Top white hat hackers are finding security vulnerabilities in Web3 decentralized protocols, earning annual incomes reaching millions of dollars, far exceeding the $300,000 salary cap of traditional cybersecurity positions.
Cointelegraph reports that Mitchell Amador, co-founder and CEO of the bug bounty platform Immunefi, stated, "Our leaderboard shows that researchers can earn millions annually, while traditional cybersecurity positions typically pay between $150,000 and $300,000."
In the crypto industry, "white hats" refer to ethical hackers who are compensated for disclosing security vulnerabilities in decentralized finance (DeFi) protocols. Unlike fixed-salary positions in companies, these researchers can choose their targets, set their work hours, and earn income based on the impact of the vulnerabilities they discover.
The Immunefi platform has distributed over $120 million in bounties, covering thousands of vulnerability reports, with 30 researchers becoming millionaires as a result.
Amador stated that the platform protects over $180 billion in total locked value (TVL) for its projects. He added that the maximum bounty for critical vulnerabilities can reach 10%, with these million-dollar bounties established because many protocols could face risks of tens of millions or even hundreds of millions of dollars due to a single vulnerability.
The highest single bounty earned by a Web3 white hat was $10 million, awarded to a hacker who discovered a critical vulnerability in the Wormhole cross-chain bridge. Amador noted that this vulnerability could have led to the loss of billions in assets.
Despite the discovery of the vulnerability, Wormhole suffered a $321 million attack on its Solana (SOL) bridge in 2022, becoming the largest crypto hacking incident of that year. In February 2023, Web3 infrastructure company Jump Crypto and Oasis.app executed a "reverse operation" against the Wormhole protocol hacker, recovering $225 million.
Amador revealed that significant vulnerabilities bring the highest rewards. Top researchers earn bounties ranging from $1 million to $14 million based on the severity and scope of the vulnerabilities discovered. He stated that these individuals possess exceptional vulnerability detection capabilities.
Although early DeFi frequently experienced smart contract vulnerabilities, by 2025, "no-code" attacks are expected to increase, including social engineering attacks, key leaks, and operational security negligence. Nevertheless, cross-chain bridges remain the most attractive targets for attacks due to their complex structures and the large amounts of assets involved.
Attacked projects also exhibit certain patterns. Amador pointed out that DeFi protocols managing large TVL and lacking effective bounty programs are at the highest risk. He also warned that startups lacking security measures, rushing to launch, and complacent mature projects all significantly increase their risk.
Cointelegraph reported that in August, crypto-related hacks and scams caused losses of $163 million, a 15% increase from July's $142 million. Despite the rise in losses, the overall number of incidents decreased, with only 16 attacks compared to 20 in June.
This month's major losses stemmed from two significant events: a $91 million social engineering scam targeting Bitcoin holders and a $50 million security vulnerability at the Turkish exchange Btcturk.
Related: Stablecoin market cap reaches $300 billion on CoinMarketCap—why do data discrepancies exist across platforms?
Original article: “Web3 White Hats Earn Millions, Far Exceeding Traditional Cybersecurity Salaries of $300,000”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
