The hunting vulnerabilities of superior white hats through decentralized web3 protocols are winning millions, eclipseing the salary roof of $ 300,000 in traditional cybersecurity roles.
“Our classification table shows researchers who earn millions per year, compared to typical cybersecurity salaries of $ 150-300k,” Mitchell Amador, co-founder and CEO of Bug Bounty Platform Imunefi told Cointelegraph Mitchell Amador, co-founder and CEO.
In Crypto, “White Hats” refers to the ethical pirates paid to reveal vulnerabilities in decentralized finance protocols (DEFI). Unlike salaried corporate roles, these researchers choose their objectives, establish their own hours and win according to the impact of what they find.
Until now, Immunefi has facilitated more than $ 120 million in payments in thousands of reports. Thirty researchers have already become millionaires.
“We are protecting more than $ 180 billion in total value blocked in our programs,” said Amador, adding that the platform offers rewards of up to 10% for critical errors. “These payments of one million dollars reflect the reality that many protocols have dozens or hundreds of millions at the game of individual vulnerabilities,” he said.
Related: The new Modstealer malware is aimed at encryption wallets in operating systems
$ 10 million error reward saved billions
The largest individual payment to a white web Amador said that vulnerability could have vaporized billions.
Although this vulnerability was discovered, Wormhole suffered an exploit of $ 321 million in its Solana bridge in 2022, the greatest cryptographic hacking of the year. In February 2023, the web3 Jump Crypto and Oasis.app infrastructure firm made an “exploit accountant” in the Wormhole Protocol computer pirate, raising a total of $ 225 million.
Amador revealed that critical vulnerabilities represent the greatest rewards. The main researchers have achieved between $ 1 million and $ 14 million, depending on the gravity and reach of their findings. “These are the 100 times computer pirates that can find vulnerabilities that others miss,” he said.
While Defi’s first years were plagued with intelligent contract errors, 2025 has seen an increase in “non -code” exploits such as social engineering, committed keys and lapses in operational security. Despite that change, the bridges remain the most lucrative objectives due to their complexity of cross chain and the vast sums that they ensure.
Patterns have emerged in the types of projects that are most frequently violated. “The protocols define that they handle significant TVL and that lack strong rewards programs are the most exposed,” Amador said. He warned that the initial stage teams are rushed to the market without security measures, as well as establishing complacing players, carry high risks.
Related: Defi Ballena loses $ 40 million when Kinto ends and Swissborg suffers Hack: Redfinid Finance
Cryptographic computer pirates stole $ 163 million in August
As Cointelegraph reported, the hacks and scams related to cryptocurrencies reached the losses of $ 163 million in August, an increase of 15% of the $ 142 million in July. Despite the increase, general incidents tended downward, with only 16 registered attacks compared to 20 in June.
Most losses come from two main incidents. These include a social engineering scam of $ 91 million that addresses a bitcoiner and a violation of $ 50 million BTCTURK by Exchange Turkish.
Magazine: Meet the co -founder of Ethereum and Polkadot who was not in Time in Time magazine