Published in


Nexus Mutual Community Renews Bounty Matching Program With $600k War Chest

The Nexus Mutual community has just voted to continue its bug bounty matching program with Immunefi and increase the size of the war chest available for whitehats to $600k.

Nexus Mutual, a decentralized insurance alternative, first began a trial bug bounty matching program by allocating $200k as a matching payment for any critical bugs responsibly disclosed via Immunefi on projects listed in the Nexus Mutual dApp.

That trial program was a resounding success. A whitehat reported a critical vulnerability in Yearn Finance and received $200,000 from Yearn and $200,000 from Nexus, resulting in a total payout of $400,000. At a time when hacks are threatening the ecosystem and the amount of funds available for exploiting is soaring, the more that hackers are incentivized to responsibly disclose vulnerabilities, the fewer the hacks that we will see.

The renewal and expansion of the program benefits Nexus Mutual, DeFi users, and the whitehat community at large. With more funds available, aspiring hackers can invest time and energy into advancing their skills, so that they, too, can claim outsized rewards for ethical behavior.

The details of the program and eligibility are straightforward.

First, a project has to have an active bug bounty program on Immunefi.

Second, the bug bounty matching program only applies to vulnerabilities rated as critical.

The maximum amount of funds available for matching is $600k. Projects with more than $8m in active cover on Nexus Mutual are eligible for matching up to $600k. Projects that have cover between $2m-$8m are capped at $200k per matching payout.

According to the Snapshot proposal, the matching ratio will adjust to $1 matching payment for every $2 on the critical bug bounty, which will incentivize projects to increase the size of their bug bounties and motivate them to take security seriously.

Matching bug bounty payouts deliver cost effective value to members when the matching payout is less than potential claim payouts on a certain percentage of a project’s active cover amount.

We applaud the Nexus Mutual community for making a smart decision that aligns incentives and increases the economic incentives that make DeFi safer for everyone.

About Immunefi

Immunefi is the leading bug bounty and security services platform for Web3, which features the world’s largest bounties. Immunefi guards over $100 billion in users’ funds across projects like Nexus Mutual, Chainlink, SushiSwap, PancakeSwap, Bancor, Cream Finance, Compound, Alchemix, Synthetix, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $20 million, and has pioneered the scaling DeFi bug bounties standard.

About Nexus Mutual

Nexus Mutual is the leading provider of on-chain coverage for productive crypto assets. The mutual is a decentralized alternative to insurance that returns power back to members by allowing individuals to share risk, underwrite cover, participate in governance, and assess claims. The mutual was the first protocol to offer on-chain coverage for productive assets and the only DeFi coverage protocol to compensate users affected by loss events with more than $4.75m in claim payments. Nexus Mutual currently protects crypto assets worth $436.3m+ and is trusted by institutions and retail users alike.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.