Cointime

Download App
iOS & Android

Crypto Bug Bounty Hunting: An Overview Since 2020

Cointime Official

By Harvesto Orlando

Crypto used to be all about trading and hodling alt and shitcoins in the hopes of mooning. However, a growing number of people are making money off crypto — not in the usual way of HODLing or day trading — but through “bounties” hosted by crypto platforms. One such bounty is bug hunting, which has become quite popular recently with the rise of DeFi and the DeFi hacks ensued.

According to Cointelegraph, “the hacks have skyrocketed demand for blockchain security experts, with some auditors making upwards of $430,000 annually.” Fortunately for auditors and security experts in developing countries, crypto bounty hunting is becoming a highway out of poverty and mediocrity.

But then, how did it all start? How did the industry make this transition in just two years? The story can be traced back to 2017/2018, when Bounty0x, Gitcoin, and other bounty hosting platforms allowed bounty hosts to post bounties paid out in any cryptocurrency, such as Ethereum, stablecoins, or other tokens.

These bounties ranged from spotting vulnerabilities in general code to marketing services such as writing content and tweets. However, the focus started shifting with the emerging popularity of the Ethereum blockchain and its smart contracts. Soon projects started building on Ethereum, and there was an influx of dapps into the market.

This breakneck development soon led to complications — developers built the dapps with Ethereum code, which could be hacked or exploited. So began an infamous chain of dapp and smart contract attacks, all in a bid to drain their funds. We all are familiar with the DeFi summer of 2020. That year, nearly $100 million was lost due to bugs, exploits, and hacks. The protocols recovered some losses, but the hacks affected the industry’s outlook.

Projects like YAM, Soft yearn, bZx, Harvest, and Akropolis suffered losses in hundreds of thousands and millions. Some of these hacks were orchestrated by hackers who wanted to prove a point — that the protocols’ code base or security was insecure and they could get away with the hacks.

Enter Immunefi in December 2020.

The idea was to incentivize white hackers to safeguard protocols by finding and reporting exploitable bugs in the ecosystem. The idea quickly caught fire; Immunefi secured partnerships with scores of protocols, gained the DeFi community’s trust and onboarded many white hackers.

By the fall of 2021, Immunefi was reportedly responsible for protecting more than $50 billion in protocol assets from projects such as Synthetix, Chainlink, SushiSwap, and PancakeSwap. In addition, the OG bug bounty platform had paid more than $7.5m in bug bounties.

One of the most popular bugs found was on the Polygon network and was reported to have been at risk of $850 million being exploited. The bug was found by an Immunefi hacker, Gerhard Wagner, who promptly reported it and received a $2 million payout.

According to research undertaken by Immunefi, DeFi-related hacks and exploits have cost the sector over $10.2 billion. 2022 has had its fair share of hacks, from the Axis Ronin Bridge hack of about $600m to the Solana hack to the recent $160m Wintermute exploit.

These hacks all mean that the DeFi, crypto space still needs to be safeguarded. Immunefi has acted promptly by raising $24,000,000 to boost its security capabilities, a giant leap from its $5m 2021 raise. Immunefi claims to have paid over $60 million in total bounties since its December 2020 debut.

The platform also supports over 300 DeFi and crypto projects, including Big Names, Chain link, MakerDAO, and Compound while protecting $100 billion in assets. Note that there are other bug bounty platforms like Hackenproof and bugbounter, but Immunefi stands above them.

Comments

All Comments

Recommended for you

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.