HAI Group’s CORE.3 introduces a Probability of Loss standard for Web3 risk
HAI Group has unveiled CORE.3, a risk intelligence platform that aims to redefine how risk is measured across the Web3 ecosystem by introducing a unified, data-driven Probability of Loss (PoL) framework. Positioned as an open, analytics-based standard rather than an investment rating product, CORE.3 is designed to convert raw on-chain activity into a forward-looking numerical estimate of how likely users are to incur a financial loss when interacting with a specific crypto project.
Instead of relying on traditional metrics like Total Value Locked (TVL), price action, or short-term market sentiment, CORE.3 focuses on quantifiable operational and security variables. According to HAI Group, the platform currently covers risk assessments for 50 digital asset projects, with a roadmap to scale that coverage to more than 1,000 projects in the near term. The goal is to make risk visibility as commonplace as price charts and trading volumes.
From on-chain data to a Probability of Loss score
At the core of the platform is the Probability of Loss metric, a single score that expresses, in quantitative terms, how likely it is that a participant in a given Web3 protocol or project will suffer a financial loss. Rather than being backward-looking, the PoL score is intended to be predictive, integrating real-time and historical on-chain data with a structured assessment of the project’s risk profile.
To achieve this, CORE.3 pulls and standardizes more than 100 data points per project. These data points span a range of risk domains: technical security, financial soundness, operational resilience, reputation, and regulatory posture. The intention is to move away from subjective narratives and focus on verifiable conditions that can be consistently measured across different protocols, chains, and use cases.
A three-tier risk assessment methodology
The PoL framework rests on a three-layer methodology that translates raw facts into an aggregate risk score:
1. Conditions – The most granular level, consisting of concrete, factual inputs. These might include details such as:
– Whether smart contract audits have been performed and, crucially, whether identified issues have been addressed.
– How admin or upgrade keys are managed and secured.
– The presence and transparency of reserves or collateral backing.
– The structure of protocol governance and emergency controls.
2. Metrics – Individual conditions are grouped into broader risk metrics that reflect specific dimensions of risk. Examples include:
– Smart contract and codebase risk.
– Liquidity and reserve transparency.
– Counterparty and financial integrity.
– Stability of infrastructure and operational processes.
3. Categories – At the top level, these metrics are aggregated into overarching risk categories. CORE.3 prioritizes domains such as security, compliance, and operational robustness, assigning more weight to factors that have historically been the root cause of catastrophic failures or user losses in Web3.
The resulting PoL score is a composite, where higher values correspond to a higher modeled probability of financial loss. This gives users and institutions a standardized way to compare risk across very different types of projects, from DeFi protocols and staking platforms to bridges and infrastructure services.
Separating facts from perception: “Proof-of-Opinion”
In addition to its objective, data-driven engine, CORE.3 introduces a supplementary layer called “Proof-of-Opinion.” This component is dedicated to qualitative and subjective aspects of a project that are hard to express purely in on-chain data, such as:
– Market relevance and competitive positioning.
– Community traction and ecosystem integration.
– Strategic importance within a particular blockchain or sector.
While these elements often influence behavior and adoption, HAI Group explicitly keeps them separate from the PoL score itself. The Proof-of-Opinion layer does not affect the core probability of loss metric; instead, it provides contextual color that can help users interpret risk in light of broader market dynamics without diluting the objectivity of the main framework.
Open-access design and project participation
CORE.3 is built as an open-access analytical framework. Any covered project can see its risk profile as derived from publicly available data. This passive mode ensures that teams and users alike can observe how the platform interprets on-chain reality without needing to opt in.
For projects that want more control and transparency, CORE.3 also supports active participation. Teams can:
– Verify specific inputs used in the model.
– Provide additional documentation that clarifies governance, security practices, or reserves.
– Respond to identified vulnerabilities or red flags and track how mitigation measures affect their PoL score over time.
This feedback loop is designed to encourage better risk management behavior: the more a project improves its operational and security posture, the more that should be reflected in a lower probability of loss over time.
Positioned outside the realm of ratings and investment advice
HAI Group emphasizes that CORE.3 is not a ratings agency and does not issue buy, sell, or hold recommendations. The PoL framework is framed as a tool for measuring and quantifying risk, not for making investment decisions on behalf of users.
In practice, this means:
– The PoL score is an informational metric, similar to volatility or drawdown statistics in traditional finance.
– It is intended to complement, not replace, due diligence and investment research.
– Institutions and individuals can integrate the metric into their own risk models, compliance frameworks, or exposure limits, but CORE.3 itself does not prescribe any specific actions.
By making this distinction, HAI Group aims to keep the platform focused on analytics, avoiding the regulatory and perception issues associated with ratings or advisory services.
