Where 92% of Web3's Critical Bugs Are Found
Independent security researchers find and responsibly report vulnerabilities in your code before attackers can exploit them. Immunefi is the leading platform for onchain bug bounties, protecting over $190 billion in user funds.TRUSTED BY
Why a Bug Bounty Program?
An audit is a snapshot. It reviews your code at a single point in time, then your codebase keeps evolving and the coverage ends. A bug bounty program keeps thousands of skilled researchers examining your live code around the clock, for as long as your program runs.
of long-running bug bounty programs on Immunefi have surfaced at least one critical vulnerability. The question is not whether a critical bug exists in your code. It is who finds it first.
What You Get with Immunefi
A bug bounty program is only as strong as the researchers behind it. Immunefi hosts the largest, most active community of Web3 security researchers in the world.
registered security researchers
The largest pool of Web3 security talent anywhere. Your program reaches more researchers here than on any other platform.
critical mainnet bugs found
Critical vulnerabilities found and responsibly reported on live protocols, billions in losses prevented.
critical found per business day
On average, our community surfaces one critical vulnerability every business day. No internal team can replicate that coverage.
paid in bounties
Rewards scale with severity. The largest payouts in security history have gone through Immunefi, which is why the best researchers work here.
$190B+ Protected
Trusted by Chainlink, MakerDAO, Wormhole, The Graph, Polygon, Optimism, and 500+ protocols
Unrivaled Expertise
Elite researchers. Real impact. The largest, most active security community in Web3.

How It Works
Program Design
We define scope, assets, impacts, and rewards together, applying what we have learned from 500+ program launches.
Launch & Co-Marketing
A coordinated launch puts your program in front of 83,000+ researchers from day one.
Researchers Review Your Code
Continuous, global analysis of your in-scope assets, focused on vulnerabilities with real financial impact.
Reports Come In
Detailed submissions with proof of concept and impact analysis, not vague tips.
Triage & Validation
Your team or Immunefi's Managed Triage validates reports, filters the noise, and delivers decision-ready briefs.
Fix & Reward
You patch before exploitation, the researcher gets paid, and the vulnerability never becomes a headline.
Products & Services
BBP Subscription
Annual flat fee, zero commission on payouts
Run your core bug bounty program with predictable costs: the subscription removes the 10% platform fee on all payouts and adds integrations (Slack, Discord, PagerDuty), dedicated support hours, and self-serve program management through Magnus. For teams ready to run a professional, ongoing program.
Enterprise Subscription
Your program, run end-to-end by Immunefi
Managed Triage included by default, a dedicated account manager, multi-program support, custom program design, and bespoke co-marketing. You keep final decision power, we handle the day-to-day.
Premium BBP
Vetted senior researchers only
An add-on that restricts submissions to a curated pool of experienced, vetted researchers. Dramatically less noise, consistently higher-quality reports.
Managed Triage
We handle the reports. You make the decisions.
We filter, validate, and prioritize every submission so your engineers only see actionable findings. Less time sorting, more time fixing what matters.
Don't Just Audit. Defend.
Launch your bug bounty program on the platform trusted by 500+ of Web3's leading protocols.
Launch Your Program