We do the research, you get the alpha!
Bug bounty platform Immunefi is launching a new system to improve cooperation between developers and security researchers at a time when hackers are wreaking havoc across the DeFi ecosystem.
To do this, Immunefi announced the launch of Vault Systems, a smart contract system that allows developers to safely deposit funds earmarked for paying hackers or researchers for reporting vulnerabilities in their code. The funds only get released to a hacker when a vulnerability report has been verified. The goal of this, says Immunefi founder Mitchell Amador, is to develop trust between two often cautious parties.
"Everyone in this relationship is nervous," Amador told Decrypt in an interview. "Project developers are very anxious that someone out there who they don't necessarily know has a big secret that could make their lives very difficult."
The relationship between the hacker community and project developers can be a complex one. Developers are especially nervous about their projects being exploited, but even well-intentioned hackers can also be wary of running into any legal peril for discovering vulnerabilities. And even when they do make a report, they worry that they won’t be properly acknowledged—or paid—for their work.
Immunefi aims to bridge the trust gap with Vault by demonstrating to both sides that there is a way to safely transact in this space, said Amador. The hope, he adds, is to motivate hackers sitting on the fence with knowledge of vulnerabilities to cash in on the intel in a secure setting.
"We can provide a compelling incentive for them to not do otherwise, but we can only capture them when they're in this undecided middle seat," said Amador.
Improving security in this space takes on urgency at a time when more criminal hackers are having a field day on DeFi.
In the second quarter of 2023, there was a 63% increase in hacks of blockchains from the same time last year, according to an Immunefi report from July. The company also found that the bulk of the hacks happened on DeFi platforms, which lost $228 million across 79 incidents.
Over the weekend, the Mixin Network, a decentralized exchange for swapping digital assets, became the latest victim of a hack that cost it up to $200 million after attackers breached its cloud service provider.
The DeFi space faces a dilemma of needing ever-more security to cover what is a “very broad attack surface" for hackers, said Amador. This, he adds, is an "extremely demanding task" in the best scenario, but expressed confidence that the still-nascent space was maturing when it comes to overall security.
The Immunefi founder predicts that large hacks will happen in the future “at a relative scale” to what he expects will be a much larger DeFi ecosystem. To that end, Amador says that it is paramount to build more trust within the community now to reduce any losses down the line.
"Every little thing that we do to increase the level of trust the security community can have with projects is going to lead to huge cascading benefits towards projects down into the future and users by extension," Amador told Decrypt.