Welcome to Web3, cybersecurity’s most rewarding frontier

On Immunefi, hackers secure web3, save funds from theft, and get paid the world's largest bug bounties.

What is Immunefi?

Immunefi is the leading bug bounty platform for web3 with the world’s largest bug bounties. We offer legendary response times and top-notch support for our hackers.

We’re able to offer the world’s largest bounties because the web3 assets we protect–blockchains, NFT projects, smart contracts–are the world’s most valuable assets.

For example, a vulnerability in a smart contract holding $1 billion represents an incredibly valuable asset, a potential big bounty payout, and a revolution in cybersecurity. That’s why we call it the Web3 Security Revolution.

Here's a sample of some bounty rewards whitehats have earned:

  • Whitehat satya0x was paid $10 million for a critical bug found in Wormhole.

  • Whitehat pwning.eth was paid $6 million for a critical bug found in Aurora.

  • Whitehat Leon Spacewalker was paid $2.2 million for a critical bug in Polygon.

  • Whitehat Saurik was paid $2 million for a critical bug in Optimism.

How Does Immunefi Work?

It’s pretty straightforward.

  1. Explore bounties

We have over $162m in bug bounties available with the best projects in Web3. Explore our bounties and find programs that best match with your skills.

  1. Review code

Read bounty requirements and review code that’s in scope. Out of scope bugs do not get paid.

  1. Submit bugs

When you find a vulnerability, create an account and submit the bug via the Immunefi bugs platform. We have the fastest response time in the industry.

  1. Get paid

After confirming the validity of the bug, we'll work with you and the client to fix it and get you paid for your hard work.

If you’re looking for more information on how to create the best bug report submissions, you can check out our guide: A Hacker’s Guide to Submitting Bugs on Immunefi.

Why Hunt on Immunefi

  • Immunefi has the largest bug bounties on any platform, period. Since we started, we’ve already paid out +$100,000,000 in bounties
  • Web3 vulnerabilities are the most high stakes puzzles in the world. Find a bug and prove that there's no challenge you can't crack.


The FAQ is available on Immunefi Support.

Severity Classification Systems

Immunefi maintains a master list of severity classification systems used across our bug bounty programs for determining the severity level of bug reports. This list can be found here.