Immunefi says it has facilitated $66M in bug bounty payouts to whitehats since inception

According to a caller study released connected Dec. 21, blockchain information steadfast Immunefi said that it has processed much than $65,918,994 crypto bounties paid to ethical hackers implicit 1,248 reports since its inception connected Dec. 9, 2020. Web 3.0 projects database bounty programs connected ImmuneFi to promote whitehat hackers to study vulnerabilities and assertion monetary rewards, which the institution past facilitates.

The payouts look to beryllium concentrated successful nature, with bounty programs operated by Wormhole, Aurora, Polygon, Optimism, and an undisclosed steadfast accounting for $30.2 cardinal worthy of rewards successful the past year. The median payout was $2,000, and the mean payout was $52,800. A tiny fig of captious vulnerability bug reports received the highest rewards. 

"A $5,000 bounty payout for a captious vulnerability whitethorn enactment successful the web2 world, for example, but it does not enactment successful the web3 world. If the nonstop nonaccomplishment of funds for a web3 vulnerability could beryllium up to $50 cardinal dollars, past it makes consciousness to connection a overmuch larger bounty size to incentivize bully behavior."

In presumption of vulnerability notifications, Smart Contracts issues took the lead, with a full of 728 submissions, accounting for 58.3% of paid reports. Meanwhile, the Websites and Applications and Blockchain/Distributed Ledger Technology (DLT) categories totaled 488 submissions (39.1) and 32 submissions (2.6%), respectively. Interestingly, contempt having a precocious fig of submissions, Website and Applications reports lone represented 2.9% of full whitehat payouts, whereas Smart Contract bugs accounted for 89.6% of payments.

The Wormhole vulnerability find resulted successful a $10 cardinal bug bounty payout | Source: Immunefi

The bounty programs detected precocious vulnerability reports, specified arsenic the lawsuit successful Pods Finance, for a logic mistake that allowed for theft of output oregon maltreatment of the rewards strategy connected the protocol. Another includes Mushrooms Finance's vulnerability which could beryllium perchance exploited via a miner-extractable worth onslaught with flash bots.

The study besides dedicated a information of ransom analysis, revealing that malicious hackers person returned $32.7 cardinal successful funds illicitly gained from decentralized concern (DeFi) protocols crossed 5 circumstantial situations successful 2022. Hackers person kept $6,44 cardinal successful full ransom payments. Some experts accidental that the outgo of ransom to hackers amounts to giving into extortion, but astir each hold that it's overmuch amended to instate a bug bounty program ex ante facto. Immunefi presently offers $144 cardinal successful bounty rewards done Web 3.0 projects listed connected the platform.