HAI Group’s ecosystem and strategic positioning
HAI Group serves as the parent entity of the Hacken ecosystem, a long-standing player in blockchain cybersecurity and risk analysis. The group oversees a portfolio that includes:
– Hacken – Focused on security audits and consulting for blockchain projects.
– HackenProof – A bug bounty and crowdsourced security platform.
– CER.live – An analytics service specializing in exchange security and related metrics.
CORE.3 sits alongside these products as an independent analytics layer. While it benefits from the expertise and historical data accumulated within the Hacken ecosystem, it is positioned as a standalone framework meant to be applied widely across the Web3 space, regardless of whether a project is a direct Hacken client or not.
Why PoL matters for Web3’s next phase
As digital asset markets evolve and institutional participation increases, the absence of consistent, comparable risk metrics has become a significant barrier. TVL, token price, and social media activity can be misleading proxies for safety. A protocol can hold billions in assets yet remain fragile from a governance, technical, or regulatory standpoint.
A Probability of Loss metric attempts to address several pain points:
– Comparability – Users can compare very different projects on a unified risk scale instead of piecing together disparate indicators.
– Forward-looking insight – By focusing on conditions that historically precede failures (poor key management, unremediated audit issues, opaque reserves), PoL seeks to identify vulnerabilities before they result in losses.
– Institutional readiness – Risk officers and compliance teams in funds, custodians, and financial institutions need structured, defensible metrics to justify exposure. A standardized PoL score can become one building block in their internal policies.
For the broader ecosystem, the presence of such a metric may incentivize better practices. As more capital is allocated using structured risk constraints, projects that lack basic controls or transparency may see their relative position weaken, pushing them to improve.
How CORE.3 could be used in practice
Different stakeholders in Web3 can leverage CORE.3 in distinct ways:
– Retail users might consult PoL scores before depositing assets into a yield farm, bridge, or lending protocol. Even a basic comparison – such as opting for a lower PoL project at similar yields – could materially reduce risk exposure.
– Project teams can treat their PoL profile as an external benchmark, using it to prioritize technical and governance improvements. For example, if the score is heavily penalized due to admin key centralization, a move toward multisig or time-locked upgrades can be planned and tracked.
– Institutional investors may integrate PoL thresholds into their portfolio construction rules. A fund could, for instance, prohibit exposure to projects above a certain PoL value, or require enhanced monitoring for protocols in a medium-risk band.
– Service providers, such as custodians or wallet applications, can surface PoL information at the transaction or integration level, giving end users clearer indications of relative protocol risk.
Challenges and limitations of data-driven risk models
Despite its ambitions, a framework like CORE.3 faces inherent challenges:
– Data completeness – Not all risk-relevant information is on-chain. Legal structures, off-chain reserves, or informal governance dynamics can be difficult to capture quantitatively.
– Model assumptions – Any probability model is only as robust as its assumptions and historical calibration. Black swan events or novel attack vectors may not be fully reflected in past data.
– Behavioral responses – Once a metric becomes influential, projects may attempt to “optimize for the score” rather than for true safety, emphasizing visible improvements while leaving harder structural issues unaddressed.
HAI Group’s choice to separate Proof-of-Opinion from the core PoL score is one way to acknowledge that not everything can be boiled down to numbers. Still, users are encouraged to treat the metric as one input among many, not as a definitive oracle.
The role of standardized risk in Web3’s maturation
For Web3 to evolve from experimental infrastructure into a reliable layer of the global financial system, risk must be measured as rigorously as return. That shift requires tools that are:
– Transparent in methodology.
– Consistent across projects and chains.
– Adaptable as new technologies and threat vectors emerge.
CORE.3’s PoL framework represents an attempt to fill that gap by translating the often opaque technical, operational, and regulatory realities of crypto projects into a clear, quantifiable signal. Whether it becomes a de facto standard will depend on adoption by users, projects, and institutions, as well as on its ability to accurately anticipate real-world losses.
Looking ahead
As coverage expands from dozens to hundreds and eventually thousands of projects, the dataset behind CORE.3 is expected to become richer. This could allow for:
– Sector-level comparisons (for example, bridges versus lending markets).
– Time-series analysis of how project risk evolves after governance changes, code upgrades, or market shocks.
– Calibration of the PoL framework against actual incident data, refining the relationship between specific conditions and realized losses.
If successful, such a system could help shift the crypto conversation away from hype-driven metrics toward a more disciplined assessment of risk. In that environment, projects that invest early in robust security, transparent operations, and sound governance may find that those efforts are not only good practice, but also visibly rewarded in the market through lower modeled probabilities of loss.