ImmuneFi Founder Warns of Professional DeFi Hackers Making Hacking a Full-Time Career

Last updated:

Web 3 Journalist

Tim Hakki

Web 3 Journalist

Tim Hakki

About Author

A journalist and copywriter with a decade’s experience across music, video games, finance and tech.

Last updated:

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.

The founder of Web3 bug bounty platform ImmuneFi, Mitchell Amador, has issued a stark warning that hackers are making a “full-time job” of attacking decentralized finance (DeFi) protocols.

His words come while a spate of high-profile hacks rock the industry just as the pro-crypto Donald Trump is about to take office, with many in the industry hoping for some long-needed regulatory clarity to help drive out the bad actors.

Amador said at the recent Decrypt Web Summit that hacking DeFi protocols has become “an infinitely sustainable and viable business” as hackers seek to unleash “more damage than ever.”

He pointed to their wide skillset nowadays, and said that even when they’re not hacking, they could be front-running trades using MEV bots, which essentially monitor pending human trades, select the most profitable, and place it before the trader does.

Amador also said North Korean hackers’ recent looting of Radiant Capital for $50 million for $50 million was “very exotic”. He said of it that “human beings are always the weakest link”, elaborating: “They went after the private keys by compromising the underlying machines and spoofing transactions in this funky kind of man-in-the-middle attack.”

Still, Amador remains optimistic about the growing safety of crypto in general, a safety which his company is doing many things to advance. ImmuneFi is hosting what it claims is the world’s largest bug bounty contest, offering $1.5 million for hackers who find lethal vulnerabilities in Ethereum, the world’s biggest high-functionality smart contract blockchain.

Finally, Amador believes the Republican party’s recent talk about creating a Federal Bitcoin reserve, is pressuring European countries to “begin adopting crypto more aggressively and to become much more friendly as a result. I’ve seen this with my own eyes.” The knock-on effect of this, he explains, will be heightened security across the industry.

ImmuneFi polices bug bounty sector

Last month, ImmuneFi suspended white hat security firm Trust Security for 90 days following allegations the latter had unfairly denied bug bounty payment.

Trust Security on its part accused Immunefi of impartiality by siding with a project that allegedly dismissed a critical vulnerability that enables fund theft.

The controversy began on November 12, when Trust Security disclosed on X that its team had discovered a critical theft-of-funds vulnerability on a forked mainnet of an undisclosed project.

It shared the vulnerability with Immunefi, intending to secure a bounty for the identification of a critical bug.

Immunefi claimed the bug was ineligible for a full bounty and offered a smaller payout, which Trust Security rejected, claiming ImmuneFi was backing a “nonsense argument” by the project under scrutiny.

“We’d rather expose the scam and warn hackers than take a few extra Ks in our pocket,” said Trust Security.