Immunefi says it has facilitated $66 million in bug bounty payouts to whitehats since its inception
Immunefi says it has facilitated $66 million in bug bounty payouts to whitehats since its inception
#Immunefi #facilitated #million #bug #bounty #payouts #whitehats #inception Welcome to InNewCL, here is the new story we have for you today:
Click Me To View Restricted Videos
According to a new report published on Dec. 21, blockchain security firm Immunefi said that since its inception on Dec. 9, 2020, it has processed more than $65,918,994 in crypto bounties sent to ethical hackers in over 1,248 reports were paid. Web 3.0 projects list bounty programs on ImmuneFi to encourage whitehat hackers to report vulnerabilities and demand monetary rewards, which the company then facilitates.
Payouts appear to be concentrated in nature, with bounty programs from Wormhole, Aurora, Polygon, Optimism, and an unnamed company accounting for $30.2 million in rewards over the past year. The median payout was $2,000 and the average payout was $52,800. A small number of critical vulnerability bug reports received the highest rewards.
“For example, a $5,000 bounty for a critical vulnerability may work in the Web2 world, but not in the Web3 world. When the direct monetary loss for a Web3 vulnerability could be as high as $50 million, then it makes sense to offer a much larger bounty to incentivize good behavior.”
For vulnerability notifications, smart contract issues took the lead with a total of 728 submissions, accounting for 58.3% of paid reports. A total of 488 submissions (39.1) and 32 submissions (2.6%) were received in the websites and applications and blockchain/distributed ledger technology (DLT) categories, respectively. Interestingly, despite a high number of submissions, website and application reports accounted for only 2.9% of total white hat payouts, while smart contract bugs accounted for 89.6% of payments.
The discovery of the wormhole vulnerability resulted in a $10 million bug bounty payout | Source: Immuno
The bounty programs discovered reports of high vulnerabilities, such as the case in Pods Finance, for a logic error that allowed for theft of earnings or abuse of the rewards system in the protocol. Another involves the Mushrooms Finance vulnerability, which could potentially be exploited via a miner extractable value attack using flash bots.
The report also devoted part to ransomware analysis, revealing that malicious hackers returned $32.7 million in funds illegally extracted from decentralized finance (DeFi) protocols in five specific situations in 2022. Hackers withheld a total of $6.44 million in ransom payments. Some experts say that paying ransoms to hackers is tantamount to blackmail, but almost everyone agrees that setting up a bug bounty program ex ante facto is far better. Immunefi currently offers $144 million in rewards through Web 3.0 projects listed on the platform.
