Prime white hats looking vulnerabilities throughout decentralized protocols in Web3 are incomes hundreds of thousands, dwarfing the $300,000 wage ceiling in conventional cybersecurity roles.
“Our leaderboard reveals researchers incomes hundreds of thousands per 12 months, in comparison with typical cybersecurity salaries of $150-300k,” Mitchell Amador, co-founder and CEO of bug bounty platform Immunefi, instructed Cointelegraph.
In crypto, “white hats” refers to moral hackers paid to reveal vulnerabilities in decentralized finance (DeFi) protocols. In contrast to salaried company roles, these researchers select their targets, set their very own hours and earn based mostly on the impression of what they discover.
Thus far, Immunefi has facilitated greater than $120 million in payouts throughout 1000’s of studies. Thirty researchers have already change into millionaires.
“We’re defending over $180 billion in complete worth locked throughout our applications,” Amador stated, including that the platform gives bounties of as much as 10% for important bugs. “These million-dollar payouts replicate the truth that many protocols have tens or a whole bunch of hundreds of thousands at stake from single vulnerabilities,” he stated.
Associated: New ModStealer malware targets crypto wallets throughout working programs
$10 million bug bounty saved billions
The most important single payout to a Web3 white hat was $10 million, awarded to a hacker who discovered a deadly flaw in Wormhole’s crosschain bridge. Amador stated that vulnerability may have vaporized billions.
Regardless of that vulnerability being uncovered, Wormhole suffered a $321 million exploit on its Solana bridge in 2022, the most important crypto hack of the 12 months. In Feb. 2023, Web3 infrastructure agency Soar Crypto and Oasis.app performed a “counter exploit” on the Wormhole protocol hacker, clawing again a complete of $225 million.
Amador revealed that important vulnerabilities account for the largest rewards. Prime researchers have pulled in between $1 million and $14 million, relying on the severity and scope of their findings. “These are the 100x hackers who can discover vulnerabilities others miss,” he stated.
Whereas the early years of DeFi had been tormented by sensible contract bugs, 2025 has seen an increase in “no-code” exploits like social engineering, compromised keys, and lapses in operational safety. Regardless of that shift, bridges stay probably the most profitable targets because of their crosschain complexity and the huge sums they safe.
Patterns have emerged within the sorts of initiatives that get breached most frequently. “DeFi protocols dealing with vital TVL and missing robust bounty applications are probably the most uncovered,” Amador stated. He warned that early-stage groups speeding to market with out safety measures, in addition to complacent established gamers, carry elevated dangers.
Associated: DeFi whale loses $40M as Kinto winds down and SwissBorg suffers hack: Finance Redefined
Crypto hackers stole $163 million in August
As Cointelegraph reported, crypto-related hacks and scams hit $163 million in losses in August, a 15% rise from July’s $142 million. Regardless of the spike, total incidents trended downward, with solely 16 assaults recorded in comparison with 20 in June.
Nearly all of losses got here from two main incidents. These embody a $91 million social engineering rip-off focusing on a Bitcoiner and a $50 million breach of Turkish change Btcturk.
Journal: Meet the Ethereum and Polkadot co-founder who wasn’t in Time Journal
