Bug bounty platform Immunefi has released its Whitehat Leaderboard — a scoring system that showcases the top 20 most elite white hats in Web3. The ranking will measure a given white hat’s skills and status in Immunefi’s security community, the company said at the Web Summit on Nov. 4.
White hat hackers identify security vulnerabilities by testing an organization’s information technology security. In Immunefi’s community, the top 10 white hats alone have generated over $42 million in total earnings by disclosing critical vulnerabilities that have led to big bounty payments in the software industry.
The leaderboard will classify white hats daily by the number and severity of paid reports and total earnings. The hackers in Immunefi's community review projects’ blockchain and smart contract code, disclosing vulnerabilities and being paid for it. The rewards are based on the severity of the vulnerability discovered.
Mitchell Amador, founder and CEO at Immunefi, noted in a statement:
“As the volume of saved funds continues to grow, the leaderboard is another opportunity to give our white hats the recognition they deserve, as well as to encourage them to keep pushing the boundaries to make the web3 ecosystem safer.”
According to the company, highly ranked white hats will be selected to earn further rewards like all-expenses-paid trips, exclusive merch and regular speaking opportunities. Created in 2020, Immunefi claims to have saved over $25 billion in user funds and paid over $62 million in bounties. The platform supports 300 projects across multiple crypto sectors, helping industry players save funds stored in smart contracts.
Some of the top bounties paid to white hats in the past two years were facilitated by Immunifi. They include the $10 million record-breaking bug bounty paid to hacker Ssatya0x for discovering a critical bug in the Wormhole core bridge contract on Ethereum and $6 million paid to white hat Pwning.eth for revealing the infinite spend bug found in the Aurora Engine.
Security vulnerabilities have been among the challenges in the crypto industry this year. On Oct. 11, a hacker manipulated the value of Mango Markets’ native token, MNGO, to achieve higher prices. The attacker took out significant loans against the inflated collateral, draining Mango’s treasury. After a proposal on Mango’s governance forum was approved, the hacker was allowed to keep $47 million as a bug bounty, and $67 million was sent back to the treasury.