The leading bug bounty platform for blockchain with the world's largest bug bounties. More than $95m paid out to whitehats and $156m in rewards available.
Immunefi is the leading bug bounty platform for web3 with the world's largest bounties.
We have $154 million in rewards available.
We've paid out more than $90m in bug bounties.
We've saved over $25b in user funds.
Follow us to keep updated on bounties and security in web3.
Whitehat satya0x reported a critical vulnerability in
@wormholecrypto
on Feb 24 via Immunefi.
The bug was quickly patched, no user funds were affected, and satya0x received a $10 million payout from Wormhole, the largest bounty payout on record.
Join us Wednesday for the
@zerolendxyz
Boost halftime show!
Special guests
@arTemTheTriager
from Immunefi and
@deadshotryker
from ZeroLend will provide insight and analysis on results so far and how you can find more bugs!
🗓️ Mar 6
⏰ 11am UTC
Have you checked
@zerolendxyz
Boost's ~6500 nSLOC codebase yet? With duplicates rewarded, this Boost is a piece of 🍰
- $60 million TVL
- No KYC required
- $200,000 USD reward pool
As promised, we broke another record.
@g3rh4rdw4gn3r
found a bug in
@0xPolygon
's plasma bridge that could have resulted in an $850m loss if exploited.
The bounty payout is the largest: $2m.
Bug fixed. Everyone is safe!
A real win for all.
NEW Bug Bounty!
Solidly has launched their Bug Bounty on Immunefi!
@solidlyexchange
- low cost, near 0 slippage trades on uncorrelated or tightly correlated assets. Incentivizing fees instead of liquidity.
Find bugs, get paid $200,000 👀
#Immunefi
It's a NEW BIG Bounty Launch!
@goldfinch_fi
has just launched their bug bounty program on Immunefi!
Goldfinch: a decentralized credit protocol that allows anyone to be a lender, not just banks.
Hunt for bugs and get yourself up to $500,000:
New launch live! 💪
@zetablockchain
is the foundational, public blockchain that enables omnichain, generic smart contracts and messaging between any blockchain.
Find bugs - get $100,000! 💵
HUGE. NEW. BUG BOUNTY! $1,000,000
@LooksRareNFT
has just launched their bug bounty program on Immunefi!
LooksRare NFT - Community-first NFT Marketplace
Get $1 Million Dollars... go find bugs:
#NFT
#LooksRare
#Immunefi
NEW: LARGEST BUG BOUNTY. EVER: $3,333,333
@OlympusDAO
has just launched their bug bounty program on Immunefi!
Olympus: $OHM is the decentralized reserve currency of DeFi
Find bugs. Get yourself $3,333,333 Dollars
NEW $2,000,000 Bug Bounty!
@0xPolygon
launched their Bug Bounty program on Immunefi!
Polygon: Aims to transform
#Ethereum
into a multi-chain ecosystem with secured Layer 2 chains & standalone chains.
Hunt for bugs now, and get yourself up to $2,000,000:
Curious about the secret behind
@DeGateDex
’s Boost success? Our latest case study unveils the results, and the numbers speak for themselves! Read more on our blog:
#Boost
#Immunefi
#CaseStudy
Absolute congratulations to
@bobface16
for receiving an $800,000 bug bounty via Immunefi from
@feiprotocol
for disclosing and helping fix a critical flash loan vulnerability.
This is one of the biggest bounties in DeFi history.
Read the postmortem:
Magical NEW Bug Bounty Program!
@MIM_Spell
has just launched their bug bounty program on Immunefi!
Abracadabra: a Spell Book that allows users to produce Magic Internet Money! $MIM $SPELL
Hunt bugs and get a magical $100,000:
We've just raised our Series A.
So far, we've paid out $60 million in bounties to some of the world's best hackers and saved $25 billion from being hacked in web3.
Expect many more big things from us in the future.
Let's secure web3 together.
It's finally here.
The ___ Files interview series on Immunefi continues today with special guest
@transmissions11
, who graciously skipped out of his high school geography class to answer our penetrating questions.
Enjoy.
Immunefi is the leading bug bounty platform for DeFi with the world's largest bounties.
We have $72 million in rewards available.
We've paid out more than $10m in big bounties.
We've saved over $20b in user funds.
Follow us to keep updated on bounties and security in DeFi.
This is the largest bounty we've ever paid out and the largest in DeFi, which effectively means the largest in the world.
Grats to
@bobface16
for winning the $1,050,000 bounty for a vuln in
@BELT_Finance
!!
Thanks to
@BinanceChain
for matching funds!
Immunefi is proud to present the Web3 Security Library, which aims to be the go-to resource for Web3 security.
You can access the repository here:
Keep an eye on the repository as we will regularly update it with new resources 📚
NEW MEGA LAUNCH 🔥
@LayerZero_Labs
has launched a $15 MILLION BUG BOUNTY program on Immunefi!
