Published in


Immunefi Is Building the Bug Bounty Protocol for Crypto


  • Immunefi is building the decentralized bug bounty protocol for crypto, especially DeFi, made to provide decentralized protection to all protocols, DAOs, and dApps.
  • Onchain interactions will be strictly voluntary; projects never have to interact with the protocol if they don’t want to, and will be able to use the protocol without the Immunefi application if they so wish.
  • The bug bounty protocol will provide a scaling incentive for hackers of all kinds to protect projects by responsibly disclosing critical vulnerabilities, simultaneously bringing transparency and fairness to bug bounties.
  • It will be governed and deployed by the security community that keeps crypto safe. You can join our Discord here to be a part of it.
  • Today, Immunefi protects the leading projects in crypto with over $20 billion in user funds, has sourced and disclosed 15+ critical vulnerabilities to projects, prevented theft of hundreds of millions in user funds, and paid out almost $2 million in bug bounties.

In just a few months, we’ve launched the largest bug bounties in the entire software industry after pioneering the scaling DeFi bug bounties standard. We’ve onboarded bluechip projects like BadgerDAO, SushiSwap, Synthetix, PancakeSwap, and more. We’re doing our part to protect over $20b in user funds. We’ve facilitated disclosure assistance as a public service for critical smart contract vulnerabilities in projects that don’t have bug bounties. We’ve run war rooms to save projects from apocalyptic vulnerabilities.

And most importantly, we’ve paid out over a million dollars in bug bounties to our hacker community.

But what exactly is Immunefi? Why was it created, and where is it going? On the surface, Immunefi is a bug bounty platform, a business that plays a middleman role between projects and whitehat hackers, facilitating the disclosure of vulnerabilities. But Immunefi is much more.

Immunefi aims to build the decentralized bug bounty protocol for DeFi and crypto, transparent to all, and a public good for the community.

Immunefi was created to give crypto, especially DeFi, a proactive immune system that protects the community against malicious exploits. It does that by creating incentives to turn blackhats into whitehats with scaling bug bounties, simultaneously incentivizing the whitehat hacker community at large to 10x their disclosure efforts.

Every crypto project, especially those in DeFi, needs a bug bounty program, because the attack surface is so vast. With DeFi, billions in user funds are locked in smart contracts, visible and accessible to all. The right metaphor is that all protocols exist on a flat plane, on a vast steppe. They are transparent, complex, open to attack by anyone, making them extremely difficult to secure. And a single mistake can put funds at risk. Bug bounty programs surface those mistakes before they’re exploited.

Scaling bug bounties create incentives to protect protocols by motivating whitehats and blackhats alike to disclose vulnerabilities instead of exploiting them by providing rewards proportionate to the value of the disclosure. Today, the only tool that can prevent a blackhat hack is a scaling bug bounty.

However, scaling bug bounties need infrastructure to ensure private and secure vulnerability disclosure, validity assessment, and fair payouts. The bug bounty protocol we’re building will be that infrastructure.

But if we’re building a decentralized protocol, why start with a webapp? We made a deliberate decision to build Immunefi as a webapp first because creating a working bug bounty system is extremely complex, and minor mistakes could harm users. YOLOing an onchain security protocol is the definition of recklessness, an irresponsible choice when potentially billions in user funds are at risk.

Building the bug bounty protocol this way lets us become intimately familiar with each and every workflow by processing thousands of bug reports of varying types and severity, so we can build the protocol right the first time. When we launch the protocol, know that we’ll have taken every precaution to launch it safely, and have every assurance that it will scale as the community requires.

The path forward is simple: as we understand each workflow, we’ll build them into the onchain bug bounty protocol. And all this will be done while keeping onchain interactions strictly voluntary; projects don’t have to interact with the protocol if they don’t want to, and they’ll also be able to use the protocol without the Immunefi interface if they so wish.

Immunefi’s mission is to protect crypto, and the protocol it births will be given to those who protect DeFi itself, so that the security community shares in the value they help protect. If we can do that, we’ll have achieved our goals of making crypto a safer place for all. Immunefi is here to protect the future of money.

This is your public invitation to join us in making this together. To support this protocol, please spread the word to the best hackers and security researchers you know, and let them know the world’s biggest bug bounties are theirs for the taking at

Also, join our Discord community to stay up to date as we build out the Immunefi bug bounty protocol. More coming soon.

We hope that you’ll be a part of this journey with us.

P.S. Hackers subscribed to our newsletter are 35.8% more likely to earn a bug bounty. Click here to sign up.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.