<p><span style="font-weight: 400;">Immunefi, a crypto-focused bug bounty platform, paid over $52 million to ethical hackers for finding bugs in blockchain and cryptocurrency apps in 2022, a year that has seen the value of crypto hacks top</span><span style="font-weight: 400;"> more than $3 billion.</span></p> <p><span style="font-weight: 400;">In 2022, malicious actors increasingly used advanced tactics to exploit weaknesses in decentralized apps, opening the opportunity for crypto bug bounty players like Immunefi. Such platforms reward so-called white hat hackers for discovering and reporting security vulnerabilities. </span></p> <p><span style="font-weight: 400;">Immunefi currently dominates the web3 bug bounty space. While it has awarded $52 million to hackers this year, the second-most popular platform, HackenProof, has paid out less than $850,000 since its launch in 2017, according to its </span><a href="https://hackenproof.com/"><span style="font-weight: 400;">website</span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">According to Immunefi, the dollar value of web3 bug bounties easily surpass those paid by large tech giants active in the web2 space. The web3 space is unique because vulnerabilities in code can result in a direct loss of funds. As such, the incentives to exploit projects in web3 are significantly larger, primarily due to the amount of capital held in smart contracts, the Immunefi team explained. </span></p> <h2>Wormhole bounty</h2> <p><span style="font-weight: 400;">The highest bounty Immunefi paid in 2022 was the </span><a href="https://www.theblock.co/post/148085/wormhole-announces-10-million-bug-bounty-payout"><span style="font-weight: 400;">$10 million</span></a><span style="font-weight: 400;"> award for a vulnerability discovered in Wormhole, a generic cross-chain messaging protocol. This reward alone was larger than the total of $8.7 million paid out by Google's </span><a href="https://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html"><span style="font-weight: 400;">Vulnerability Reward Programs</span></a><span style="font-weight: 400;"> in 2021. Immunefi also awarded a </span><a href="https://www.theblock.co/post/150500/aurora-labs-pays-6-million-reward-to-hacker-that-saved-70000-eth-from-getting-stolen"><span style="font-weight: 400;">$6 million bounty</span></a><span style="font-weight: 400;"> for a vulnerability discovered in Aurora, a bridge and a scaling solution for Ethereum.</span></p> <p><span style="font-weight: 400;">“A $5,000 bounty payout for a critical vulnerability may work in the web2 world, for example, but it does not work in the web3 world. If the direct loss of funds for a web3 vulnerability could be up to $50 million, then it makes sense to offer a much larger bounty size to incentivize good behavior,” Immunefi noted.</span></p> <p><span style="font-weight: 400;">Since it was founded in 2020, Immunefi has paid more than $65 million in rewards for securing $25 billion in total value, the firm claimed. During this period, it has worked with notable players in the space, including Chainlink, Wormhole, MakerDAO, Compound, Synthetix, Polygon and ApeCoin DAO. In September, Immunefi </span><a href="https://www.theblock.co/post/172008/web3-bug-bounty-platform-immunefi-raises-24-million-in-series-a-funding"><span style="font-weight: 400;">raised</span></a><span style="font-weight: 400;"> $24 million in a Series A round led by </span><span style="font-weight: 400;">Framework Ventures.</span></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>