White Hats in Web3 Earn Millions, Surpassing Traditional Cybersecurity Salaries
Leading ethical hackers, often referred to as “white hats,” are currently reaping substantial financial rewards by identifying vulnerabilities within decentralized protocols in the Web3 landscape. Their earnings far exceed the conventional salary ceiling of $300,000 typically associated with traditional cybersecurity roles.
According to Mitchell Amador, co-founder and CEO of the bug bounty platform Immunefi, “Our leaderboard illustrates researchers raking in millions annually, contrasting sharply with standard cybersecurity salaries that range between $150,000 and $300,000,” as he conveyed to Cointelegraph.
Within the crypto sphere, “white hats” denote ethical hackers compensated to unveil flaws in decentralized finance (DeFi) protocols. Unlike fixed-salary corporate positions, these researchers enjoy the autonomy of selecting their targets, setting flexible hours, and earning compensation directly correlated with the significance of their discoveries.
To date, Immunefi has disbursed over $120 million across thousands of reported vulnerabilities. Remarkably, thirty researchers have achieved millionaire status as a result of their efforts.
Amador noted, “We are safeguarding over $180 billion in total value locked through our programs,” emphasizing that the platform offers bounties up to 10% for critical vulnerabilities. “These substantial payouts underscore the fact that many protocols have tens to hundreds of millions of dollars at risk stemming from single vulnerabilities,” he added.
$10 Million Bug Bounty Averts Catastrophic Losses
The largest single reward allocated to a Web3 white hat hacker amounted to $10 million, granted for the identification of a critical flaw within Wormhole’s cross-chain bridge. Amador asserted that this vulnerability had the potential to obliterate billions.
Despite the detection of this flaw, Wormhole experienced a $321 million breach on its Solana bridge in 2022, marking it as the largest cryptocurrency hack of that year. In February 2023, the Web3 infrastructure firm Jump Crypto, alongside Oasis.app, executed a “counter exploit” against the Wormhole protocol hacker, successfully reclaiming a total of $225 million.
Amador disclosed that critical vulnerabilities yield the highest rewards, with prominent researchers earning between $1 million and $14 million based on the gravity and breadth of their findings. “These are the 100x hackers who possess the acumen to identify vulnerabilities that evade others,” he remarked.
While the nascent years of DeFi were marred by smart contract bugs, 2025 has revealed an uptick in “no-code” exploits, particularly involving social engineering, compromised keys, and deficiencies in operational security. Nonetheless, bridges remain notably alluring targets due to their cross-chain intricacies and the considerable sums they secure.
Trends have emerged regarding the types of projects that frequently encounter breaches. “DeFi protocols managing significant total value locked and lacking robust bounty programs are disproportionately susceptible,” acknowledged Amador.
He cautioned that early-stage teams hastily bringing products to market without implementing security measures, along with complacent, established entities, face heightened risks.
Crypto Heists Resulted in $163 Million in August
As reported by Cointelegraph, the realm of cryptocurrency witnessed hacks and scams totaling $163 million in losses during August, representing a 15% increase from July’s $142 million. In spite of this surge, the overall frequency of incidents exhibited a downward trajectory, with merely 16 attacks documented compared to 20 in June.
The majority of the losses stemmed from two significant incidents: a $91 million social engineering scam targeting Bitcoin holders and a $50 million breach of the Turkish exchange Btcturk.
Source link: Cointelegraph.com.
