Conventional Web page and app bug bounty platforms, similar to HackerOne and BugCrowd, have been profitable in that outdated world mannequin. However there’s a large distinction between the present ‘Web2’ bug bounties and the brand new period of ‘Web3’ bugs related to blockchains and Crypto. Within the period of Decentralised Finance (DeFi), Web3 bug bounties tackle the crucial nature of being related to precise financial worth, not simply software program bugs.
This is able to maybe clarify why Immunefi, one of many rising bug bounty and safety companies platforms for DeFi, has now raised $5.5M in funding led by Electric Capital. Additionally taking part is Blueprint Forest, Framework Ventures, Bitscale Capital, P2P Capital, IDEO Colab, The LAO, BR Capital, third Prime Ventures, North Island Ventures, and different particular person buyers.
With DeFi, billions of {dollars} in person funds are locked in good contracts, seen and accessible to all. And the stakes are excessive. In 2020, hackers stole about $120 million from DeFi protocols in 15 separate assaults. And the issues are solely getting larger. Hackers netted greater than $1.7 billion this 12 months.
Immunefi says its bug bounty platform for good contracts and crypto tasks allows safety researchers to assessment code, disclose vulnerabilities, and receives a commission to take action. It additionally permits corporations to entry safety expertise.
Mitchell Amador, Founder, and CEO of Immunefi mentioned: “DeFi is exclusive as a result of vulnerabilities in code signify a risk of a direct lack of customers’ cash. Bug bounty applications are open invites to safety researchers to seek out these vulnerabilities in change for a reward… We consider that by serving to launch such applications on Immunefi, we contribute not solely to defending DeFi tasks for in the present day, but additionally to shaping the tech business for the long run.”
Shoppers for its platform embrace Synthetix, Chainlink, SushiSwap, PancakeSwap, Bancor, Cream Finance, Compound, Alchemix and different tasks.
The corporate says that not too long ago Belt Finance paid out $1,050,000 to a whitehat hacker, through Immunefi, who had found a crucial vulnerability in its protocol which put greater than $10 million of capital in danger.
Roy Learner, Principal at Framework Ventures mentioned: “This 12 months, Immunefi succeeded in turning into DeFi’s main bug bounty platform, gaining the belief of key business gamers, and we’re assured Immunefi is simply getting began.”
Chatting with TechCrunch, Amador added: “The fact is that Web3 is a much more adversarial atmosphere, which implies each a part of the bug bounty course of works in a different way from earlier than, from the submission and processing of a report, to the validation of a report, to the negotiation for a payout. The place conventional web2 bug bounties are a handy bugfixing instrument, our Web3 bug bounties are a much more crucial emergency response system for DeFi tasks.”