This is the world’s largest bug bounty! 🚀
All details can be found on the BBP page:
It’s time to find those bugs and become a millionaire! 💰
The
@THORChain
community has been waiting in anticipation for this, so here it is!
@THORChain
is launching on Immunefi with a $500,000 critical bug bounty.
Spread the word.
More details below.
NEW Bug Bounty!
@harmonyprotocol
has just launched their Bounty Program.
Harmony: your open platform for assets, collectibles, identity, governance.
Find bugs, get paid $100,000:
#web3
#DeFi
#harmonyprotocol
NEW Bug Bounty Launch is LIVE!
@kadena_io
just launched their bug bounty program on Immunefi!
Kadena: The only layer 1 PoW blockchain that scales. $KDA
Hunt bugs and get a $50,000 bounty:
#DeFi
#Web3
#Immunefi
Wormhole: $10,000,000 NEW Bug Bounty!
@wormholecrypto
new bug bounty on Immunefi!
Wormhole: Interoperability protocol powering transfer of value & information across 7 chains w/ one integration
Find bugs & get $10,000,000:
#DeFi
#Wormhole
#Immunefi
THE U UP INTERVIEW SERIES featuring
@samczsun
as our first and very gracious guest is now LIVE.
We discuss: deep philosophy, like the phenomenology of bug hunting, and the secret behind his identity.
As a public service, we facilitated a whitehat disclosure to patch a vuln in
@PancakeSwap
's lottery contract.
Now, they're joining us with a $1,000,000 bug bounty. Amazing.
Check out the bug bounty here, and we'll post the postmortem analysis below.
Whitehat
@PwningEth
found a critical vuln in
@MoonbeamNetwork
and reported it via Immunefi on May 27. Bug fixed, no user funds lost.
He received $1,000,050 for his responsible disclosure.
Read more below:
Yesterday, a whitehat just got paid $100k for a critical.
Within the same 24 hours, another whitehat also earned $100k on a different crit.
Impressive!
No time to waste. Start today.
Absolutely epic intro guide to learning blockchain/smart contract hacking from
@morphean_sec
.
Fantastic read. If you were on a desert island with one 'start here' guide, this is what you'd read.
New bug bounty live!
Aleph Zero has launched their bug bounty on Immunefi 💪
@Aleph__Zero
A peer-reviewed public
#blockchain
platform with private smart contracts ready for
#DeFi
revolution
Find those bugs 🔍 - get yourself a nice $50,000:
#immunefi
We're running a contest to celebrate
@BadgerDAO
coming on Immunefi with a $500k bug bounty, the biggest in crypto to set a new standard.
Retweet, like, follow us, and we'll pick someone at random in 48 hours to receive crypto NFT art valued at $260 USD.
New launch live!
The Sandbox has launched their bounty on Immunefi 💪
@TheSandboxGame
is a virtual gaming world where players can build, own, and monetize their gaming experiences.
Find those bugs 🔍 - get yourself a sweet $200,000:
#immunefi
Today, we want to share with you couple repos that will help you master blockchain pentesting and smart contract dev.
- Contains a huge amount of information, updated regularly
- All known blockchain incidents, updated regularly
It’s time for a
#whitehatsuccess
story.
Meet GothicShanon. He currently holds the
#5
position on the Immunefi leaderboard, and has made more than $2.8 million from bug-hunting.
Here’s his story. 👇(1/20)
Whitehat pwning.eth reported a critical vuln in
@auroraisnear
via Immunefi. No funds were lost, and Aurora quickly patched.
For his incredible work, pwning.eth received a $6,000,000 payout, the second largest bounty on record.
Read more below:
New bounty live!
Algorand has launched their bug bounty on Immunefi 💪
@Algorand
is unleashing scalability, fusing TradFi x DeFi, and accelerating global sustainability.
Find those bugs 🔍 - get yourself a sweet $2,000,000:
#immunefi
#algorand
🚨🚨🚨
We’ve got a big new product for projects coming that changes the bug bounty game.
But no details just yet.
The FULL REVEAL and launch is coming live on our Twitter Space, Sept 26 at 10am east coast US time.
Be there.
HALF a MILLION DOLLAR BUNNY BUG BOUNTY launched!
@PancakeBunnyFin
is now LIVE with their Immunefi Bug Bounty program…
Bug out, find bugs and get yourself $500,000 in bug bounties
#BinanceSmartChain
#BSC
#DeFi
We're right on the edge of 30,000 followers (we don't buy them).
If you've enjoyed our work, give us a RT and a follow:))
-$62m paid to whitehats
-$25b in your funds saved
Today's
#immunefischool
guest is JiuZhou's classification of bugs in
@solidity_lang
smart contracts: 49 typical bugs in 9 categories with descriptions and examples of vulnerable code 😳
New launch live!
