MakerDAO has announced that it will begin offering a maximum of $10 million bounty to white hat hackers and cybersecurity specialists who point out legitimate security threats in its smart contracts.
Maker’s (MAKER) plan to front-run attacks on its smart contracts is the largest ever on the bug bounty platform Immunefi. In fact if someone claimed the lot, it would equal the total amount of $10 million that Immunefi has paid out to date from active and inactive events. Its website claims the bugs found have averted up to $20 billion in damages from hacks.
Whitehat hackers stand to gain payouts ranging from $1,000 for low-level vulnerabilities thought to a maximum of $10 million for critical issues found in Maker’s smart contracts and apps. The payouts will be made in DAI stablecoins. The next largest bug bounty on Immunefi is a $3.3 million bounty from Olympus DAO.
MakerDAO is the community that governs how DAI is collateralized and spent from Maker’s treasury. DAI is currently the fifth largest stablecoin with a $9.7 billion market cap according to CoinGecko.
The Maker Foundation had previously controlled aspects of governance on Maker before its CEO and founder Rune Christensen announced the dissolution of the foundation in July 2021, making the DAO “fully self-sufficient”.
Immunefi co-founder Travin Keith said in a Feb. 11 statement,
“We’re glad to announce one of the key pillars of our mandate, which is to launch and maintain a bug bounty program that will help MakerDAO ensure its safety.”
This new bug bounty comes at a time when smart contract exploits appear to be on the increase with hundreds of millions of dollars in losses over the past two weeks alone. Yesterday, hackers withdrew over $10 million from Dego Finance through a smart contract exploit.
Related: ImmuneFi report $10B in DeFi hacks and losses across 2021
On Feb. 7, token bridge Meter.io’s smart contracts were hacked, causing $4.4 million in losses. On Feb. 2, the Wormhole token bridge’s smart contracts on Solana (SOL) were exploited to the tune of $321 million, which is the largest single loss in a hack so far this year.