Cointime

Download App
iOS & Android

Crypto Bug Bounty Hunting: An Overview Since 2020

Cointime Official

By Harvesto Orlando

Crypto used to be all about trading and hodling alt and shitcoins in the hopes of mooning. However, a growing number of people are making money off crypto — not in the usual way of HODLing or day trading — but through “bounties” hosted by crypto platforms. One such bounty is bug hunting, which has become quite popular recently with the rise of DeFi and the DeFi hacks ensued.

According to Cointelegraph, “the hacks have skyrocketed demand for blockchain security experts, with some auditors making upwards of $430,000 annually.” Fortunately for auditors and security experts in developing countries, crypto bounty hunting is becoming a highway out of poverty and mediocrity.

But then, how did it all start? How did the industry make this transition in just two years? The story can be traced back to 2017/2018, when Bounty0x, Gitcoin, and other bounty hosting platforms allowed bounty hosts to post bounties paid out in any cryptocurrency, such as Ethereum, stablecoins, or other tokens.

These bounties ranged from spotting vulnerabilities in general code to marketing services such as writing content and tweets. However, the focus started shifting with the emerging popularity of the Ethereum blockchain and its smart contracts. Soon projects started building on Ethereum, and there was an influx of dapps into the market.

This breakneck development soon led to complications — developers built the dapps with Ethereum code, which could be hacked or exploited. So began an infamous chain of dapp and smart contract attacks, all in a bid to drain their funds. We all are familiar with the DeFi summer of 2020. That year, nearly $100 million was lost due to bugs, exploits, and hacks. The protocols recovered some losses, but the hacks affected the industry’s outlook.

Projects like YAM, Soft yearn, bZx, Harvest, and Akropolis suffered losses in hundreds of thousands and millions. Some of these hacks were orchestrated by hackers who wanted to prove a point — that the protocols’ code base or security was insecure and they could get away with the hacks.

Enter Immunefi in December 2020.

The idea was to incentivize white hackers to safeguard protocols by finding and reporting exploitable bugs in the ecosystem. The idea quickly caught fire; Immunefi secured partnerships with scores of protocols, gained the DeFi community’s trust and onboarded many white hackers.

By the fall of 2021, Immunefi was reportedly responsible for protecting more than $50 billion in protocol assets from projects such as Synthetix, Chainlink, SushiSwap, and PancakeSwap. In addition, the OG bug bounty platform had paid more than $7.5m in bug bounties.

One of the most popular bugs found was on the Polygon network and was reported to have been at risk of $850 million being exploited. The bug was found by an Immunefi hacker, Gerhard Wagner, who promptly reported it and received a $2 million payout.

According to research undertaken by Immunefi, DeFi-related hacks and exploits have cost the sector over $10.2 billion. 2022 has had its fair share of hacks, from the Axis Ronin Bridge hack of about $600m to the Solana hack to the recent $160m Wintermute exploit.

These hacks all mean that the DeFi, crypto space still needs to be safeguarded. Immunefi has acted promptly by raising $24,000,000 to boost its security capabilities, a giant leap from its $5m 2021 raise. Immunefi claims to have paid over $60 million in total bounties since its December 2020 debut.

The platform also supports over 300 DeFi and crypto projects, including Big Names, Chain link, MakerDAO, and Compound while protecting $100 billion in assets. Note that there are other bug bounty platforms like Hackenproof and bugbounter, but Immunefi stands above them.

Comments

All Comments

Recommended for you

  • AI data collection startup Sapien raises $10.5 million in seed funding

    AI data collection startup Sapien has completed a $10.5 million seed round of funding, led by Variant, with participation from Primitive Ventures, Animoca, Yield Game Guild, and HF0. Sapien's team is led by former co-founder of Coinbase Layer2 network Base, Rowan Stone, and founder of Polymath and author of RWA standard ERC1400, Trevor Koverko. Sapien rewards data providers using USDC stablecoins or a reward points system.

  • Privacy-Focused Blockchain Project Nillion Raises $25M in Funding Round Led by Hack VC

    Privacy-focused blockchain project Nillion has secured $25 million in a funding round led by Hack VC, with participation from Arbitrum, Worldcoin, and Sei. Nillion aims to attract projects at the intersection of blockchain and AI, where secure sharing and storage of large amounts of data are crucial. The company's service is built around the concept of "blind computing," which enables the processing of data without revealing its contents. Nillion's partners include blockchain networks NEAR, Aptos, Arbitrum, and Ritual, among others.

  • BTC falls below $72,000

    the market shows BTC has fallen below $72,000, currently trading at $71,959.7 with a 24-hour increase of 0.69%. The market is volatile, please be prepared for risk control.

  • Spot gold reaches $2,780 for the first time

    spot gold rose and touched $2,780 per ounce, reaching a new historical high, with a cumulative increase of nearly $150 in October. 

  • GRASS briefly broke through $1.1

     GRASS has broken through 1.1 US dollars in a short period of time and is currently trading at 1.0512 US dollars, with a 24-hour increase of over 60%. The market is volatile, so please be prepared for risk control.

  • Bitcoin re-staking protocol PumpBTC completes 10 million seed round financing

    PumpBTC, a Bitcoin liquidity collateral platform, announced the completion of a $10 million seed round of financing, led by SevenX Ventures and Mirana Ventures, with participation from UTXO, Mantle Ecosystem Fund, and other institutions, and attracted many industry partners such as Quantstamp and Veda.

  • BTC breaks through $71,000

    the market shows BTC has broken through $71,000, currently trading at $71,002.01 with a 24-hour increase of 3.62%. The market is highly volatile, please exercise caution in risk control.

  • SlowMist: The theft of 1.67 million EIGEN tokens originated from an external malicious attack

    SlowMist announced in a post that it was commissioned to investigate independently the recent theft of 1.67 million EIGEN tokens. After a thorough investigation, SlowMist concluded that the incident was caused by an external malicious attack: an investor of Eigen Labs became a victim of a phishing attack, which led to the intrusion of an employee's email account. This allowed the attacker to access the email thread between the investor, Eigen Labs, and the custodian, where they discussed transferring EIGEN tokens to the custodian, who would hold the tokens on behalf of the investor.

  • BTC breaks through $71,500

    the market shows that BTC has broken through $71,500 and is now reported at $71,526.32, with a 24-hour increase of 5.61%. The market is volatile, please be prepared for risk control.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.