New data from bug bounty platform Immunefi finds that nearly $1.7 billion in crypto assets have been drained on BNB Chain since its September 2020 inception. In a new research post, Immunefi says that BNB Chain witnessed hundreds of fraud and security incidents after launching about four years ago. “In total, we have seen a […]
The post $1,640,000,000 in Crypto Assets Lost on BNB Chain Since Launch, Says Bug Bounty Platform Immunefi appeared first on The Daily Hodl.
The Ethereum Foundation (EF) is unveiling a month-long initiative aimed at improving the security of the second-largest blockchain by market capitalization. According to the Ethereum Protocol Security (EPS) Research Team, the blockchain-focused bug bounty platform Immunefi will host an Ethereum (ETH) protocol “Attackathon” over a four-week period. An Attackathon is a challenge aimed at auditing […]
The post Ethereum Foundation Rolls Out ‘Attackathon’ To Bolster Blockchain Security, Plans To Raise Over $2,000,000 in Reward appeared first on The Daily Hodl.
Crypto losses to hacks and frauds in the second quarter of 2024 are down 112% compared to the same quarter of the previous year, according to new research from the bug bounty platform Immunefi. Immunefi researchers note that the entire Web3 ecosystem suffered more than $572 million in losses across April, May and June, compared […]
The post Total Crypto Losses to Hacks and Frauds Surpass $572,000,000 in Q2, According to Bug Bounty Platform Immunefi appeared first on The Daily Hodl.
The co-founder of Binance is asking billionaire Elon Musk, who owns the social media platform X, to address the crypto scams proliferating over the website after her followers fell victim to a wallet drainer. In a new thread, Yi He tells her followers that a scammer is posing as her on X to trick people […]
The post Binance Co-Founder Asks Elon Musk To Address Crypto Scams on X After Her Followers Get Hit With Wallet Drainer appeared first on The Daily Hodl.
A new report from bug bounty platform Immunefi shows that crypto losses due to hacks and fraud plummeted over the past year. According to Immunefi, the crypto sector saw 108 specific incidents of hacks and rug pulls in 2024 year-to-date. The financial losses amounted to $473,229,944, or 20% less than the $595,438,324 lost during the […]
The post Crypto Sector Losses to Hacks and Fraud Are Down 20% Year-on-Year, According to Bug Bounty Platform Immunefi appeared first on The Daily Hodl.
The decline in crypto scams and frauds continued, with only $52 million lost in May compared to $59 million the previous year.
Crypto losses from fraud and hacks declined by 12% year-over-year, according to a May 30 report from blockchain security firm Immunefi. A total of $52 million was lost over the course of the month, down from over $59 million in the same month last year. In addition, the figure represents a 28% decline compared to the amount lost in April.
The report illustrates a continuing trend of declining losses from hacks and fraud in the Web3 industry. In March, Immunefi released a report stating that losses in Q1 2024 declined by 23% over the previous year. In April, CertiK reported that the month had seen its lowest losses ever.
According to the May 30 report from Immunefi, most of the losses came from two individual attacks. The first was a hack of the Web3 gaming protocol Gala Games, which resulted in losses of approximately $21 million. The second was a smart contract exploit against Sonne Finance that led to $20 million in losses. Together, these two attacks represented 78% of total losses for the month.
The Web3 security platform now allows projects to deposit bounty funds to a Safe smart contract, proving the funds are available.
Blockchain security platform Immunefi has launched an on-chain system for bug bounties, according to a Sept. 26 announcement. The new system, called “Vaults,” allows Web3 developers to escrow funds in an on-chain address and use them to pay out bug bounties to white hat hackers.
Immunefi believes the new system will help projects “demonstrate to whitehats [...] that they have allocated sufficient funds to pay bounties,” which it hopes will result in “more top-tier bug reports” being submitted.
Software developers often offer rewards, called “bug bounties,” to hackers who discover exploits or other bugs in their software. This sometimes allows vulnerabilities to be found before bad actors can exploit them. Hackers who submit bug reports for rewards instead of taking advantage of an exploit are called “white hat” hackers, while “black hat” hackers use their knowledge for malicious purposes.
Related: Projects would rather get hacked than pay bounties, Web3 developer claims
According to the announcement, the new Immunefi system allows projects to deposit their bug bounty funds to a Safe multisig smart contract (formerly called a “Gnosis Safe”). This provides white hats with on-chain proof that the funds are available. Once a bug is submitted and a project has confirmed it’s genuine, the project can release the funds to the bug reporter’s wallet.
