I've been using crypto wallets and DeFi applications on a daily basis, but I never really considered how they maintain their security until recently. I stumbled upon a conversation about Immunefi on reddit and their bug bounty program, which completely changed my perspective on security.
I found out that Immunefi plays a crucial role in safeguarding blockchain projects by identifying bugs before hackers can take advantage of them. They have helped secure over $180 billion in user funds across more than 650 projects, including major names like Ethereum, Aave, Chainlink, Optimism, and Arbitrum. They've also managed to prevent over $25 billion in potential losses.
This platform is known for hosting the largest bug bounty program in the crypto space. Projects offer bounties and set rewards based on the severity of the bug whether it's Critical, High, Medium, or Low.
This got me really curious, so I did some digging into how people submit bounties and the amount of effort it takes to uncover real issues. I even compared it to other platforms like HackerOne and HackenProof to see how their reporting, payouts, and verification processes stack up. It was eye-opening to realize just how much work goes into keeping DeFi secure. The numbers are insane!
Now, with the recent launch of the IMU token and the new opportunities it brings, I'm curious: has anyone here tried submitting a bounty on Immunefi? How was your experience?
And for those of you who are into crypto or DeFi apps regularly, knowing how these programs operate can really help in keeping your funds safe.
No matter what security bug bounty they run and have that large pool prize for the hunters. The impression of DeFi for me will not change anymore.
And that's they're an apple of the eye of the hackers because of how bountiful they are and large the money that circulates there.
That is the reason why we often read news of how many DeFi apps have been hacked. So, as an investor, I'll avoid going in them even with good audits or records they propose.
I was about to think that you had changed for good. For the first time, I thought you had posted something sensible. Something that is not about shilling a certain service, and then on checking the shared link, I just realized it's the same stupidity all over again.
Do you find that what you are doing is now boring? How far must you go with the shilling?
Shill aside, immunefi is just reinventing the wheel, every good and trusted project already have bounty for bugs and audit their smart contract regularly and whenever they deploy a new ones.
Smart contracts routinely audited by different audit firms such as OpenZeppelin and CertiK for a long time. It's not like immunefi appear and suddenly defi become secure. It's a good to have platform but not necessarily the only thing that keep defi safe.
The problem is that some DeFi app hacks come from insiders, either former employees or part of a social attack or exit scam, so even if the bug bounty program is generous, it will certainly not be worth the same as stealing money, especially if it is part of an exit scam.
Every post will keep saying Bitget, I guess this is part of her promotion.
DeFi is always a loophole where hackers can do these actions when there is an opportunity, then you say from insiders or former employees it makes sense because it could be that the loophole came from those who told him.
Even though DeFi has high security, I still saw on X that DeFi was hacked several times.
So you're saying you're more aligned with cex than Defi apps? They're some secure Defi apps though. And tbh navigating through them is fun.
Yeah from their stats you can see that, and they're thriving with how much they've recovered and prevented so far.
Sort of but I only use them when I'm about to sell. But if it's the regular usage, it's made me avoided the Defi apps.
I know that there are some which are secure but it made me think generally that I shouldn't get into it.
Maybe my mind will change and I understand that searching for the good ones is fun but, what if I have no time in them and that's why.
Insider hacking is real, a contract can be audited thoroughly but the one who make the decision is the project including the insider. if the team is rotten, the audit become useless.
Honestly any bug bounty platform should treat backdoor as a bug as well to flag the smart contract as a red flag. The fact that the so called defi is mostly just a protocol with multisig controlled by project owner and still have centralized risk is something that should make us raise a concern.
I've heard so many old protocols getting hacked despite already got audited and have bounty for bugs. It's possible that there is a backdoor.
No system can ever be safe from hacking, most especially smart contracts since those are particularly prone to faults in code that usually lead to hacks. If anything, bug bounties only helps to a certain levels. As someone that used to audit, it's safe to say bug bounties not fault proof for this defi programs. If the project bug bounties doesn't have a large enough budget, most quality auditors may not even attempt to look for bugs that might be present
I was once part of a team that made a token that the creator moved to a new one and then scammed everyone. Since it is not decentralized and there are people at the top, they can always make a new version that is not audited and people would still go for it and then the creator would steal money.
