Immunefi, founded in December 2020 by Mitchell Amador with the singular mission of safeguarding crypto, presents an impressive set of numbers. An estimated 92.33% of blockchain’s critical vulnerability disclosures flow through Immunefi, representing 1,143 critical disclosures. Around 80% of projects uncover critical vulnerabilities through Immunefi that were previously missed by top-tier audits. The platform has helped secure over $190B in user funds across 650+ protocols, including DeFi platforms, Layer 1s, Layer 2s, infrastructure providers, and broader digital asset ecosystems.
To date, more than $25B in potential hack damage has been prevented, often involving vulnerabilities that could have led to full protocol drains or systemic failures. Immunefi has also paid out over $135M in bounties to security researchers and built the largest community of whitehat hackers focused specifically on onchain security, with more than 80,000 participants.
Amador, who previously drove crypto’s first social media platform Steemit to a billion-dollar valuation and millions of users, and pioneered Portugal’s crypto legislation through Instituto New Economy, witnessed firsthand the meteoric rise of DeFi. At the start of 2020, total value locked (TVL) stood at roughly $700M; by year-end, it had surged to approximately $15B, a nearly 2,000% increase, according to RugDoc. Often referred to as the “DeFi Summer,” this period marked DeFi’s transition from a niche segment to a mainstream within the crypto ecosystem, fueled in part by the launch of the $COMP governance token by Compound Finance in June 2020.
However, this rapid crypto growth also attracted cybercriminals. In September 2020, hackers compromised Singapore-based KuCoin’s hot wallets, stealing approximately $285M in cryptocurrencies. Amador observed that while the talent to prevent and respond to such attacks existed within the community, there was no unified mechanism to bring it together. Whitehat hackers lacked structured incentives to secure protocols. He founded Immunefi to secure the crypto ecosystem by mobilizing an army of whitehat hackers.
Immunefi: Helping Protocols Stay Ahead of Threats
Immunefi began with a focus on bug bounty programs, building a platform that incentivizes security researchers – whitehat hackers – to identify and responsibly disclose vulnerabilities in smart contracts and decentralized applications before they could be maliciously exploited.
“This approach proved critical, and Immunefi became the market leader for onchain bug bounty programs (BBPs), preventing billions in hacks and paying out some of the largest bounties in the history of Web3,” says Mitchell Amador, Founder and CEO of Immunefi.
This model enabled Immunefi to collaborate with leading protocols such as Chainlink, the Ethereum Foundation, Optimism, Arbitrum, and many others. Its clientele spans major DeFi protocols, Layer 1 and Layer 2 ecosystems, bridges, and infrastructure projects, including Aave, Wormhole, Synthetix, EigenLayer, Scroll, GMX, Nexus Mutual, and Yearn.
One notable example of Immunefi’s impact is its work with Polygon. In October 2021, a whitehat security researcher, Gerhard Wagner, submitted a critical vulnerability report through Immunefi concerning Polygon’s Plasma Bridge – the core infrastructure connecting Ethereum and Polygon. The vulnerability could have allowed an attacker to exit their burn transaction up to 223 times, putting approximately $850M in user funds at risk.
Within 30 minutes of Immunefi’s triage team confirming and escalating the issue, Polygon acknowledged the vulnerability and began implementing a fix. Wagner received a $2M bounty for his responsible disclosure.
“This case captures what Immunefi is built to do: connect world-class security researchers with the protocols that need them most, facilitate rapid and coordinated responses, and ensure that critical vulnerabilities are resolved before they can be exploited,” adds Amador.
Magnus: Shaping the Next Era of Web3 Security
In 2025, Immunefi introduced Magnus, a unified SecOps command center for the onchain economy. This marks a significant evolution for the company from being a “bug bounty platform” to a full lifecycle platform that covers development, deployment, and live monitoring.
