Immunefi Reports Over $100 Million Paid to Ethical Hackers in 3 Years

Immunefi, the leading onchain, crowdsourced security platform, has paid over $100 million in bug bounty rewards to security researchers in just over three years.

Immunefi protects over $190 billion in user funds for established projects like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix, Polygon, Optimism,, and more. Immunefi has paid out the most significant bug bounties in the software industry while saving over $25 billion in user funds. Currently, it offers over $163 million in bounty rewards. With Immunefi’s researchers, 80% of projects find vulnerabilities missed by code audits. 

“We work tirelessly to safeguard the onchain ecosystem, and this achievement is a testament to the effectiveness of our bug bounty programs and the dedication of our community of researchers,” said Mitchell Amador, Founder and CEO of Immunefi. “Their work is essential in preventing substantial financial losses in web3, and we will continue to innovate and support them in safeguarding the next generation of projects and users.”

Bug Bounty Rewards Distribution 

Immunefi classifies bugs on a simplified four-level scale from Critical, High, Medium, and Low across Smart Contracts, Blockchain/DLT, and Websites and Applications bug report submissions. 

Paid reports by type 

Smart Contracts take the lead with a total of $77,973,118, accounting for 77.5% of all bounties paid out. 

Blockchain follows with $18,756,806.72, accounting for 18.6%. 

Web and App with $3,849,014.79, representing 3.8%.

Paid reports by severity

Critical vulnerabilities take the lead with a total of $88,344,273, accounting for 87.8% of all bounties paid out. 

High severity follows with $7,446,570, representing 7.4%.

Medium severity with $3,243,734, representing 3.2%. 

Low severity with $997,621.49, representing 1% 

Informational with $566,289.23, representing 0.6%

Reshaping the Bug-hunting Experience

Immunefi was the first to introduce a scaling incentive for hackers, meaning rewards grow accordingly with the severity of an exploit and the volume of funds at risk. Immunefi has paved the way for a dramatic repricing of bug bounties in web3, where they have quickly become the largest in the entire software industry. Incentives to exploit projects in web3 are significantly greater than in web2 due to the amount of capital locked in smart contracts. Web3 is a far more adversarial environment where vulnerabilities in code can result in a direct loss of this capital. The ecosystem lost over $1.8 billion in 2023, and has lost $778 million in 2024 YTD. An effective and reliable incentivization system for hackers in web3 is crucial. 

Thanks to its bug bounty scaling standard, Immunefi has built the largest community of security talent in the crypto space, with over 45,000 researchers operating. Immunefi’s ethical hackers and security researchers have earned as much as $10 million for a single vulnerability program reward. 

Beyond Bug Bounty Programs 

In addition to bug bounty programs, Immunefi provides consultations, bug triaging, and program management services to blockchain and smart contract projects. Immunefi recently launched Boosts, a time-bound code review program ensuring top-tier engagement from elite security researchers. With Boosts, vulnerability reports are surfaced in real-time as a program runs, unlike traditional audits, where a project would need to wait until an audit is concluded to assess any potential vulnerabilities. Furthermore, it offers Invite-only programs powered by Immunefi’s proprietary data-driven, security talent matching system that leverages over 30,000 reports, thousands of vulnerabilities, and hundreds of programs to curate the best security researchers for a project’s specific program.

About Immunefi

Immunefi is the largest onchain crowdsourced security platform. Immunefi guards over $190 billion in user funds across projects like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix, Polygon, Optimism, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $100 million, and has pioneered the scaling web3 bug bounties standard. For more information, please visit https://immunefi.com

Alpha Sigma Fund