It was around last year that we reported on Immunefi – one of the emerging bug bounty and security services platforms for DeFi – receiving $5.5 million in funding. With nearly $2 billion lost in crypto this year to hacking and fraud, this seems like a very poor investment.
And sure enough, it was. Because Immunefi has now raised $24 million as part of Series A. The round was led by Framework Ventures. Other investors include Samsung Next, Electric Capital and Polygon Ventures. This brings the total to $29.5 million.
Immunefi connects Web3 projects with whitehat hackers who inspect their code and report security vulnerabilities and demand monetary rewards. Sometimes these rewards can be as high as $10 million – a little surprising when so much cryptocurrency is at stake. Most tech companies, including Apple and Microsoft, use a similar bug bounty system, but the practice was not widely used at Web3, in part because hackers can sometimes have more incentive to steal the money than to report the bug, especially when millions of dollars can be offered.
In the year Launched in December 2020, Emunefi claims to have paid $60 million to white hat hackers and saved more than $25 billion from being hacked.
But bug payments in crypto need to work differently than Web 2. With $100 million in funds at risk, a $5,000 payout is less risky. So Immunefi has developed a bug bounty standard that weights funds at 10% risk, to encourage them to pay bounties for large vulnerabilities.
That means some huge bug bounties — such as $10 million for vulnerabilities found in Wormhole, a generic messaging protocol, and $6 million for vulnerabilities in Aurora, an Ethereum bridge and scaling solution. This contrasts with Apple’s largest typical bug bounty of $2 million.
CEO and founder Mitchell Amador said in a statement: “Open source and directly monetized exploits make Web3 the most competitive place for software development in the world. By shifting incentives to whitehats, Immunefi has already saved billions of dollars in user funds. Projects in crypto will quickly realize that it is better to use Immunefi than to publicly beg hackers to return funds or pay ransom. We are using this increase to grow our team to meet this big challenge.
Immunefi has competitors, but HackerOne switched from Web2 to Web3, and Safeheron recently raised $7 million to secure private keys.
