- Immunefi has given more than $65 million to white hat hackers in 2022
- Smart contract bugs accounted for a majority of payouts
Since its establishment in 2020, Immunefi, a prominent site for bug bounties in the cryptocurrency sector, distributed $65 million to white hat hackers.
These “ethical hackers” look for weaknesses in blockchain and smart contract projects and are compensated for reporting them to Immunefi. This aids in protecting users’ assets and deters criminals from stealing money.
With 728 submissions, 58.3% of the paid reports were for smart contract vulnerabilities, according to Immunefi. Websites and applications cases received 488 submissions, accounting for 39.1% of the total, and Distributed Ledger Technology/Blockchain cases received 32 submissions or 2.6%.
Smart contracts and their bugs…
The second-highest number of submissions came from websites and applications. However, they only received 2.9% of the awards; instead, smart contract bugs received 89.6% of the money.
More bounties have been awarded to some projects than others. In 2021, bounty programs from Aurora, Wormhole, Optimism, Polygon, and an unknown company offered $30.2 million in payouts. The average payout stood to be $52,800 and a median payout of $2,000 per program.
Due to the rise in crypto breaches that cost over $3 billion in assets, Immunefi enabled over $52 million in rewards to white hat hackers in 2022.
The Wormhole decentralized communications protocol vulnerability received a $10 million payout for the year’s top bounty. Furthermore, a $6 million reward was granted for a flaw in the Aurora Ethereum-compatible layer-two scaling solution. Both of these were the subject of bug bounties.
Due to the substantial sums of money stored in smart contracts, Web3 bug bounties are typically higher than those for Web2. The site explained,
As Immunefi explains, “A $5,000 bounty payout for a critical vulnerability may work in the web2 world, but it does not work in the web3 world. If the direct loss of funds for a web3 vulnerability could be up to $50 million, then it makes sense to offer a much larger bounty size to incentivize good behavior.”
It’s interesting to note that the total value of the Wormhole bounty exceeds the $8.7 million awarded by Google’s Vulnerability Reward Programs in the previous calendar year.
Bear Market- A help for the Hackers
With billions of dollars taken from the crypto protocols, hackers profited greatly from the bear market. Hackers made nearly $3 billion this year as per data from DefiLlama. Finally, they made use of the DeFi protocol to steal almost $718 million in October, making it the biggest month of the biggest year for cryptocurrency hacking activity.
This year, white-hat hackers significantly contributed to the effort to safeguard customer funds. Cybercriminals known as “black-hat” hackers have the potential to take advantage of smart contracts’ flaws and steal consumers’ money. To gain access to victims’ money, they employ several strategies, such as phishing attempts.
Additionally, the Crypto Drainers contract is a strategy that has recently made headlines. They are phishing pages that pretend to be the websites of well-known projects and are used by con artists to steal digital assets. They use deception to get their victims to link their wallets to the minting website, after which they take their digital assets.