Summary Whitehat nojob reported a critical vulnerability in Port Finance via Immunefi on March 29. If a malicious attacker had exploited the vulnerability, they could have stolen $20–25 million. But because of nojob’s responsible disclosure, no user funds were lost. Port Finance promptly patched the bug and paid the whitehat $180,000…

By the time he was 8, t11s was playing Mozart’s Piano Sonata №1 in C major, K 279/189d (Munich, Autumn 1774). By the time he was 11, he mastered Klingon (eclectic interests, we’ll admit). And by the time he was 14, he sat down to read the Ethereum whitepaper and…

Summary On April 22, whitehat Violet Vienhage submitted a critical vulnerability in Sense Finance via Immunefi. Sense operates as decentralized, permissionless infrastructure, where teams can build and develop new yield primitives for DeFi, such as bond-like assets, yield tokens, and tranche-like instruments. Yield-stripping is the first application built on Sense, where…

Pwning.eth has earned a Whitehat Hall of Fame NFT for his recent critical bug find in Aurora, forever securing his spot in hacking history. This award makes him the second whitehat to be immortalized after Satya0x, who was paid $10,000,000 for his find in Wormhole. Each Whitehat Hall of Fame…

Summary Whitehat pwning.eth submitted a critical vulnerability in Aurora on April 26 via Immunefi. The vulnerability consisted of an infinite spend bug that, if exploited by a malicious user, could have led to a direct loss of 70k ETH and $200m in other assets. Thankfully, owing to pwning.eth’s skills, that bug…

Immunefi is launching the Whitehat Hall of Fame NFT collection today to create a permanent ‘Whitehat Hall of Fame’ for the most legendary whitehats. The Hall of Fame list is available on our website, and the NFT collection itself is available here. Immunefi truly values its whitehats. They choose to…

Summary On February 24th, a whitehat who goes by the pseudonym satya0x, responsibly disclosed a critical bug in the Wormhole core bridge contract on Ethereum. This bug was an upgradeable proxy implementation self-destruct bug that helped prevent a potential lockup of user funds. This particular responsible disclosure is yet another example…

The DeFi ecosystem has already suffered $1.22 billion worth of losses due to hacks in just the first three months of 2022, according to recent Immunefi research. Headlined by the API hack of Axie Infinity’s Ronin Network sidechain in March, which resulted in North Korean-linked hackers looting a record $615…

The Nexus Mutual community has just voted to continue its bug bounty matching program with Immunefi and increase the size of the war chest available for whitehats to $600k. Nexus Mutual, a decentralized insurance alternative, first began a trial bug bounty matching program by allocating $200k as a matching payment…