Around this time last year we reported that ImmuneFi – one of the emerging bug bounty and security services platforms for DeFi – had raised $5.5 million in funding. With almost $2 billion lost to hacks and scams in crypto so far this year, this may seem like a poor investment.
And sure enough, it is. Because Immunefi has now raised $24 million as part of its Series A round. The round was led by Framework Ventures. Other investors include Samsung Next, Electric Capital and Polygon Ventures. Its total now stands at $29.5 million.
Immunefi connects Web3 projects with whitehat hackers who inspect their code, report vulnerabilities and claim monetary rewards. Sometimes these rewards can be as high as $10 million – not surprising when so much crypto currency is at stake. Most tech companies, including Apple and Microsoft, use a similar bug bounty methodology, but the practice is less used at Web3 because hackers can sometimes have a much greater incentive to steal money than to report a bug, especially when millions of dollars are on offer.
Launched in December 2020, Immunefi claims to have paid $60 million to whitehot hackers and saved more than $25 billion in unhacked funds.
But bug payments in crypto have to work differently than in Web 2.0. A $5,000 payment is a pittance when $100 million in funding is at stake. So Immunefi developed a bug bounty standard that scales to incentivize projects to pay out rewards for large vulnerabilities at a rate equal to 10% of funds at potential risk.
This means some enormous bug bounties — $10 million paid for vulnerabilities found in a wormhole, a common cross-chain messaging protocol, and $6 million for vulnerabilities found in Aurora, a bridging and scaling solution for Ethereum. This contrasts with the largest traditional bug bounty offered by Apple at $2 million.
CEO and founder Michel Amador said in a statement: “Open source and directly monetized exploits have made Web3 the most hostile software development space in the world. By shifting incentives toward whitehats, Immunefi has already saved billions of dollars in user funds. Projects across crypto have quickly realized that using ImmuneFi is better than publicly begging hackers to return funds or pay ransoms. We are using this increase to scale our team to take on this huge challenge.
Immunefi has competitors, however; HackerOne moved from Web 2.0 to web3 and Safeheron recently raised $7 million to secure private keys.