Having a bug bounty program to pay white hat hackers for reporting vulnerabilities is one thing. But staffing an always-on security desk to respond to those reports can be really expensive, said Immunefi founder and CEO Michell Amador.
“Lots of people don’t want to wake up on Sunday at 4 a.m. in the morning to deal with a report, and you can’t know if the report is that serious hack, or if it’s just spam” Amador said on a recent episode of gm from Decrypt. “And so [companies] contract us to provide as close to 24/7 coverage as we possibly can.”
Bug bounty programs pay independent security engineers for catching exploitable errors in code before they turn into a hack. Immunefi aggregates thousands of bug bounties for Web3 clients on its platform in an attempt to make the space safer. In 2022 alone, Immunefi estimates that security scams cost the Web3 community around $4 billion.
Immunifi has a global network of employees that maintain around-the-clock coverage for their subscription clients, reaching across over multiple times zones around the globe, said Amador.
He was inspired to secure blockchain projects after a tumultuous history with unvetted projects, some that resulted in him personally getting hacked.
“I’ve been in this industry a long time, which means I’ve gotten hacked, I’ve gotten scammed,” he said. “I’ve dealt with my friends’ hacks dealt with my friends’ scams, I’ve used too many exchanges that didn’t have a happy ending.”
He also weighed the impact that artificial intelligence could have in his corner of the industry. AI has the potential to replace overburdened workers or make the average workflow more efficient and accurate, according to Amador. However, AI isn’t a suitable stand-in for security engineers just yet.
“As far as we can tell,” Amador said, “we’re a long way away from being able to use this in practical security concerns.”
