ImmuneFi Launches Whitehat Leaderboard to Incentivize Web3 Hackers

ImmuneFi, one of the most notable Web3 bug bounty protocols has announced the launch of a new Leaderboard feature for ethical hackers in Web3. 


As announced by the outfit, the Leaderboard will pull 20 of the most versatile Whitehat hackers in the Web3 ecosystem and rank them in order of the critical bugs they report through the ImmuneFi platform.

“We’re proud to release the Immunefi Whitehat Leaderboard showing the top 20 whitehats in web3!” ImmuneFi shared the announcement via its Twitter page 

Bug bounties have become a thing in the web3 ecosystem as protocols incentivize experienced hackers to help scour through their codes to see if there are vulnerabilities therein. As the industry evolved, ImmuneFi emerged, helping to organize Whitehat events in a way that was easy for both the protocols and the participants.

Whitehats are typically rewarded for their participation, and with this new feature, ImmuneFi said it will be giving the top hackers additional benefits.

“Whitehats who earn their spot through genius and hard work are eligible for further rewards, exclusive merch, paid trips, speaking opportunities, and more,” ImmuneFi affirmed.

ImmuneFi said the ranking for whitehats who submit bug reports through its platform will be based on three crucial factors including, the number of paid reports, the severity of paid reports, and total earnings. 

While the new leaderboard feature may not be an extra motivation for Whitehats to intensify their activities in the space, it certainly creates room for respect amongst the most elite of solution providers to hacking problems in the industry.

The appreciation of Whitehats cannot be overemphasized, a move that was recently underscored by the ApeCoin DAO. The ApeCoin DAO recently passed a vote that will see 1 million APE tokens set aside as bug bounty on ImmuneFi to incentivize whitehats to pour through its forthcoming staking protocol in a bid to see if there is a weak leak that might cause fund drain in the near future.

Image source: Shutterstock


Tagged : / / / /

ApeCoin DAO Signs Off on a $4.4M Bug Bounty

ApeCoin DAO, the Decentralized Autonomous Organization that is in charge of overseeing the development of APE, the native token of the Bored Ape Yacht Club (BAYC) ecosystem, has approved the allocation of $4.4 million to conduct a bug bounty program on ImmuneFi.


According to the snapshot of the votes cast which ended today, as many as 3.9 million APE tokens were cast in favor of the proposal, dubbed AIP-134.

The votes in favor ended at 57.92% as compared to 42.08% for those who committed 2.9 million APE against the proposal. 

The essence of the bug bounty is to carve out an extra security layer for the much anticipated ApeCoin staking service that is billed to go live in December. The ApeCoin DAO wants experienced hackers to help search out the loopholes or any porous avenues in the staking smart contract that may cause headaches later on.

The bounty, now that it has been approved can be launched on ImmuneFi with the 1 million APE tokens earmarked for the bounty set to be drafted from the protocol’s treasury.

“As we near the launch of the ApeCoin staking system outlined in AIP-21 and AIP-22, we propose taking additional measures to ensure the DAO is following smart contract security best practices. This proposal uses treasury assets to fund a 1 million $APE bug bounty program with Immunefi, and partners with Llama to help design, implement, and run operations of these initiatives,” a snapshot from the proposal reads.

The DeFi ecosystem has not been spared from the wranglings and inconveniences caused by hackers this year. That there is a security loophole in most emerging smart contracts is not a question up for debate, whether founding teams have the right model to prevent exploitation remains a major bone of contention.

As one of the most prestigious NFT collections, Bored Ape users have been a major target of cybercriminals, and hopefully, the bug bounty will help tighten all loose ends ahead of the launch of the staking product.

Image source: Shutterstock


Tagged : / / / / /

Wormhole DeFi Bridge Rewards $10m Bug Bounty

WormHole, a Decentralized Finance (DeFi) bridge protocol, has paid out $10 million in Whitehat bounty. (18).jpg

As announced by ImmuneFi, the platform that helped organize the bounty program, the cash reward was paid out to a programmer known as satya0x as he was able to identify a bug that would have or resulting in the exploitation of the Wormhole Bridge.

“A whitehat who goes by the pseudonym satya0x responsibly disclosed a critical bug in the Wormhole core bridge contract on Ethereum. This bug was an upgradeable proxy implementation self-destruct bug that helped prevent a potential lockup of user funds,” ImmuneFi said in its update about the entire event.

DeFi protocols have been at the mercy of hackers recently, and Wormhole as a bridge has suffered a massive exploit that led to the loss of over $320 million. 

Besides Wormhole, the Ronin Bridge, solely used by the Axie Infinity protocol, has also been exploited by what is suspected to be a group of North Korea-backed Lazarus Group. The Ronin hack drew $625 million away from the protocol, a sum that has notably impacted the bridge’s operations.

In a bid to wade off these attacks, the first required caution is to eliminate any inherent bugs that can be a gateway for cybercriminals. While bugs are notably ubiquitous and difficult to detect, the bug bounty organized by ImmuneFi on behalf of Wormhole has notably achieved its goal. 

Immunefi said no funds were lost before the bug was flagged, verified, and fixed. The stakeholders involved believe related bug bounties of this nature with the whitehat community could help prevent many more attacks on DeFi protocols across the board.

“Wormhole paid satya0x a record bug bounty of $10 million for the find. It’s one thing to create a program with a really high top payout, but Wormhole has proven that they are very serious about paying top-dollar to help mitigate security issues in partnership with the whitehat community,” the ImmuneFi statement reads.

Image source: Shutterstock


Tagged : / / / /

MakerDAO launches biggest ever bug bounty with $10M reward

MakerDAO has announced that it will begin offering a maximum of $10 million bounty to white hat hackers and cybersecurity specialists who point out legitimate security threats in its smart contracts.

Maker’s (MAKER) plan to front-run attacks on its smart contracts is the largest ever on the bug bounty platform Immunefi. In fact if someone claimed the lot, it would equal the total amount of $10 million that Immunefi has paid out to date from active and inactive events. Its website claims the bugs found have averted up to $20 billion in damages from hacks.

Whitehat hackers stand to gain payouts ranging from $1,000 for low-level vulnerabilities thought to a maximum of $10 million for critical issues found in Maker’s smart contracts and apps. The payouts will be made in DAI stablecoins. The next largest bug bounty on Immunefi is a $3.3 million bounty from Olympus DAO.

MakerDAO is the community that governs how DAI is collateralized and spent from Maker’s treasury. DAI is currently the fifth largest stablecoin with a $9.7 billion market cap according to CoinGecko.

The Maker Foundation had previously controlled aspects of governance on Maker before its CEO and founder Rune Christensen announced the dissolution of the foundation in July 2021, making the DAO “fully self-sufficient”.

Immunefi co-founder Travin Keith said in a Feb. 11 statement,

“We’re glad to announce one of the key pillars of our mandate, which is to launch and maintain a bug bounty program that will help MakerDAO ensure its safety.”

This new bug bounty comes at a time when smart contract exploits appear to be on the increase with hundreds of millions of dollars in losses over the past two weeks alone. Yesterday, hackers withdrew over $10 million from Dego Finance through a smart contract exploit.

Related: ImmuneFi report $10B in DeFi hacks and losses across 2021

On Feb. 7, token bridge’s smart contracts were hacked, causing $4.4 million in losses. On Feb. 2, the Wormhole token bridge’s smart contracts on Solana (SOL) were exploited to the tune of $321 million, which is the largest single loss in a hack so far this year.