Bug bounty platform Immunefi has released its Whitehat Leaderboard — a scoring system that showcases the top 20 most elite white hats in Web3. The rank will measure a given white hat's skills and status amid Immunefi's security community, said the company at the Web Summit on Nov 4.
A white hat hacker is someone who identifies security vulnerabilities by testing an organization's information technology security. In Immunefi's community, the top 10 white hats alone have generated over $42 million in total earnings by disclosing critical vulnerabilities that have led to big bounty payments in the software industry.
In the leaderboard, white hats will be daily classified by the number and severity of paid reports, as well as total earnings made. The hackers in Immunefi's community reviews projects’ blockchain and smart contract code, disclosing vulnerabilities and being paid for it. The rewards are based on the severity of the vulnerability discovered.
Mitchell Amador, founder and CEO at Immunefi, noted in a statement:
“As the volume of saved funds continues to grow, the leaderboard is another opportunity to give our white hats the recognition they deserve, as well as to encourage them to keep pushing the boundaries to make the web3 ecosystem safer.”
According to the company, white hats who rank on the leaderboard will also be selected to earn further rewards, all-expenses-paid trips, exclusive merch, and speaking opportunities on a regular basis. Created in 2020, Immunefi claimed to have saved over $25 billion in user funds and paid out over $62 million in bounties. The platform currently supports 300 projects across multiple crypto sectors, helping the industry players save funds stored in smart contracts.
Amid the top bounties paid for white hats in the past two years, Immunefi facilitated payment for the discovery of a critical bug in the Wormhole core bridge contract on Ethereum, which led to the record-breaking bug bounty of $10 million for a white hat identified as satya0x, as well as the critical infinite spend bug found in Aurora Engine with a $6 million payout for white hat pwning.eth.
Security vulnerabilities had been among the challenges in the crypto industry this year. On Oct. 11, a hacker manipulated the value of the Mango Markets’s native token, MNGO, to achieve higher prices. The attacker took out significant loans against the inflated collateral, draining Mango’s treasury. After a proposal on Mango’s governance forum was approved, the hacker was allowed to keep $47 million as a “bug bounty,” while $67 million was sent back to the treasury.