BitcoinWorld

Crypto News

White Hat Hackers Crack the Code: Over $65M in Crypto Bug Bounties Since 2020

Since its inception in 2020, Immunefi, a leading bug bounty platform for the cryptocurrency industry, has paid out a total of $65 million to white hat hackers.

These ethical hackers look for flaws in smart contracts and blockchain projects and are compensated for reporting them to Immunefi. This helps to protect users’ assets and keeps bad actors from stealing money.

According to Immunefi, smart contract vulnerabilities accounted for 58.3% of paid reports, with 728 submissions. There were 488 submissions in the Websites and Applications category, accounting for 39.1% of the total, and 32 in the Distributed Ledger Technology/Blockchain category, accounting for 2.6%.

However, despite having the second highest number of submissions, Websites and Applications only accounted for 2.9% of the payouts, while smart contract bugs accounted for 89.6% of the payments.

Some projects paid out more bounty money than others. In 2021, Aurora, Wormhole, Optimism, Polygon, and an unnamed company paid out $30.2 million in bounty payments, with an average payout of $52,800 and a median payout of $2,000.

Due to an increase in crypto hacks that resulted in a loss of over $3 billion in assets in 2022, Immunefi facilitated over $52 million in payments to white hat hackers.

A $10 million bounty was paid for a vulnerability discovered in the Wormhole decentralised messaging protocol, and another $6 million was paid for a bug discovered in the Aurora Ethereum-compatible layer-two scaling solution.

Because of the large amounts of capital held in smart contracts, Web3 bug bounties are typically larger than those for Web2.

“A $5,000 bounty payout for a critical vulnerability may work in the web2 world, but it does not work in the web3 world,” Immunefi explains. If a web3 vulnerability could result in a direct loss of funds of up to $50 million, it makes sense to offer a much larger bounty to incentivize good behaviour.”

Surprisingly, the Wormhole bounty alone is greater than the $8.7 million paid out in the previous year by Google’s Vulnerability Reward Programs.

 

Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.