White hat hackers crack the code: Since 2020, crypto bugs have paid more than $65 million


Immunefi, the leading bug management platform in the cryptocurrency industry, has paid  a total of $65 million to white hat hackers since its inception in 2020. 

 These ethical hackers look for security holes in smart contracts and blockchain projects and are paid to report them to Immune. This helps protect users' assets and prevents bad actors from stealing money. 

 Smart contract bugs made up the majority of paid reports 

 According to Immunef, 58.3% of  paid reports were about smart contract vulnerabilities,  728 submissions. There were 
488 applications in the Websites and Applications category, representing 39.1% of the total, and 32 or 2.6% applications for distributed ledger technologies/blockchain cases. 

 In second place, websites and applications accounted for only 2.9% of  payouts, while smart contract errors accounted for 89.6% of payouts. 

 Some projects  paid  more  than others. Aurora, Wormhole, Optimism, Polygon and an unnamed company offered $30.2 million in payouts through their rewards programs in 2021, with an average payout of $52,800 and a median payout of $2,000. 

  Paid over $52 million this year 

 In 2022, Immunef paid over $52 million  to white hat hackers due to the rise of crypto-hackers, resulting in  over $3 billion in property losses. 

 The highest paid award of the year was  $10 million  for  the Wormhole decentralized communication protocol vulnerability, and another $6 million was paid for a bug found in Aurora's second-layer scaling solution compatible with Ethereum. 

 Web3 error fees higher than Web2 

 Web3 error fees are generally higher than Web2 fees due to the large  capital involved in smart contracts. 

 As Immunefi explains: "A $5,000 reward for a critical vulnerability might work in the web2 world, but it won't work in the web3 world. When the direct monetary loss of  a web3 vulnerability can reach $50 million,  it makes sense to offer a much larger a reward for good behavior.

 Interestingly enough, the wormhole bounty alone is larger than the $8.7 million that Google's vulnerability bounty programs paid out last year.

Source : cryptopotato

Post a Comment

Lebih baru Lebih lama