@Aleph__Zero
is an enterprise-ready, high-performance blockchain platform with a novel, Directed Acyclic Graph (DAG)-based consensus protocol that has been peer-reviewed and presented at an ACM conference.
Find bugs - get $50,000!
Writing a smart contract PoC to prove a bug is real can be one of the most challenging parts of bug hunting.
That's why we've created an entire repository of PoC templates that you can use like lego blocks to build your own PoCs.
Happy hunting!
Important note: submitting AI-generated reports on Immunefi will result in a ban.
It's fine to use ChatGPT and other services for research, but the outputs are never valid bug reports, and so it amounts to a spam submission.
Today, Immunefi is announcing a partnership with Avalanche (
@avalancheavax
)!
Immunefi is here to protect DeFi projects on *all* blockchains.
Avalanche developers can now host bug bounties on Immunefi, and our whitehat hacker community will dig for bugs.
HEY it’s a BEEFY new bug bounty launch!
@moonpotdotcom
has just launched their bug bounty program on Immunefi!
Moonpot: Earn interest, win crypto prizes on
#BSC
& always keep your deposit. Powered by
@beefyfinance
Find bugs and win bounties of $50,000
New Bug Bounty!
Position Exchange has just launched their bug bounty program on Immunefi!
@PositionEx
- On-chain Derivatives Trading, Farms, Pools, Bonds, NFTs and more on
@BinanceChain
Find those bugs 🔍 - get a cool $100,000:
#immunefi
#defi
#ImmunefiSecurityAlert
1/ Yesterday, the
@BonqDAO
protocol suffered a major blow as an attacker successfully executed an oracle manipulation attack, stealing a staggering $120 million in funds.
Let's break the hack down in human-readable format.
👇
The Immunefi Vaults System v1 is now live.
Projects who want to boost trust with whitehats to get more high-quality bug reports can now deposit assets into their own secure, sovereign vault.
Signing up for a vault is free, easy, and quick.
Let's go.
1/ It’s
#whitehatsuccess
story time.
Web3 security is a new field with endless opportunities to make it big and change your life.
We’re going to post stories of whitehats who have achieved success through Immunefi to inspire and motivate you.
Let’s start with
@omikomikomik
...
Today, we're releasing a fantastic resource written by
@unsafe_call
on the top 10 most common vulnerabilities that we see on Immunefi and out there in the wild.
This is absolutely essential reading for new and old whitehats alike.
We’re proud to release the Immunefi Whitehat Leaderboard showing the top 20 whitehats in web3!
Whitehats who earn their spot through genius and hard work are eligible for further rewards, exclusive merch, paid trips, speaking opportunities, and more.
HUGE increase in bug bounty payout!
@BalancedDAO
has increased their bug bounty to $200,000!
Balanced: a DeFi platform on
#ICON
. Stake
#ICX
, borrow assets, swap them, and supply liquidity.
Find Bugs. Get yourself $200,000:
FIVE MILLION DOLLAR Bug Bounty!
@GMX_IO
just updated their bug bounty program on Immunefi!
GMX: Decentralised Perpetual Exchange. Trade BTC, ETH & more with up to 30x leverage & lowered liquidation risks.
Hunt bugs - GMX bounty increased to $5,000,000
Big news today...
@PwningEth
just received his THIRD Whitehat Hall of Fame card for his crit report in Moonbeam / Astar / Acala, which saved $200m in funds and earned him a $1m payout.
He can't keep getting away with it...
Read more here:
Shadowy super coder lofi is now live.
brought to you by
@0xjonah1
and
@0xstormborn
Check out the Easter eggs of your favorite personalities, hackers, projects, and books
See below for the full YT vid. Like and RT!
👇
New Bug Bounty! 💫✨
@StellarOrg
is a layer-1 open-source, decentralized, peer-to-peer blockchain network that provides a framework for developers to create applications, issue assets, and connect to existing financial rails.
Find bugs - get $250,000!
New Bug Bounty!
@avax
is a decentralized, open-source proof of stake blockchain with smart contract functionality.
Fantastic to have them on the platform!
Find bugs - get $100,000!
Balancer bugfix review is live!
Whitehat
@Shanon40439853
received $1m USDC for his critical bug find back in August, which Balancer publicized in September.
Read to find out more! Kudos to all!
New Bug Bounty!
@reserveprotocol
is the first platform that allows for the permissionless creation of asset-backed, yield-bearing & overcollateralized stablecoins on Ethereum.
Find bugs - get $5,000,000!
Yesterday, we shared with you a list of games and challenges to learn sc security and we have something to add to it for
#immunefischool
- three great links👀 Explore each, it's your homework for today 🙂
To help you secure their $1B TVL (and earn that $200k Crit, $50k High, $2k Medium, $1k Low)
@puffer_finance
is giving a technical walkthrough on launch day.
