"If you're not using Immunefi, you're not taking security seriously." - Jaynti Kanani, Polygon Co-Founder

Secure your project, sleep well at night, and show you take security seriously. Launch your bug bounty program with Immunefi.

Who We Are

Immunefi is the leading bug bounty and security services platform for Web3, which features the world’s largest bounties. Immunefi guards over $60 billion in user funds across projects like Synthetix, Chainlink, SushiSwap, MakerDAO, Wormhole, GMX, Alchemix, Nexus Mutual, and many others.

Immunefi is chain-agnostic: we host bug bounties for blockchain projects across all chains and networks.

What We Offer

We host bug bounties for blockchain projects by providing a platform to bring projects and hackers together, so that hackers can report bugs responsibly and projects can fix those vulnerabilities securely.

As part of that process, we offer:

The Whitehat Army

  • Talent is scarce and hard to bring together, so we’re continuously growing the best Web3 and DeFi security experts in the industry to do an ongoing code review of your project. It’s not uncommon that security researchers turn up vulnerabilities within minutes or hours of a bug bounty program going live

A Secure Dashboard

  • The Immunefi Bugs Platform is a secure and convenient way to receive bug reports
  • Receive bug reports in the same place they are reported
  • Manage all existing reports
  • Multiple team members can be added
  • Free for all Immunefi clients

PR and Comms Support

  • We write highly viewed and shared bugfix reviews for vulnerabilities, reminding the crypto community how much your project takes security and responsibility seriously
  • We advise on how to communicate about a patched vulnerability
  • PR assistance depending on press coverage likelihood

How Does It Work?

Onboarding and Launch Process

  • After clients fill out an Immunefi bug bounty onboarding form, they receive a questionnaire
  • Immunefi begins drafting up a bug bounty program based on answers to those questions
  • The draft is sent to clients for review
  • After modifications are done, the process is handed over to Immunefi’s launch specialist
  • The launch specialist works with the project’s marketing team to figure out the launch time and bounty PR/marketing details

Sounds Great, How Do We Sign Up?

If you’re a project looking to show your users and the world that you take responsibility and security seriously, sign up for a bug bounty here, and we’ll begin the onboarding process.

We aim to get back to all projects expressing interest within 5 business days.

FAQ

The FAQ for projects is available on Immunefi Support.

Severity Classification Systems

Immunefi maintains a master list of severity classification systems used across our bug bounty programs for determining the severity level of bug reports. This list can be found here.