According to a new report released on Dec. 21, blockchain security firm Immunefi said that it has processed more than $65,918,994 crypto bounties paid to ethical hackers over 1,248 reports since its inception on Dec. 9, 2020. Web 3.0 projects list bounty programs on ImmuneFi to encourage whitehat hackers to report vulnerabilities and claim monetary rewards, which the company then facilitates.
The payouts appear to be concentrated in nature, with bounty programs operated by Wormhole, Aurora, Polygon, Optimism, and an undisclosed firm accounting for $30.2 million worth of rewards in the past year. The median payout was $2,000, and the average payout was $52,800. A small number of critical vulnerability bug reports received the highest rewards.
In terms of vulnerability notifications, Smart Contracts issues took the lead, with a total of 728 submissions, accounting for 58.3% of paid reports. Meanwhile, the Websites and Applications and Blockchain/Distributed Ledger Technology (DLT) categories totaled 488 submissions (39.1) and 32 submissions (2.6%), respectively. Interestingly, despite having a high number of submissions, Website and Applications reports only represented 2.9% of total whitehat payouts, whereas Smart Contract bugs accounted for 89.6% of payments.
The bounty programs detected high vulnerability reports, such as the case in Pods Finance, for a logic error that allowed for theft of yield or abuse of the rewards system on the protocol. Another includes Mushrooms Finance's vulnerability which could be potentially exploited via a miner-extractable value attack with flash bots.
The report also dedicated a portion of ransom analysis, revealing that malicious hackers have returned $32.7 million in funds illicitly gained
Read more on cointelegraph.com