Traditional tech companies continue to be surpassed by crypto platforms in the competition to launch the biggest bug bounty program.
Stablecoin issuer Usual, blockchain security specialist Sherlock, and Nexus Mutual, a blockchain insurance platform, have teamed up to launch the program. They promise a $16 million reward to anyone who discovers "a single critical vulnerability" anywhere in Usual's codebase.
However, as the bounty's size suggests, the task will not be easy. The codebase has already undergone more than 20 audits, during which "no critical/medium vulnerabilities were found."
"We extend that track record, inviting the security community to test our code at the highest level," Usual said, adding that the $16 million bug bounty goes live later this week and promising to share more details for potential participants soon.
In any case, the three previous largest bug bounty programs were also announced by crypto projects.
As reported by Cybernews.com, in November 2024, one of the top decentralized exchanges, Uniswap, offered a $15.5 million bug bounty to coders who could identify vulnerabilities in the platform's new version.
Meanwhile, in 2023, LayerZero Labs, the developer of the blockchain messaging protocol LayerZero, launched a $15 million bug bounty in partnership with bug bounty platform Immunefi, offering rewards depending on the severity of the discovered vulnerability.
A year earlier, in May 2022, the so-called blockchain bridge Wormhole announced it had paid $10 million to the pseudonymous white-hat hacker satya0x for finding a critical bug in the Wormhole core bridge contract on the ethereum blockchain. A few months earlier, in February, hackers had stolen around $325 million worth of ETH from Wormhole.
In traditional tech, in 2022, Google also awarded $12 million to 703 researchers from 68 countries who found vulnerabilities in its products, with the highest reward standing at $650,000. In 2023, total rewards dropped to $10 million but increased to $11.8 million in 2024.
Your email address will not be published. Required fields are markedmarked