Immunefi is the leading bug bounty platform for Web3 with the world’s largest bug bounties. We offer legendary response times and top-notch support for our hackers.
We’re able to offer the world’s largest bounties because the Web3 assets we protect–blockchains, NFT projects, smart contracts–are the world’s most valuable assets.
A vulnerability in a smart contract holding $800 million represents an incredibly valuable asset, a potential big bounty payout, and a revolution in cybersecurity. That’s why we call it the Web3 Security Revolution.
One of our whitehats, Leon Spacewalker, was paid $2.2 million for a critical bug he found in Polygon.
It’s pretty straightforward.
Explore bounties
We have over $73m in bug bounties available with the best projects in Web3. Explore our bounties and find programs that best match with your skills.
Review code
Read bounty requirements and review code that’s in scope. Out of scope bugs do not get paid.
Submit bugs
When you find a vulnerability, create an account and submit the bug via the Immunefi bugs platform. We have the fastest response time in the industry.
Get paid
After confirming the validity of the bug, we'll work with you and the client to fix it and get you paid for your hard work.
If you’re looking for more information on how to create the best bug report submissions, you can check out our guide: A Hacker’s Guide to Submitting Bugs on Immunefi.