ImmuneFi Founder Warns of Professional DeFi Hackers Making Hacking a Full-Time Career

The founder of Web3 bug bounty platform ImmuneFi, Mitchell Amador, has issued a stark warning that hackers are making a “full-time job” of attacking decentralized finance (DeFi) protocols.

His words come while a spate of high-profile hacks rock the industry just as the pro-crypto Donald Trump is about to take office, with many in the industry hoping for some long-needed regulatory clarity to help drive out the bad actors.

Amador said at the recent Decrypt Web Summit that hacking DeFi protocols has become “an infinitely sustainable and viable business” as hackers seek to unleash “more damage than ever.”

He pointed to their wide skillset nowadays, and said that even when they’re not hacking, they could be front-running trades using MEV bots, which essentially monitor pending human trades, select the most profitable, and place it before the trader does.

Amador also said North Korean hackers’ recent looting of Radiant Capital for $50 million for $50 million was “very exotic”. He said of it that “human beings are always the weakest link”, elaborating: “They went after the private keys by compromising the underlying machines and spoofing transactions in this funky kind of man-in-the-middle attack.”

Still, Amador remains optimistic about the growing safety of crypto in general, a safety which his company is doing many things to advance. ImmuneFi is hosting what it claims is the world’s largest bug bounty contest , offering $1.5 million for hackers who find lethal vulnerabilities in Ethereum, the world’s biggest high-functionality smart contract blockchain.

Finally, Amador believes the Republican party’s recent talk about creating a Federal Bitcoin reserve , is pressuring European countries to “begin adopting crypto more aggressively and to become much more friendly as a result. I’ve seen this with my own eyes.” The knock-on effect of this, he explains, will be heightened security across the industry.

ImmuneFi polices bug bounty sector

Last month, ImmuneFi suspended white hat security firm Trust Security for 90 days following allegations the latter had unfairly denied bug bounty payment.

Trust Security on its part accused Immunefi of impartiality by siding with a project that allegedly dismissed a critical vulnerability that enables fund theft.

The controversy began on November 12, when Trust Security disclosed on X that its team had discovered a critical theft-of-funds vulnerability on a forked mainnet of an undisclosed project.

It shared the vulnerability with Immunefi, intending to secure a bounty for the identification of a critical bug.

Immunefi claimed the bug was ineligible for a full bounty and offered a smaller payout, which Trust Security rejected, claiming ImmuneFi was backing a “nonsense argument” by the project under scrutiny.

“We’d rather expose the scam and warn hackers than take a few extra Ks in our pocket,” said Trust Security.