Bug bounty security services platform Immunefi raised $24 million in a Series A round led by Framework Ventures.
Other backers in the round were Electric Capital, Polygon Ventures, Samsung Next, P2P Capital, North Island Ventures, Third Prime Ventures, Lattice Capital, and Stratos DeFi.
Immunefi focuses on bug bounty and security services for Web3 projects. Since its inception in December 2020, the firm has saved over $25 billion in users’ funds, according to a statement on Thursday. Immunefi said it has paid out $60 million in total bounties, and supports over 300 projects including Chainlink, Wormhole, and MakerDAO.
The next big thing
Bug bounties are increasingly becoming an attractive revenue stream for security researchers and an efficient way for tech firms to identify weaknesses in their products. In 2020, Google announced it had paid over $21 million in bug bounties under its vulnerability reward program since 2010, spending $6.5 million in 2019 alone. In 2020, hackers from dozens of countries earned up to $40 million just by identifying system vulnerabilities for various organizations.
Bug bounty rewards have slowly been increasing across crypto as well. In 2019, crypto exchange Coinbase Global (COIN) forked out $30,000 bounty for identifying a critical bug in its systems.
The popularity of bug bounties is also due to the fact that decentralized finance (DeFi) platforms, such as Balancer Labs, are increasingly vulnerable to hacks and theft. DeFi refers to financial activities carried out directly on the blockchain without any third party involvement.
According to a report by crypto sleuth CipherTrace, in the second half of 2020 half of all targeted entities for crypto-related hacks were DeFi platforms, making up 14% of total hacked volume (amounting to $47.7 million).
To this effect, in 2021 DeFi insurance brokerage ArmorFi paid a bounty of $1.5 million to a white-hat hacker who found a "critical bug" that could have seen all the firm’s underwriting funds drained.
“Open code and directly monetizable exploits have made web3 the most adversarial software development space in the world," Mitchell Amador, CEO of Immunefi, said in the statement.
“By shifting incentives towards white hats, Immunefi has already saved billions of dollars of users’ funds," Amador said. "We’re using this raise to scale our team to meet this massive demand," he added.
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.