It was a very difficult part of my life because I lost a good chunk of my work in there, I was holding that token because I earned it by working, airdrops, bounties, mod work, everything I can do, and then one day it was all gone.
Bug bounties are a good signal that a team is at least willing to pay for bad news, but they don't magically make a protocol safe. A lot of the biggest DeFi losses weren't even spicy memory corruption type bugs, they were boring things like admin key risk, upgradeability gone wrong, oracle, MEV edge cases, or just straight up humans getting phished. If a contract can be upgraded instantly by one hot key, an audit PDF is pretty useless.
I wouldn't dismiss bounty programs altogether, though, but I'd treat them like one layer in a stack.
For judging a DeFi app, I personally look harder at who controls upgrades, whether there are timelocks/multisig with real signers and how they handled prior incidents.
No, it's a disaster when you submitting the bug you found to the immunifi as they rarely paid it. There have been numerous reviews about how immunefi was fooling the bug hunters, and majority of it ended with no pay for their found.
FYI, most of projects that listed on immunefi were not also serious in rewarding the bounty hunters. When you find a valid bug, but they will be also avoiding to pay you by finding a reason to make your finding out of their scope.
If you want your work to find the bug to be rewarded, just don't use them, but report it to the team that handle the platform directly.
Considering how many projects are out there which was made by a single person who just distributes tokens for airdrops for retweets, I would say a professional team who is willing to pay out for a bug bounty is vast improvement.
Still doesn't guarantee there won't be any bugs I agree, but at least it shows they are fairly professional on their approach. This also doesn't mean that we are going to see price be good or the project makes profit, but it's better than the zeros we see in the world.
The bounty-as-marketing thing is a real problem. Projects get to say they take security seriously while having every incentive to deny payouts when someone actually finds something.
They do not. While there are some places who have been decent, we have seen many DeFi apps that got hacked, and for that reason we cannot really see this be a problem and for that reason we shouldn't really be considering this as just because one place is good so far, doesn't mean it will stay good forever.
Just like how other places got hacked and scammed people, the places that are good so far could do that in the future as well. This is why there is nothing that we can do to know if that will happen or not.
It's clear that you can do bug bounty programs if you really want to make sure there are no bugs in your system, but the reality is that in most cases we are going to see these places not be as good as it gets and for that reason alone you are not going to end up with anything good.
For the time being, the best thing you can do at the moment would be making sure that it is going to end up with a lot better returns for the long term, and we should be avoiding places if possible. Just because they have bug bounty doesn't mean they won't steal from you, they may still steal the funding they get and that is why in most cases it will be a scam. So there is no prevention, it will always be a danger to invest with these.
Are you aware Binance and Bybit had been hacked before and other popular DeFi platform had suffered heavy hacks before? Even when bug bounty was done on them and nothing strength could be found.
I hope these bug bounty hackers do instruct the insider workers to be always watching their business interactions with outsiders. These way the trap is set in for hackers to intrude.
Ever since I lost so much money in apeswap DeFi platform, I stopped investing in any one at all.
Yeah, the so called decentralized finance isn't really decentralized after all just because some founders decided to be dishonest and people would go in with their money blindly.
Some even deployed a code without audit to save some money and cutting corner, truly a mess sometime.
I am not wondering, DeFi's do not stay safe, not as a concept. Sure there are ones who do stay safe, but that's individual success instead of a whole system, DeFi alone is not going to save you, just because you built one, it will save you if you do know what you are doing and make a good product but that is true for every type of project out there. So do not consider them safe automatically.
This shill by OP is just doing it to get some good SEO because bitcointalk has a high number and when you write something about it here, it's good dexing, and that means you are going to get a good backlink from a high grade website and that's why OP did it, do not read what he has to say like he actually means what he is saying.