Top white hats in hunting weaknesses throughout the decentralized web3 protocols earn millions, dwarfing the $ 300,000 salary ceiling in traditional cybersecurity duties.
“Our leaderboard shows researchers earning millions each year, compared to the usual cybersecurity salaries of $ 150-300K,” Mitchell Amador, co-founder and CEO of Bug Bounty Platform Immunefi, said in cointelegraph.
In crypto, the “white hat” refers to ethical hackers paid to reveal weaknesses to Decentralized Finance (DEFI) Protocols. Unlike the salaries of corporate duties, these researchers chose their targets, set their own time and earn based on the impact they found.
To date, Immunefi has facilitated more than $ 120 million in payouts in thousands of reports. Thirty researchers became millionaires.
“We protect more than $ 180 billion in the total amount locked in our programs,” Amador said, adding that the platform offers bounties up to 10% for critical bugs. “These million dollars payout reflect the fact that many protocols have tens or hundreds of millions at the same weakness,” he said.
Related: New Modstealer Malware targets crypto wallets across the operating systems
$ 10 million bug bounty saved billions -Billion
The largest single payment on a web3 White Hat is $ 10 million, awarded a hacker who found a deadly flaw in the wormhole crosschain bridge. Amador said the weakness could have a steam billion -billion.
In spite of that weakness there is no cover, wormhole Suffered a $ 321 million exploitation On its Solana bridge in 2022, the largest crypto hack of the year. In February 2023, web3 infrastructure firm Jump Crypto and Oasis.App conducted a “counter exploit” In the wormhole protocol hacker, which attaches a total of $ 225 million.
Amador announced that critical account weaknesses for the greatest reward. Top researchers pulled between $ 1 million and $ 14 million, depending on the severity and scope of their findings. “These are 100x hackers who can find weaknesses that others miss,” he said.
While the first years of the Defi were struck by intelligent contract bugs, 2025 saw an increase of “no-code” exploiting such as social engineering, compromised keys, and operating security lapses. Despite that transfer, bridges remain the most profitable targets because of their complexity of crosschain and the wide sum they secure.
Patterns appear in these types of projects that often break down. “The defi protocols that hold significant TVL and the absence of powerful large amounts are the most exposed,” Amador said. He warned that early -stage teams rushing to the market without security measures, as well as satisfied with established players, are taking high risks.
Related: Defi Whale loses $ 40m while Kinto Winds and Swissborg suffer from hack: the financial re -defined
Crypto hackers stole $ 163 million in August
As reported by Cointelegraph, crypto -related hacks Press $ 163 million in losses in Augusta 15% increase from $ 142 million of July. Despite the Spike, the general incidents collapsed down, with 16 attacks recorded compared to 20 on June.
Most of these losses come from two major incidents. Includes a $ 91 million social engineering scam Targeting a bitcoiner and a $ 50 million violations of Turkish Exchange BTCTURK.
Magazine: Meet Ethereum and Polkadot co-founder who is out of time magazine
