Bug bounty cuts are setting crypto up for billion-dollar hacks

Platforms are capping bug bounty rewards to cut costs, creating dangerous incentives that could lead to billion-dollar crypto hacks instead of disclosures.

Opinion by: Mitchell Amador, founder and CEO of Immunefi

Crypto’s best defense against catastrophic hacks isn’t code — it’s incentives. Bug bounties have prevented billions in losses, and it’s important to emphasize that these billions could have been exploits, not responsible disclosures, if the right incentives hadn’t been set up. This protection only works when the incentives for white hat behavior clearly outweigh those for exploitation, and current market trends are now tilting that balance in dangerous ways.

The scaling bug bounty standard means the reward size should grow with the amount of capital at risk. If a vulnerability could drain $10 million, the bounty should offer up to $1 million. These are life-changing incentives for security researchers to disclose rather than exploit, and they’re cost-effective for protocols compared to the devastating alternative of getting hacked. This scaling approach protects entire protocols from destruction and ensures the continual growth of onchain finance.