We cannot get enough great engineers at
@immunefi
.
I'm looking for a Senior Fullstack Developer to help me create new onchain security technology, real cutting edge stuff. If you're keen on it, apply here:
@Mudit__Gupta
@0xSifu
@BrantlyMillegan
@Cooopahtroopa
Sad that canceling is becoming a thing in Web3. Imagine how most non-Westerners see this; it must look insane that someone who made great contributions to the community is attacked because of his religion.
Researchers have asked for greater transparency in past Reports, so that's what we're giving you today. 😄
You can now filter reports by Severity Level and Report Type here:
May this improvement earn you many bounties 🫡
Tired of manually masking your Immunefi screenshots? 🥱
We hear you! That’s why we’ve made it easy to quickly hide confidential details in screenshots. 📸
So you can spread the word with peace of mind 🫶
And we encourage you to share your wins far and wide!
Immunefi Security Researchers, know that when you ask us for features, we deliver them. This one in just 3 days. 🥹
Take a look at the 'I'm feeling lucky' button on the side, and go have fun! Let program choice fatigue pass away and let luck chart your course!
Works for both
This was a great ask, and
@immunefi
leadership heard it loud and clear. Petition granted!
That's why just, one week later, we've shipped the first piece of the solution: No more false hope emails. Now hackers will only get notifications that they actually need to act on.
Ask
$171m in bounties available on
@immunefi
, that's a new record everyone.
That's more bounties available than the entirety of the non-Immunefi bug bounty world combined. Incredible stuff.
It took thousands of meetings and countless iterations to drive scaling bug bounty adoption in crypto. With 350+ programs on
@Immunefi
securing $149 billion in assets (?!), crypto is a safer place.
What comes next? An epic ANN in the next few weeks, but also open to ideas. 😄
Getting hacked costs way more than the stolen funds. Here’s what you can expect:
🚨 $16M lost
📉 A 52% crash in token value
💸 6 months of price suppression
⌛ 3 months of recovery time
And iIf you're a platform? You're likely wiped out.
Still think security is optional? 💀
The thing people don't understand about hackers, is that in addition to being phenomenal puzzle solvers, they're also artists; it's just that their art is an exploit, rather than a jpeg.
Shame more people don't realize that and admire their work.
Exciting news! 🔥
The Firedancer v0.1 Boost kicks off on July 10, with $1m in rewards up for grabs! 💰👉
@jump_firedancer
Get ready to hunt for vulnerabilities — and secure huge earnings. Don’t miss out!
New feature security friends: We've updated our audit contests to use our new program designs. This is only the beginning of the changes coming to
@immunefi
boosts.
With luck it comes as a breath of fresh air. We're all leaving free text fields behind us. 😀
An incredible achievement for
@immunefi
and the security community.
Immunefi has earned more for whitehats than all other web3 platforms put together.
And we did it faster than any bug bounty or pentesting platform, EVER!
Now we’re soaring to new heights!
📢Huge news! 📢
We’ve officially surpassed $100 million in rewards paid to whitehats! 💸
Thank you to our incredible community of researchers and our partners for your dedication and hard work. Here’s to the next $100 million — and beyond.
SRs rejoice! Bug bounty walls of text are dead 🪦
Our new Bug Bounty Program pages make it effortless to get the info you need to make your hunt a success 💸
Check out this example for
@graphprotocol
’s $2.5m BBP:
#ImmunefiBBPs
Introducing: Total Reports Paid — a new way to prioritize hunting 🏹
Want to be sure a bounty program has paid reports in the past? Now you can check: programs can opt-in to show the number of reports they've paid, so you can build more trust in your counterparty.
Pro tip: Use
The blockchain talent pool is definitely booming; thousands of security researchers, dozens of startups, and a lot to like. We’re far from 2020, when bug bounty programs were rarely adopted and bounty sizes were tiny.
How do we get to the next level? I'm open to ideas.
Bug bounty adoption was a crucial step to prevent an armageddon.
@Immunefi
alone prevented $25B+ in funds from being stolen (a number I'll be re-estimating over the new few months).
If we didn't have bug bounties, crypto would be in a much darker, more hostile place.
Hiring tip for fellow founders: if someone actively dislikes animals, that’s a red flag.
Lack of empathy is a serious concern and erodes team morale, don’t risk it. Select for great character, inclusive of mercy and care.
We created the 'I'm feeling lucky' button by community request, and it's been a hit!
To make it even more useful we made it eminently shareable, so that it's effortless to hunt anytime, anywhere.
Happy hunting!
