex team have been conducting manual, collaborative penetration testing in the online games industry. Four of those eight years have been spent learning and entering into the world of blockchain cybersecurity.

In those eight years, the Cyrex team have covered every shape and size of online game. From MMOs to BRs on PC and console, to FPSs and Strategy games on mobile and browser. We’ve worked on every framework and technology, custom engines, Unity, Unreal, and everything in between. Our work has brought us into collaboration with Warner Bros, Electronic Arts, 2K, Plarium, Jagex, Sharkmob, and Improbable to name a few.

Simply put, we have been pen testing games for nearly a decade and we’ve been doing it better than any of our peers. We know this industry inside and out. And once blockchain technology entered the gaming world, we had already spent time researching how it worked and where vulnerabilities might pop up. Since then, we’ve worked on securing blockchain and DeFi projects almost every day. The Cyrex team have worked closely with all things DeFi and blockchain gaming, working with items such as custodial wallets, securing smart contracts, on modern blockchain Layer 1 and Layer 2 technologies, and blockchain bridges.

We know this looks like a lot of horn blowing, but there’s no other way to say it. We know what we’re talking about. The Cyrex team have an intimate understanding and comprehension with blockchain technology and online gaming. It’s in our blood at this point! So, when you combine Web3 and online gaming, nothing changes for our team. We know both and are happy to work on them.

How is Web3 Game Pen Testing different?

The main difference between traditional online game penetration testing and Web3 game penetration testing is the blockchain technology itself. The Web3 elements, particularly, smart contracts are the main focus.

In response to the blockchain elements, the Cyrex team began to develop our own research and training programs for all testers. We hit the ground running, understanding the security of blockchain, Web3, and smart contract features and their respective vulnerabilities.

The differences are not a huge hill in themselves, but the learning curve of the new technology offers challenges. However, we are each cybersecurity and engineering specialists. No matter how new it was, we were quick to learn and understand. Web3 games and blockchain games offered new implementations, new interactions. We knew both sides of the join but penetration testing Web3 games means understanding how the two meet and interact.

This shows itself in our variety of clients. Most of them are very familiar with one side or the other. Some clients know Unity and Unreal inside and out. Others know Web3 and blockchain like the back of their hand — but the other side is a stranger. It takes someone who knows both sides, their vulnerabilities, and their interactions to get the final product as safe as possible.
And that’s where we’re trusted by our array of clients. We’ve worked on multiple blockchain and Web3 games including Gods Unchained, Blankos Block Party, Illuvium, and Guild of Guardians. It was our work with Mythical Games and Blankos Block Party that started a fantastic, ongoing partnership. Two kindred teams understanding blockchain, security, and gaming as they pioneered one of the first successful blockchain games. And that helped us to round out our service offerings, allowing Cyrex to offer comprehensive 360-degree support to our clients. If you’d like to learn more on the topic, check out our webinar about game hacking on the blockchain! Where our CTO, Tim De Wachter, discusses blockchain gaming, security, and how we deal with the malicious actors targeting the industry.

And if you’re looking to utilise our 360-degree service offering for Web3 or traditional security, get in touch today! Cyrex is always happy to prove that we are the leading Web3 and gaming penetration testers on the market.




Cyrex is a native security company specialised in securing and developing software with a strong focus on online gaming.