MakerDAO, the decentralized organization (DAO) behind the DAI stablecoin, is rolling out a bug bounty program with Immunefi, the leading crypto security services platform—promising a record payout of $10 million to whitehat hackers who identify vulnerabilities in its smart contracts.

With a maximum single payout of $10 million in DAI, MakerDAO’s bug bounty program claims to be not only the largest hosted on Immunefi, but also the biggest in the entire tech space.

"We take the security of our smart contracts and the Maker protocol very seriously and are thrilled to be working with Immunefi," Derek Flossman, head of Protocol Engineering Core Unit at MakerDAO, told Decrypt.

Similar to other projects that chose Immunefi to safeguard their protocols from vulnerabilities, the MakerDAO bug bounty program includes separate scales for smart contracts, websites and apps within the ecosystem, primarily taking into consideration the volume of funds at risk.


According to Keith Travin Keith, co-founder of Immunefi and facilitator of the CU, since the launch of the initiative, the company has “engaged with the Maker ecosystem in improving the security around the space and [...] collaborated with many other core units."

"Now, we're glad to announce one of the key pillars of our mandate, which is to launch and maintain a bug bounty program that will help MakerDAO ensure its safety," he added.

With a market cap of about $9.8 billion, DAI is currently the industry’s 20th largest crypto asset. The first decentralized stablecoin on the Ethereum blockchain, DAI is also one of the key assets in the booming DeFi sector, integrated in more than 1,000 decentralized apps (dapps) and services, including wallets, DeFi platforms, games and more.

Immunefi, which raised $5.5 million in funding in October last year, teamed up with MakerDAO in August 2021 to form the Immunefi Security Core Unit (CU), a contracted team within the Maker ecosystem, to provide security services for MakerDAO.


Crypto bug bounties break records

Crypto projects are offering big payouts to whitehat hackers who identify vulnerabilities in their projects; Immunefi's previous record-breaking bug bounty program, offering payouts of up to $3.3 million, was launched by OlympusDAO in January. To date, the platform’s largest payout of $2 million was awarded to a security researcher who found a critical vulnerability in the Polygon Plasma Bridge last year.

By comparison, the rewards offered by traditional tech companies such as Microsoft, Intel, or Google, are orders of magnitude lower; the largest single award by Microsoft recorded in its 2021 Year in Review was $200,000.

Today, Immunefi protects over $100 billion in user funds locked across multiple DeFi protocols and smart contracts. Projects that host their bug bounty programs on Immunefi include Synthetix, Chainlink, SushiSwap, PancakeSwap, Bancor, Cream Finance, Compound, and many more.

According to the company, since its launch, the platform has paid over $10 million in bounties to whitehat hackers.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.