Amador notes that historically, crypto security has been fragmented, often relying on one-off audits, standalone bounty programs, and layered monitoring solutions. This model, he explains, is reactive and incomplete. Magnus addresses this by unifying the entire onchain security stack into a single command center, incorporating bug bounties, invite-only programs, audit competitions, audits, pull request reviews, multisig transaction reviews, real-time monitoring, brand protection, and more. These capabilities are integrated from leading security providers across categories.
The platform is also designed to learn continuously from diverse threat intelligence sources, including audits, bug reports, and code reviews, to build on what is already one of the largest proprietary datasets of blockchain vulnerability intelligence.
Magnus arrives at a time when the onchain economy continues to expand. According to CoinLaw, DeFi TVL has grown from approximately $123.6B in mid-2025 to an estimated $130-140B in early 2026. With this growth, the threat landscape has also become more sophisticated.
“Smart contract exploits are no longer the only risk. Today’s major losses increasingly stem from multisig compromises, governance manipulation, social engineering, AI-driven phishing, and operational failures,” explains Amador.
A striking example is the February 2025 breach involving Bybit, where attackers, identified as the Lazarus Group, reportedly linked to North Korea, stole approximately $1.5B in digital assets. The attack stemmed from manipulated multisignature wallet operations rather than smart contract vulnerabilities, marking it as the largest crypto hack to date.
“As a result, security can no longer be a one-time event. It must be continuous, integrated, and intelligence-driven. Organizations that succeed in the onchain era will treat security as a strategic operating function, not a compliance checkbox,” advises Amador.
Through Codexa, Immunefi’s proprietary dataset of historical exploits, vulnerability reports, and remediation patterns, Magnus delivers a continuously improving security system that adapts alongside its clients.
“With Magnus, Immunefi is opening a new chapter for onchain security – unified, intelligent, and always-on,” remarks Amador.
The Core Advantages Driving Immunefi’s Growth
Immunefi’s trajectory is supported by three key structural advantages.
Distribution is the first. The company secures a significant portion of the onchain economy’s core infrastructure and currently protects an estimated 70% of all DeFi TVL.
Talent is the second. Immunefi has built the largest and most specialized network of crypto security researchers globally. These whitehat hackers bring deep expertise in smart contract vulnerabilities, cryptographic systems, and onchain attack vectors.
“Because we have established a reputation for fair and transparent triage, the best researchers consistently choose to work through Immunefi,” says Amador. This concentration of expertise drives both the platform’s effectiveness and its high rate of vulnerability disclosures. Increasingly, this talent pool also includes advanced AI-driven vulnerability detection systems.
Trust forms the third pillar. Amador has led or participated in numerous onchain war rooms, helping prevent billions in potential losses and facilitating the recovery of millions in stolen funds. He also developed the Scaling Bug Bounty Standard and played a central role in driving the adoption of bug bounty programs as a core security practice in Web3. Additionally, he contributed to the Whitehat Safe Harbor framework as part of SEAL’s founding working group.
“Protocols and institutions rely on us because we’ve already protected more value than anyone else in Web3,” he notes.
A fourth advantage lies in innovation. Immunefi continues to expand the capabilities of Magnus, deepen AI-driven defenses, and leverage the IMU token, designed as a governance and incentive coordination mechanism, to better align protocols, researchers, and community contributors around security outcomes.
Making Crypto Safer for Everyone
Immunefi is entering a phase where onchain exposure will extend across institutions, including banks, asset managers, and sovereign entities. Stablecoins alone have surpassed $200B in market size and continue to grow, signaling an inevitable migration of capital onchain.
However, large-scale adoption will depend on security. If even 3% or more of assets are stolen annually, institutional confidence will be limited
“Our mission is to make crypto safer than traditional finance by 2030 and secure all value coming onchain,” concludes Amador.
Explore more articles:
The Busy Executive’s Guide to Reading Penetration Testing Reports and Spotting Red Flags
How Crypto Is Impacting the Construction World
John T Marcante: 3 Key Questions for Boards Amid Global IT Outages and Cyber Disruptions
