Immunefi Reports Over $100 Million Paid to Ethical Hackers in 3 Years



Immunefi
,
the
leading
onchain,
crowdsourced
security
platform,
has
paid
over
$100
million
in
bug
bounty
rewards
to
security
researchers
in
just
over
three
years.


Immunefi
protects
over
$190
billion
in
user
funds
for
established
projects
like
Chainlink,
Wormhole,
MakerDAO,
TheGraph,
Synthetix,
Polygon,
Optimism,
, and
more.
Immunefi
has
paid
out
the
most
significant
bug
bounties
in
the
software
industry
while
saving
over
$25
billion
in
user
funds.
Currently,
it
offers
over
$163
million
in
bounty
rewards.
With
Immunefi’s
researchers,
80%
of
projects
find
vulnerabilities
missed
by
code
audits. 


“We
work
tirelessly
to
safeguard
the
onchain
ecosystem,
and
this
achievement
is
a
testament
to
the
effectiveness
of
our
bug
bounty
programs
and
the
dedication
of
our
community
of
researchers,”
said
Mitchell
Amador,
Founder
and
CEO
of
Immunefi.
“Their
work
is
essential
in
preventing
substantial
financial
losses
in
web3,
and
we
will
continue
to
innovate
and
support
them
in
safeguarding
the
next
generation
of
projects
and
users.”


Bug
Bounty
Rewards
Distribution 


Immunefi
classifies
bugs
on
a
simplified
four-level
scale
from
Critical,
High,
Medium,
and
Low
across
Smart
Contracts,
Blockchain/DLT,
and
Websites
and
Applications
bug
report
submissions. 


Paid
reports
by
type 


  • Smart
    Contracts
    take
    the
    lead
    with
    a
    total
    of
    $77,973,118,
    accounting
    for
    77.5%
    of
    all
    bounties
    paid
    out. 


  • Blockchain
    follows
    with
    $18,756,806.72,
    accounting
    for
    18.6%. 


  • Web
    and
    App
    with
    $3,849,014.79,
    representing
    3.8%.


Paid
reports
by
severity


  • Critical
    vulnerabilities
    take
    the
    lead
    with
    a
    total
    of
    $88,344,273,
    accounting
    for
    87.8%
    of
    all
    bounties
    paid
    out. 


  • High
    severity
    follows
    with
    $7,446,570,
    representing
    7.4%.


  • Medium
    severity
    with
    $3,243,734,
    representing
    3.2%. 


  • Low
    severity
    with
    $997,621.49,
    representing
    1% 


  • Informational
    with
    $566,289.23,
    representing
    0.6%


Reshaping
the
Bug-hunting
Experience


Immunefi
was
the
first
to
introduce
a
scaling
incentive
for
hackers,
meaning
rewards
grow
accordingly
with
the
severity
of
an
exploit
and
the
volume
of
funds
at
risk.
Immunefi
has
paved
the
way
for
a
dramatic
repricing
of
bug
bounties
in
web3,
where
they
have
quickly
become
the
largest
in
the
entire
software
industry.
Incentives
to
exploit
projects
in
web3
are
significantly
greater
than
in
web2
due
to
the
amount
of
capital
locked
in
smart
contracts.
Web3
is
a
far
more
adversarial
environment
where
vulnerabilities
in
code
can
result
in
a
direct
loss
of
this
capital.
The
ecosystem
lost
over 
$1.8
billion
 in
2023,
and
has
lost 
$778
million
 in
2024
YTD.
An
effective
and
reliable
incentivization
system
for
hackers
in
web3
is
crucial. 


Thanks
to
its
bug
bounty
scaling
standard,
Immunefi
has
built
the
largest
community
of
security
talent
in
the
crypto
space,
with
over
45,000
researchers
operating.
Immunefi’s
ethical
hackers
and
security
researchers
have
earned
as
much
as 
$10
million
 for
a
single
vulnerability
program
reward. 


Beyond
Bug
Bounty
Programs 


In
addition
to
bug
bounty
programs,
Immunefi
provides
consultations,
bug
triaging,
and
program
management
services
to
blockchain
and
smart
contract
projects.
Immunefi
recently
launched 
Boosts,
a
time-bound
code
review
program
ensuring
top-tier
engagement
from
elite
security
researchers.
With
Boosts,
vulnerability
reports
are
surfaced
in
real-time
as
a
program
runs,
unlike
traditional
audits,
where
a
project
would
need
to
wait
until
an
audit
is
concluded
to
assess
any
potential
vulnerabilities.
Furthermore,
it
offers 
Invite-only
programs
 powered
by
Immunefi’s
proprietary
data-driven,
security
talent
matching
system
that
leverages
over
30,000
reports,
thousands
of
vulnerabilities,
and
hundreds
of
programs
to
curate
the
best
security
researchers
for
a
project’s
specific
program.


About
Immunefi



Immunefi
 is
the
largest
onchain
crowdsourced
security
platform.
Immunefi
guards
over
$190
billion
in
user
funds
across
projects
like
Chainlink,
Wormhole,
MakerDAO,
TheGraph,
Synthetix,
Polygon,
Optimism
, and
others.
The
company
has
paid
out
the
most
significant
bug
bounties
in
the
software
industry,
amounting
to
over
$100
million,
and
has
pioneered
the
scaling
web3
bug
bounties
standard.
For
more
information,
please
visit 
https://immunefi.com

Comments are closed.