Introduction On October 7th, 2022, the Binance Bridge was hacked due to a flaw in the IAVL Merkle proof verification system, which allowed a malicious hacker to steal 2m BNB, or about $600m USD equivalent at the time. In response to the exploit, Binance paused the system for hours and introduced…

Introduction One of the key skills that separates advanced hackers from beginners is the ability to write a proof of concept (PoC). A PoC is essentially runnable code that demonstrates a smart contract vulnerability without actually exploiting it in a live environment. But writing a PoC can be challenging, especially if…

Summary In 2022 alone, cross-chain exploits led to a total of over $1.3 billion dollars in losses — almost 60% of all funds stolen that year. …

Joran Honig sprung from the womb in 2018 as a fully-fledged ConsenSys Diligence tool builder and has become one of the most feared whitehats in the space, owing to the sheer complexity of his bug reports. He has been hanging out on the Immunefi leaderboard and is aiming to reach…

Summary On Nov 15th, an anonymous whitehat submitted a critical logic error vulnerability to the Beanstalk protocol via Immunefi, demonstrating a direct theft of assets from the accounts that were approved for the Beanstalk contract. The Beanstalk Immunefi Committee estimated that the vulnerability could have resulted in a loss of up…

Summary On January 22, 2023, whitehat 0xriptide reported a high severity vulnerability to the Balancer protocol, a community-driven DeFi liquidity infrastructure provider. The bug itself would allow liquidity providers to submit duplicate claims to drain all the Merkle Orchard’s assets from the Vault. At the time of the report submission, across…

At Immunefi, we have a simple catchphrase: excellent bug reports lead to excellent payouts. It’s a completely serious catchphrase. Immunefi has facilitated the world’s largest bug bounty payouts ($10 million, $6 million, $2.2 million, and many more), because the funds at risk are orders of magnitude larger in web3, compared…

Pwning.eth has earned a third Whitehat Hall of Fame NFT for his critical bug find in Moonbeam, Astar, and Acala on June 27, 2022. He received his second Hall of Fame NFT for finding a major vulnerability in Moonbeam and his first for an epic find in Aurora. We’d like…

Who We Are Welcome to Immunefi, the leading bug bounty platform for web3. We offer legendary response times, top-notch support for our hackers, and the world’s largest bug bounty payouts. We’ve paid out more than $65m to whitehats through our platform since we were founded in December 2020, and we have more than…