The state of digital asset risk data is now public

Until this week, there was no shared way to measure crypto risk. Individual dashboards tracked fragments of risk data without showing the full pictire. Audit PDF from the website, reserves attestation found on Reddit, a TVL chart from DeFiLama. All this data was not comparable and not indexable to give anyone a full picture. 

If you wanted to assess whether a project was more or less exposed to failure than another, you were left stitching together data from twenty-five sources and hoping your judgment held.

That changes today.

CORE3 released one of the largest public risk datasets in Web3 at ETHCC Cannes. The dataset covers 1,426 projects and 253 exchanges, roughly 75% of every active crypto project with a market capitalization above $1M.

The projects were selected from the top 1,500 listed across the top 50 centralized exchanges. Stablecoins, tokenized real-world assets, and wrapped tokens were partially excluded. The remaining 1,426 represent 76.3% of all eligible projects above the $1M threshold.

Each one received a Probability of Loss (PoL), a risk index from 0 (exceptional) to 100 (critical), calculated across category-specific assessment frameworks spanning six risk domains for projects and three for exchanges.

This is the first time a single methodology has been applied across the entire active crypto market at this scale.

The Probability of Loss (PoL) is an unbiased, data-based numerical index (0 to 100) that estimates the likelihood that a project will fail or that users will incur losses due to an exploit or incident.

PoL pulls on-chain and off-chain data to estimate the likelihood of an adverse event for a given project and the severity of its consequences. It is a comprehensive crypto risk assessment reduced to a single comparable number.

Yet, as the number itself is a composite of metrics across 6 domains (security, finance, operations, dependency, regulatory, and reputation), apart from the final score, the CORE3 platform shows the sub-scores across exposure categories, as well as specific metrics present or absent.
 

For exchanges, the methodology evaluates three domains: security, solvency, and transparency. This is the evolution of the CER.live exchange security standard, which has powered the cybersecurity component of CoinGecko's Trust Score since 2019.
 

29 project categories each get their own tailored assessment criteria. An L2 is not scored the same way as a memecoin or a lending protocol. This replaces the one-size-fits-all approach most risk tools use.
 

In a nutshell, CORE3 works like this: The lower the PoL, the more evidence exists that a project has invested in risk mitigation. The higher the PoL, the more conditions are missing or undisclosed.
 

The industry operates under a principle of ship fast, break things. As a result, protocols, projects, and tokens are shipped with impressive speed, and regularly break because risk practices were overlooked.

Those risk practices require a level of maturity and operational frameworks that slow down the deployment of any update. But in return, founders, users, and any involved party can be confident that if an attacker targets the project, it will be much harder for them to break it, or the impact will be minimized to acceptable levels.

At the same time, users, institutions, and partners have no transparent risk metrics to check risk exposure calculated from verifiable proofs. Apart from closed-box counterparty risk monitoring vendors, there is no open infrastructure to measure risk, calculate it on the same scale, and expose gaps across the market.

CORE3 releases this larger dataset exactly to address this infrastructure gap.

The dataset is live on core3.io with three use cases operational from day one.

Challenge the methodology

CORE3's PoL methodology is open. If you're a security researcher, protocol builder, or risk professional, then read it, challenge it, and improve it. The standard gets stronger when the smartest people in the room push back.

Share it with projects you are in

If you're involved in a Web3 project as a contributor, investor, or user, share CORE3 with the team. Projects that actively build security can submit their data and improve their PoL score. Security effort becomes visible. That visibility is worth more than any marketing budget.

Integrate PoL and act on it

Building a wallet, data aggregator, DEX, or lending protocol? Integrate PoL to show your users real risk data. We provide a free API. Risk visibility is a competitive advantage; CoinGecko security scores proved this.

In April 2026, CORE3 hosts the first industry roundtable on digital asset risk management with representatives from Moody's Ratings, C4, and CryptoRank. The goal is to map implementation opportunities: how funds, listing teams, regulators, and builders can operationalize a shared crypto risk benchmark.

Currently, the team is working to improve the scoring logic, develop new features, and address requests from other Web3 market participants. 

To be the first to receive updates, follow us on social media.

Open methodology: docs.core3.io 

Live Web3 risk indexes: core3.io