📅 The call starts Thursday Feb 22nd, 3pm UTC+0
Sign up:
Immunefi is the leading bug bounty platform for web3 with the world's largest bounties.
We have $154 million in rewards available.
We've paid out more than $80m in bug bounties.
We've saved over $25b in user funds.
Follow us to keep updated on bounties and security in web3.
1/ It’s time for another
#whitehatsuccess
story.
Meet
@cergyk1337
, a 32-year-old whitehat from France.
Last April, he showed up on
@immunefi
with just a baguette under his arm. Today, he’s pulling in multiple crits, over six figures, and is ranked 53rd on the Leaderboard.
👇
We just published the postmortem of the
@feiprotocol
vulnerability that you've all heard of by now, which was discovered and submitted by the talented whitehat
@0xRevert
.
You'll want to read it.
A bunch of users on our platform go from knowing NOTHING about Solidity to making tens of thousands and even hundreds of thousands of dollars within 3-6 months.
It's actually remarkable and amazing.
That can be you.
New critical vuln fixed and patched via Immunefi.
Whitehat scores $150,000.
Nice.
"The fix was deployed in about 6 hours, and I got paid bounty the next day."
MakerDAO & Immunefi Security Core Unit launch LARGEST Bug Bounty for DeFi!
@ImmunefiSecCU
: Security Core unit for
@MakerDAO
, who launches their $10M bug bounty program on Immunefi!
Immunefi (
@immunefi
): leading bug bounty platform for blockchain.
Immunefi is the first bug bounty platform focused on smart contracts. We're launching with $4.7 million in rewards available.
Review code. Prevent hacks. Build rep. Get paid.
Follow us and sign up to get informed when new crypto bug bounties go live.
The Multichain bug explained.
We even show how to write a Proof of Concept for the bug. Very rare knowledge!
All aspiring Web3 security researchers should watch as part of your
#immunefischool
lesson for the day.
New Bug Bounty! ⚡️
@CoreumOfficial
's Superledger represents an architectural solution for enterprises aimed at resolving the prevailing limitations of existing blockchains.
Help Secure the Network - Get up to $25,000 ($500k as a Hard cap)!
New bug bounty live!
Astar Network has launched their bug bounty on Immunefi 💪
@AstarNetwork
is the Smart Contract Hub for WASM + EVM and the top Parachain on
@polkadot
in Total Value Locked + Most Ethereum Assets
Find those bugs 🔍 - get $1,000,000:
Big announcement today!
We're onboarding
@SushiSwap
with a $1,000,000 critical bug bounty.
The Sushi team are pros who care about security and responsibility, and a bug bounty is an important step in that direction.
To our Hunters, get hacking!
NEW Bug Bounty!
WOOFi has just launched their Bug Bounty on Immunefi!
@WOOnetwork
- Bringing best-in-class liquidity throughout DeFi and CeFi. Bring on the zero-fee revolution.
Find those critical vulnerabilities, get paid $100,000:
#defi
#immunefi
On June 16, an anonymous whitehat submitted a critical vulnerability to
@auroraisnear
via Immunefi.
Aurora patched the vuln, no funds lost, and the whitehat got a $1m payout.
Thanks to Michal of
@HalbornSecurity
for the writeup!
Read more to learn.
Whitehat
@0xCrumbs
has achieved ELITE status on Immunefi... with just one-massive-$100k report!
As a smart contract developer at
@GainsNetwork_io
, he still finds time to sharpen his security skills with bug hunting.
Congrats and see you at the next milestone! 👾✨
We're extremely excited to announce that Yearn Finance (
@iearnfinance
) is joining Immunefi with a bug bounty program.
A critical bug is $200,000.
@iearnfinance
is a project that takes security extremely seriously, and it's great to have them with us.
#ImmunefiSecurityAlert
1/ On July 11, an exploit on
@Rodeo_Finance
resulted in a loss of ~472 ETH, valued at roughly ~$890,000.
This was caused by what’s known as an oracle manipulation attack.
Let’s break this hack down in a human-readable format
👇
Announcing:
@PantherSwap
just launched their Bug Bounty Program on
@immunefi
!
PantherSwap gets it: Security is the real deal for them via offering Immunefi bug bounties.
You can give your own hacking skills a workout - and grab some $$$ doing it:
On March 29, whitehat nojob reported a critical vuln in
@port_finance
on Solana. Bug was quickly fixed, and no user funds lost!
Whitehat got a $630,000 payout. NICEEEEEE.
And a big thanks to
@HalbornSecurity
for writing this bugfix review!
New bugfix review is in today!
An anonymous whitehat found a critical bug in
@auroraisnear
on June 10 and got a $1 million payout.
Thanks to Mustafa of
@HalbornSecurity
for writing this bugfix review! Check them out.
Read below to find out more.