Bug bounty platform Immunefi is launching a new system to improve cooperation between developers and security researchers at a time when hackers are wreaking havoc across the DeFi ecosystem.
To do this, Immunefi announced the launch of Vault Systems, a smart contract system that allows developers to safely deposit funds earmarked for paying hackers or researchers for reporting vulnerabilities in their code. The funds only get released to a hacker when a vulnerability report has been verified. The goal of this, says Immunefi founder Mitchell Amador, is to develop trust between two often cautious parties.
"Everyone in this relationship is nervous," Amador told Decrypt in an interview. "Project developers are very anxious that someone out there who they don't necessarily know has a big secret that could make their lives very difficult."
DeFi Hacks Usually Come Down to Poor Security: Halborn COO
The tech industry has had its eyes fixed on artificial intelligence, and cybersecurity professionals are lining up to find vulnerabilities and patch security holes in AI platforms like OpenAI's ChatGPT. But blockchain cybersecurity firm Halborn has kept its eyes on the ball, continuing to look for ways to support and secure Web3 projects. “I think as the ecosystem starts to mature, we'll start to see a slowdown of some of the dumb mistakes that a lot of projects are making, a lot of organizatio...
The relationship between the hacker community and project developers can be a complex one. Developers are especially nervous about their projects being exploited, but even well-intentioned hackers can also be wary of running into any legal peril for discovering vulnerabilities. And even when they do make a report, they worry that they won’t be properly acknowledged—or paid—for their work.
Immunefi aims to bridge the trust gap with Vault by demonstrating to both sides that there is a way to safely transact in this space, said Amador. The hope, he adds, is to motivate hackers sitting on the fence with knowledge of vulnerabilities to cash in on the intel in a secure setting.
"We can provide a compelling incentive for them to not do otherwise, but we can only capture them when they're in this undecided middle seat," said Amador.
Mixin Platform Suspends Deposits, Withdrawals After $200M Security Breach
Mixin Network was hit by an exploit on Sunday, resulting in a loss of up to $200 million, as reported in a tweet by the team earlier today. The project features a wallet for cross-chain asset transfers and a decentralized exchange to swap assets such as Bitcoin, Ethereum, XRP, Litecoin, and Dogecoin among others. In its statement, the Mixin Network team revealed that hackers attacked its “cloud service provider” with a potential “loss of assets worth up to $200 million.” [Announcement] In the e...
Improving security in this space takes on urgency at a time when more criminal hackers are having a field day on DeFi.
In the second quarter of 2023, there was a 63% increase in hacks of blockchains from the same time last year, according to an Immunefi report from July. The company also found that the bulk of the hacks happened on DeFi platforms, which lost $228 million across 79 incidents.
Over the weekend, the Mixin Network, a decentralized exchange for swapping digital assets, became the latest victim of a hack that cost it up to $200 million after attackers breached its cloud service provider.
DeFi Traders Lost $228 Million to Hackers in 3 Months
Hackers intensified their efforts to hack cryptocurrency projects in the past year and mostly had DeFi in their crosshairs, according to a new report from Immunefi. The report, compiled by the bug bounty platform Immunefi, found that overall hacks across blockchains went up by 63% in the second quarter of 2023 compared to the same period last year. Though total losses were down 60% from last year, ImmuneFi warned that the overall number of hacks has increased by 65% and losses from fraud rockete...
The DeFi space faces a dilemma of needing ever-more security to cover what is a “very broad attack surface" for hackers, said Amador. This, he adds, is an "extremely demanding task" in the best scenario, but expressed confidence that the still-nascent space was maturing when it comes to overall security.
The Immunefi founder predicts that large hacks will happen in the future “at a relative scale” to what he expects will be a much larger DeFi ecosystem. To that end, Amador says that it is paramount to build more trust within the community now to reduce any losses down the line.
"Every little thing that we do to increase the level of trust the security community can have with projects is going to lead to huge cascading benefits towards projects down into the future and users by extension," Amador told Decrypt.