We’ve made it quick and easy to find the newest trending Bug Bounty Programs on Immunefi 🔍
Our Explore Page has been updated so you can filter trending programs based on launch date 💪
More filtering options are coming soon, so watch this space ✨
Happy hunting!
Say goodbye to the back-and-forth of wallet verification 👋
You can now verify and save wallets directly on your Immunefi account 💼
This will make getting paid quicker — and removes unnecessary steps along the way.
Find out more:
Finding juicy new targets on Immunefi just got a whole lot easier 🎯
We got tons of requests for this one — and as always, we heard you loud and clear 🫡
We’ve added a column to the Scope section of BBP pages showing when assets were added, so you can see the hottest new
Security fam, yesterday you requested an easy way back to the explore page. We heard you.
So we designed, developed, and shipped just that feature the same day.
Enjoy comrades.
Yet another case of ASK and yee shall RECEIVE!
Per
@00xWizard
's feature request we have created a KYC Y/N filter on the
@immunefi
/explore/ page, so you can find the programs that are just right for you.
Enjoy the hunt!
Immunefi has a brand new onboarding flow for SRs 🎉
We’ve added a modal to guide new users based on their level of experience and knowledge. 💡
You’ll see this when you first sign up, and it can be reopened any time from the nav.
I hope this helps you find your feed — and get
In light of the recent onchain hack impact piece, I remind all of your security researchers that you CAN become a 100x hacker, and only YOU can keep crypto safe.
Do your duty, and become a security legend.
We’ve made it easier to doom scroll on Immunefi 🥳
Our Explore page now loads progressively as you scroll, improving the experience of searching for your next hunt 🔍
Now you can scroll until your heart’s content 🤗
Happy hunting!
A new Critical has been confirmed after a descent into the depths of a downgrade to Medium and a battle with three rounds of mediation. ⚡️
I respect that the project team made the right call. Huge thanks to
@Immunefi
for having my back through it all!
The hunt continues...
One audit competition to rule them all 🏆
Immunefi, in collaboration with the
@Ethereum
Foundation, presents the first-ever Attackathon to enhance Ethereum’s protocol security. 💪
Become a sponsor and help make history ✨
1/4
#EFxImmunefi
Crypto is now far too large to stay on top of. There was a time when I knew most of the projects in the space... not anymore. Now I can barely keep up with the security sector!
$500k in rewards paid for the Shardeum Boost audit on
@immunefi
. Is that the biggest contest pot ever paid out?
It's definitely one of the biggest ever paid.
@realCaptainWoof
@immunefi
Immunefi is hard mode; there aren't a lot of obvious bugs.
But there are a lot of non-obvious ones.
Need to shift mindset from picking low hanging fruit to thinking like a true hacker; how do I break this system?
Then you'll realize there are bugs, bugs everywhere.
Many Security Researchers have requested an easier, more pleasant way to read Boost reports than trudging through our Github repo; we've heard you, and so we put together a quick Gitbook MVP, which gives you:
1) A pleasant report reading experience, grouped by contest
2) Full
Some
@immunefi
power users thought we were being a little too paranoid with our fast-acting auto-logout settings...
So by popular request, we've loosened them up a bit. Now your login should last the workday.
Enjoy everyone.
@0xriptide
@immunefi
it's in the backlog. I hope to launch this sometime this year.
Thing is this feature is less valuable than creating better transactions in the first place, which is where my attention is going atm. That takes precedence.
New feature for security researchers, making it easy for you guys to see how many Boosts are live and running at any one time. Enjoy!
Have more feature requests? Let me know what you guys need and we'll make it happen.
Elite hackers rejoice! Your recognition is now limitless 🤩
Today on, once you’ve earned $100k+ on Immunefi, you’ll unlock Super Whitehat powers and all rate limits will unlock for you in perpetuity. Ideal for multi-protocol crits.✅
Happy hunting!🏹
Severity upgrades happen only on
@immunefi
, because we care more about real report levelling than anyone else. The truth is what counts with us.
So much more on this is coming, ready yourself. And in the meantime keep hunting and winning! We all love to see it.
The Lazarus group is arguably the biggest advanced persistent threat in crypto right now (definitely the scariest). Immunefi's recent report shows they've been responsible for over $300 million stolen this year alone. Read more about it on Fortune:
Even moarrrrr audit contests on
@immunefi
! This time with the biggest staking protocol in the entire onchain economy.
Legends will be borne from this contest. If you win it, you can be sure that you'll be in high demand from staking protocols across the world.
