Immunefi, a leading bug bounty platform for the cryptocurrency industry, has paid out a total of $65 million to white hat hackers since its founding in 2020.
These ethical hackers look for vulnerabilities in smart contracts and blockchain projects and are rewarded for reporting them to Immunefi. This helps protect user assets and prevents bad actors from stealing funds.
Smart contract bugs account for the majority of paid reports
According to Immunefi, 58.3% of paid reports concerned smart contract vulnerabilities, with 728 reports. There were 488 reports for cases in the Websites and Applications category, or 39.1% of the total, and 32, or 2.6%, for Distributed Ledger Technology/Blockchain cases.
However, while websites and applications had the second most submissions, they accounted for just 2.9% of payments, while smart contract bugs accounted for 89.6% of payments.
Some projects have paid more premiums than others. Aurora, Wormhole, Optimism, Polygon and an unnamed company have offered $30.2 million in payouts through their bounty programs in 2021, with the average payout being $52,800 and the median payout being $2,000.
Over $52 million paid this year
In 2022, Immunefi facilitated over $52 million in payments to white hat hackers due to the rise of crypto hacks resulting in the loss of over $3 billion in assets.
The highest paid bounty of the year was a $10 million bounty for a vulnerability discovered in the Wormhole decentralized messaging protocol, and another $6 million was paid for a bug found in the Aurora-compatible second-level scaling solution Ethereum.
Web3 bug bounties higher than those for Web2
The rewards for Web3 bugs tend to be greater than those for Web2, due to the large amounts of capital held in smart contracts.
As Immunefi explains, “A $5,000 bounty for a critical vulnerability may work in the web2 world, but it doesn’t work in the web3 world. If the direct loss of funds for a web3 vulnerability could be as much as $50 million, then it makes sense to offer a much larger bounty to incentivize good behavior.”
Interestingly, Wormhole’s bounty alone is more than the $8.7 million paid out by Google’s vulnerability bounty programs over the past year.
SPECIAL OFFER (Sponsored)
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off commissions on Binance Futures the first month
PrimeXBT Special Offer: Use this link to register and enter the code POTATO50 to receive up to $7,000 on your deposits.