On June 12, a new Immunefi bug bounty program was launched in collaboration with Immutable. The initiative aims to reward external security researchers for discovering vulnerabilities in the gaming platform’s blockchain infrastructure. Rewards will vary based on risk level, with top payouts reaching $1,000,000 for the most critical findings. The program aims to reinforce the platform’s Web3 security posture as blockchain exploits continue increasing. Researchers can submit detailed proof-of-concept demonstrations to qualify for rewards under specific classification standards.
Structured Rewards Based on Severity of Vulnerabilities
The Immunefi bug bounty program’s tiered rewards address different risk categories, especially bugs that could affect user funds. Critical flaws risking asset loss or theft qualify for rewards between $50,000 and $1,000,000. High-severity issues such as permanent freezing or reward theft yield $5,000 to $20,000. Medium-risk findings, including denial-of-service conditions or excessive gas usage, receive $1,000. All submissions must include clear proof-of-concept evidence and adhere to Immunefi’s classification guidelines for vulnerability reports. Eligible participants must also complete KYC verification before receiving any rewards in USDC.
Smart contract bugs’ reward calculations are based on the financial impact of vulnerabilities. Critical flaws earn 10% of the affected funds’ value, subject to a minimum of $50,000. Cases involving the temporary freezing of assets see payouts increase by 100% for each full day the funds remain inaccessible. Maximum caps apply to ensure program sustainability and protect against disproportionate disbursements.
Program Rules and Eligibility Requirements
Researchers must comply with detailed testing guidelines to qualify for program participation and rewards. Participants must use only local blockchain forks for vulnerability tests, not mainnet or public testnets. Social engineering, denial-of-service attacks, third-party systems exploitation, and unauthorized data disclosures are strictly forbidden. Valid submissions require a clear demonstration of findings and adherence to eligibility criteria. All bounty recipients undergo KYC checks before payment. Payments are issued in USDC and denominated in United States dollars to simplify transactions.
Web3 Security Gains Attention Following Massive Exploits
Immutable’s partnership underscores the growing demand for robust Web3 security. This is because recent Web3 security concerns have underscored the importance of programs like this. This collaboration follows a first-quarter 2025 report of over $1.6 billion lost to on-chain exploits. By inviting independent experts to probe platform defenses, the approach aims to limit future breaches. External audits of code and architecture can uncover flaws before they become costly incidents. These proactive measures seek to set higher industry standards for blockchain-based applications.
Scope and Limitations of the Bug Bounty Program
The program’s scope encompasses smart contract bugs and vulnerabilities on Ethereum and zkEVM blockchains. This Immunefi bug bounty program applies to various smart contract components. These include bridge modules, adapter contracts, and standardized token templates. Excluded issues cover governance manipulation exploits, credential leaks, and flaws within unrelated third-party components. Findings outside the defined scope do not qualify for rewards under the Immunefi bug bounty program. This program is a part of an industry movement to increase overall Web3 security by protecting user assets against threats.
The post Immunefi and Immutable Launch a $1M Bug Bounty to Strengthen Web3 Security appeared first on Coinfomania.