🎉 The countdown is now live for our Boost with
@LidoFinance
which focuses on Mellow Decentralized Validator Vault 🎉
👉 $100k reward pool
👉 3 weeks duration
👉 3700 nSLOC
👉 Starts on August 15th
Don't miss out on this! More details at the link below:
Another new record in bug bounties available, more chances to earn by doing good.
And these bounties are hardly unwinnable; we continue to pay millions in bounties every month. The next big bounty could be yours. Come and claim it!
if you break firedancer, are you a breakdancer? 🔥💃
starting today, up to $1M in bounties are available via
@immunefi
to help secure the in-development Solana validator client.
You asked, we delivered: Google Sign-On has arrived, and can be enforced across all program users in the Organization settings. Formerly a customer feature request, now shipped. :)
@immunefi
is your secure vulnerability dashboard. More access control tooling in the works!
The Immunefi Explore page is always evolving to make it easier to find your next hunting opportunity 💪
Loads of you asked for a way to search programs by whether KYC was required or not — and so that’s exactly what we’ve added 🔍
More improvements coming soon 🫡
A few new features shipped today. The first one for Projects on
@immunefi
: users can now search by report ID within the Immunefi dashboard.
This was a recent request from one of our customers, and it didn't take long to get shipped.
Enjoy everyone.😘
🤘I am thrilled to share with you that I'm joining
@immunefi
as their new senior machine learning engineer
I'm honored to have the opportunity to contribute meaningfully to the best ecosystem ever alongside incredible talents 🤝
We have created the most impartial and effective dispute resolution methodology in the bug bounty world. Severity upgrades are proof of that.
Everyone wins: More trust drives more whitehat reports, driving more positive sum security impact for all.
Stay good everyone.
@MitchellAmador
@immunefi
Back in 2022, when Immunefi was still working out its methodologies, it had a bit of a mixed reputation.
Two years later, I can safely say that it has really locked down its negotiating skills in favour of whitehats.
My thanks. 🙏
Arbitrum Vaults have launched on Immunefi 🚀
Projects can now seamlessly deploy their vault to
@arbitrum
and deposit funds 💰
This enables automated, secure, and transparent payments — and creates a more streamlined audit and bug bounty experience for Arbitrum projects 💪
Whitehats
@ciphermarco
and
@danielvf
asking for masking and greater anonymity, so a project couldn’t be guessed by the length of their whiteout 🔍
So that's what we've done! Redacted lines in screenshots now have random lengths. 💪
Bad luck, sleuths! No sleuth for you. 🍜
@MitchellAmador
That's useful! Could you make the redaction have a fixed or random length so there's no possibility of inferring the project from its length?
After inflation resistant assets and DeFi, onchain security has next greatest product-market fit in crypto.
And success for any onchain vertical strengthens that PMF.
This means
@immunefi
is going to be huge. 360 bounties today, but 1000 more incoming.
Incredible bounties to
In web2, a BIG bug bounty payout might be only $25-50k, but onchain blackhats can earn millions from a single exploit, which kills disclosure incentives.
The only solution: scaling bug bounties should be proportional (to some reasonable degree) to the capital at risk. A life
We've just raised our Series A.
So far, we've paid out $60 million in bounties to some of the world's best hackers and saved $25 billion from being hacked in web3.
Expect many more big things from us in the future.
Let's secure web3 together.
Coming at you with another upgrade to the hunting experience on Immunefi✨
The mediation button on reports is now available at all times, so you can get the help you need when you need it. And if mediation does not yet apply, a modal lets you know.
No more second-guessing, just
New filter is proving a hit, with some major worldwide use for the 'KYC not required' filter!
Heartening see that security researchers value their privacy. May you all have epic finds.
NEW bugfix review
"A critical vulnerability was identified and reported by whitehat
@riproprip
in the Raydium protocol on January 10, 2024...A bounty of $505,000 in RAY tokens was awarded to the whitehat for this discovery...."
Like Alladin's Genie in the Lamp, you make a feature request and
@immunefi
grants it.
From feature request to production in just 3 days. Now all whitehats can search their historical reports by the project they submitted to or report title they used. Enjoy
@sentient_x
!
@immunefi
is it possible to add a feature to search your submitted bugs per project as well? Current search is limited to Status and Severity, but at times you want to find an old report quickly to a project.
@MitchellAmador
$2.7 Mil on Immunefi contest over the next 30 days
And this isn't even the biggest news we have in the next 30 days!!!
Legit unbelievable what we got coming next for you!