During Vault’s launch, Ethereum infrastructure provider SSV posted a $1 million deposit to help pay bug bounties for its software. Decentralized exchange Ref Finance, which is on the Near network, also uses the new system. SSV DAO contributor Eridian claimed that on-chain bug bounties will help provide better security for the DAO’s validator services, stating:
“The Vaults System will help us provide added reassurance for any researcher engaging with our bounty program, and in turn help secure the protocol even further. A good win-win. Building further trust with the community by showcasing dedicated funding, and streamlining the payment process, will ultimately strengthen our security efforts.”
In December 2022, Immunefi reported that it had facilitated $66 million in bug bounty payouts since the platform’s inception. LayerZero released a $15 million bug bounty through Immunefi on May 17.
Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.
A new report from a bug bounty platform shows that the amount of crypto assets lost to hacks and frauds took a dive in August. According to Immunefi, $23,366,220 worth of digital assets were lost in August, marking a sharp decline from the $320,498,660 worth of losses recorded in July. Crypto losses from hacks and […]
The post More Than $23,000,000 Worth of Crypto Lost to Hacks and Frauds in August: Bug Bounty Platform Immunefi appeared first on The Daily Hodl.
Four security incidents took place on Coinbase's layer-2 solution Base shortly after its launch.
A total of $15.8 million in cryptocurrencies were lost to hacks or exploits in the month of August.
According to an Aug. 31 report by blockchain security firm Immunfi, a combined $23.4 million in crypto was lost to a combination of hacks and fraud, a significant decrease compared to the $320.5 million lost in July. All exploits consisted of attacks against decentralized finance (DeFi) protocols, and not a single incident affected centralized finance entities.
Of the 21 security incidents reported, five took place on the Ethereum blockchain, while four occurred on BNB Chain. Coinbase's highly anticipated layer-2 solution, Base, witnessed four security exploits shortly after its launch on Aug. 9.
Top losses include the Exactly Protocol hack on Aug. 18, where 4,323.6 Ether (ETH) ($7.2 million) in users' deposits were stolen via a malicious deposit contract.
Meanwhile, on Aug. 25, Magnate Finance, a borrowing and lending protocol deployed on Base, orchestrated an alleged $6.5 million exit scam after prominent DeFi sleuth zachXBT claimed the Magnate Finance deployer address was linked to the exit scam. All assets have since been removed from the protocol's smart contract, with its website and socials also offline.
Year-to-date, users have lost $1.25 billion in crypto due to hacks and fraudulent activities, according to Immunefi data. In March, DeFi protocol Euler Finance lost $195 million in a malicious flash loan attack. Less than one month later, the Euler hacker returned over 90% of users' assets after developers threatened them with legal action.
Magazine: Should we ban ransomware payments? It’s an attractive but dangerous idea
The average bug bounty payout over 1,248 confirmed reports was $52,800.
According to a new report released on Dec. 21, blockchain security firm Immunefi said that it has processed more than $65,918,994 crypto bounties paid to ethical hackers over 1,248 reports since its inception on Dec. 9, 2020. Web 3.0 projects list bounty programs on ImmuneFi to encourage whitehat hackers to report vulnerabilities and claim monetary rewards, which the company then facilitates.
The payouts appear to be concentrated in nature, with bounty programs operated by Wormhole, Aurora, Polygon, Optimism, and an undisclosed firm accounting for $30.2 million worth of rewards in the past year. The median payout was $2,000, and the average payout was $52,800. A small number of critical vulnerability bug reports received the highest rewards.
"A $5,000 bounty payout for a critical vulnerability may work in the web2 world, for example, but it does not work in the web3 world. If the direct loss of funds for a web3 vulnerability could be up to $50 million dollars, then it makes sense to offer a much larger bounty size to incentivize good behavior."
In terms of vulnerability notifications, Smart Contracts issues took the lead, with a total of 728 submissions, accounting for 58.3% of paid reports. Meanwhile, the Websites and Applications and Blockchain/Distributed Ledger Technology (DLT) categories totaled 488 submissions (39.1) and 32 submissions (2.6%), respectively. Interestingly, despite having a high number of submissions, Website and Applications reports only represented 2.9% of total whitehat payouts, whereas Smart Contract bugs accounted for 89.6% of payments.
The bounty programs detected high vulnerability reports, such as the case in Pods Finance, for a logic error that allowed for theft of yield or abuse of the rewards system on the protocol. Another includes Mushrooms Finance's vulnerability which could be potentially exploited via a miner-extractable value attack with flash bots.
The report also dedicated a portion of ransom analysis, revealing that malicious hackers have returned $32.7 million in funds illicitly gained from decentralized finance (DeFi) protocols across five specific situations in 2022. Hackers have kept $6,44 million in total ransom payments. Some experts say that the payment of ransom to hackers amounts to giving into extortion, but nearly all agree that it's much better to instate a bug bounty program ex ante facto. Immunefi currently offers $144 million in bounty rewards through Web 3.0 projects listed on the platform.
