DeFi Bug Bounty Platform Immunefi Raises $5.5M

Immunefi, a bug bounty system for smart contracts and decentralized finance (Defi) projects, has announced it raised $5.5M in funding.

Investors participating in the fundraise included Blueprint Forest, Electric Capital, Framework Ventures, Bitscale Capital, P2P Capital, IDEO Colab, The LAO, BR Capital, 3rd Prime Ventures, North Island Ventures, and other individual investors.

Hacking incidents are a mission-critical issue in the world of DeFi. This year alone there has been at least 23 various attacks that have net hackers more than $1.7 billion in stolen funds.

Helping to ensure the safety of DeFi projects, Immunefi offers ethical hackers, otherwise known as whitehats, bounty programs where security researchers can review code, disclose vulnerabilities, and get paid.

“DeFi is unique because vulnerabilities in code represent a possibility of a direct loss of users’ money,” said Mitchell Amador, founder and CEO of Immunefi.

He added that bug bounty programs “have proved one of the most effective ways to deal with critical security holes.”

Just last week, Polygon, a scalability solution for Ethereum, awarded a record $2 million bounty—paid through Immunefi—to a white hat hacker who had identified a vulnerability that put about $850 million of capital at risk.

On another occasion, Belt Finance, a Binance Smart Chain-based decentralized exchange (DEX), has paid out $1.05 million to a whitehat hacker who discovered a critical vulnerability in the protocol which put more than $10 million of capital at risk.

So, which projects are choosing Immunefi’s services?

The company says that as of today it protects more than $50 billion in users’ funds and has paid well over $7.5 million in bounties, with leading DeFi protocols like Synthetix, Chainlink, SushiSwap, PancakeSwap, Nexus Mutual, Cream Finance, 1inch, Compound, Bancor, Alchemix, and ArmorFi among its primary clients.

Speaking to Decrypt, Amador stressed that with billions of dollars in user funds locked in smart contracts, visible and accessible to anyone, all those projects represent “a promising target for black hat hackers.”

Poly Network, which earlier this year suffered one of the biggest hacks in the industry worth $610 million, also chose Immunefi to run its bounty program as well.

When asked what Immunefi plans to do with the fresh capital, Amador said that the company intends to scale its operations and hire new exceptional talent.

"Given the amount of clients we've onboarded, we're ideally positioned to become the best security services provider in all of DeFi, so we are acquiring cutting edge security tech and building the most elite emergency response team in the industry," Amador told Decrypt.

He added that Immunefi is incentivized to help hackers find more vulnerabilities and secure their payouts, as the company receives a fee equal to 10% of the bounty paid to the security researcher.

“The white hat hacker receives their full reward - the payment to Immunefi is in addition to that amount and helps pay for its platform and expertise,” he said.