We’ve only just begun and the Immunefi security community has already delivered huge security impact.
The message is clear: if you need an audit contest, come roll with us.
In just 7 days on the
@FolksFinance
Boosts (audit contests), we have:
- 2 Criticals
- 3 Mediums
- 4 Lows
- 1 Insight
- 5 reports still escalated by Immunefi
This means the whole pool has been unlocked.
JUMP IN AND HUNT!
🚨 We’re excited to announce that Immunefi Boosts are now called Audit Competitions! 🚨
Same product, new name — designed to better reflect our mission of providing competitive, crowdsourced security audits. 💥
Get started:
#ImmunefiAuditCompetitions
5 Highs and 3 Criticals have been confirmed in the Fuel Attackathon unlocking the $1M reward pool!
With 4 days left, this is your chance to find bugs, earn rewards, and help secure
@fuel_network
's $90M+ deposits
Time to get hunting
@MitchellAmador
Hey, I found it did not behaves as expected. When you happen to open a bounty program directly from google results and hit this button, it brings you back to google, not on the explore page of Immunefi
Crypto has a real issue with operators doing N projects at the same time. This slows our outcomes.
Which is strange, because success in our space is so leveraged that doing one thing well typically leads to dramatically better results.
I'ma do one thing.
The community will wake up to the severity of DeFi hacks when 'the big one', a hack of hundreds of millions in size, happens.
It may have already happened.
With hard work, anyone gets a Confirmed Critical in
@immunefi
But can you draw a Confirmed Rainbow?
> 1 insight, low, med, high, and crit in any order, in a row. Uncropped images only.
Is onchain security improving? According to the metric that matters most (funds stolen), yes. Hack volumes are rising, yet the overall impact is diminishing. Despite 247 hacks in 2023 alone, the aggregate impact decreased, with $1.7B in funds impacted, against $3.7B in 2022.
Feeling lucky? Well, you should be, because we've upgraded the 'I'm feeling lucky' mechanic to be even more fun and helpful!
1) We’ve added a ‘Feeling Lucky for Scope?’ mechanic, so that you can get random assets-in-scope put right in front of you. Let lady luck guide your
The $100k Folks Finance (
@FolksFinance
) Audit Competition is finished and the full results have been posted!
🥇
@zarkk01
: $26,633
🥈
@__nnez
: $12,485
🥉
@A2security
: $10,319
4���
@AliX_40
: $6,838
5⃣
@kankodu
: $6,536
Check the link below for the full leaderboard!
👇
Introducing the new best home for your security victories.
Reports, earnings, ranking, achievements, and more to come. All of it will live in your Immunefi Profile, showing everyone you're a legend in the making.
Head over to and make your profile; you
Introducing Immunefi Profiles for the world’s most elite security researchers.🏅
Immunefi Profiles showcase your hard-earned, legendary achievements and badges. 💪
To create your own, log in to the Immunefi Dashboard (), just like
@lonelysloth_sec
did.
Big numbers aside, the ecosystem really is getting more secure.
@immunefi
is a hugeee part of that and soon, I'll prove it.
May these numbers trend forever lower per unit of onchain TVL.
Are there 10x devs for onchain security? Yes, there are.
@storming0x
asked if there are 10x auditors, and of course there are!
But they too should move aside, for the 100x hackers is the true demonstration of the vast delta in onchain attacking skills.
For those of you who want to read the long form post on my blog, complete with stats and graphs and deeper analysis of the subject, you can read that here:
You wanted streamlined mediations that make hunting even less stressful, so we made a big under-the-hood upgrade to deliver that! 💪
We’ve created new precision-oriented macros helping us to monitor, evaluate, and improve the effectiveness of Immunefi mediations. Better
Security fam, how do we like the little swords in the banner? Does it satisfy you?
Beyond that, any way we can make this banner better/more to your liking?
Glad to see our unique efforts to create the most fair and impartial security platform being appreciated. We really do put 110% into this.
And it's why we can be trusted with programs and reports that no one else can; integrity is deep in the
@immunefi
DNA.
@1_00_proof
@MitchellAmador
@immunefi
In my experience they work very hard at being fair and impartial.
They don’t automatically side with reporter but actually do the hard work to understand the issue and give a fair evaluation — which I think is the best for both projects and reporters.
@Audinarey
@BKWeb3
@UnoHeuss
@trust__90
@immunefi
Yes, this is the direction we're going.
But for context, this is not simple, and in many places it's highly illegal to do this without being a particular type of licensed institution.
We've developed/are developing the way to do this right, at massive scale.