HomeBlockchainInterviewETHCC interview with Immunefi: the project to make the crypto environment safer

ETHCC interview with Immunefi: the project to make the crypto environment safer

During the Paris event ETHCC, the Cryptonomist sat down to talk with Immunefi, the bug bounty and security services platform for smart contracts and web3 crypto projects.

Can you tell me more about the numbers of bounties and hack averted?

We’ve facilitated the payout of over $80 million in bounties to whitehats. These include record-breaking payouts like $10 million for a vulnerability discovered in Wormhole, a generic cross-chain messaging protocol, and $6 million for a vulnerability discovered in Aurora, a bridge, and a scaling solution for Ethereum.

Currently, we have over 320 bounty programs available on Immunefi that collectively offer $158 million in rewards available to whitehats. As a result of the vulnerabilities submitted through our system, we’ve saved more than $25 billion in user and protocol funds from being hacked. 

How does your service work?

Immunefi is a bug bounty and security services platform for smart contracts and web3 projects, where security researchers review code, disclose vulnerabilities, and get paid. Immunefi removes security risk through bug bounties and comprehensive security services. We were the first to introduce a scaling incentive for hackers, meaning rewards grow accordingly with the severity of an exploit and the volume of funds at risk. Thanks to that, Immunefi has built the largest community of security talent in the crypto space.

Immunefi receives a fee of 10% on top of the amount paid to the security researcher. The whitehat hacker receives their full reward – the payment to Immunefi is in addition to that amount and helps pay for its platform and expertise.

Who are your clients?

The company’s primary clients are web3 protocols, dApps, DAOs, and both layer one and layer two blockchains. Some of the most prominent web3 protocols use Immunefi to run their bounty programs, including established, multi-billion dollar projects like web3 protocols like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix,  and more. Together they hold over $60 billion in user funds, representing a major target for blackhat hackers.

Which are the most frequent types of hacks?

The most frequent types of bugs and hacks we see: 

  • Improper input validation 
  • Incorrect calculation 
  • Oracle/price manipulation 
  • Weak access control
  • Replay attacks/signature malleability 
  • Rounding errors 
  • Reentrancy
  • Frontrunning

For more information, see our most recent post here.

Amelia Tomasicchio
Amelia Tomasicchiohttps://cryptonomist.ch
As expert in digital marketing, Amelia began working in the fintech sector in 2014 after writing her thesis on Bitcoin technology. Previously author for several international crypto-related magazines and CMO at Eidoo. She is now the co-founder and editor-in-chief of The Cryptonomist, and also PR manager for the Italian market at Bitget. She is also a marketing teacher at Digital Coach in Milan and she published a book about NFTs for the Italian publishing house Mondadori, while she is also helping artists and company to entering in the sector. As advisor, Amelia is also involved in metaverse-related project such as The Nemesis and OVER.