// GLOSSARY -- SECURITY & COMPLIANCE

What is Bug Bounty?

1 min read Updated Feb 19, 2026

A bug bounty program offers financial rewards to security researchers who discover and responsibly disclose vulnerabilities — creating economic incentives for finding bugs before attackers do.

WHY IT MATTERS

Bug bounties are DeFi's last line of defense before deployment. Even after multiple audits, undiscovered vulnerabilities may exist. Bug bounties incentivize the global security community to look for them — offering rewards that can reach millions for critical findings.

Platforms like Immunefi host crypto bug bounties, with cumulative payouts exceeding $100M. The highest individual bounties have reached $10M for critical vulnerabilities in major protocols.

Effective bug bounty programs have: clear scope, responsive triage, fair rewards proportional to severity, and safe harbor provisions protecting researchers from legal risk.

FREQUENTLY ASKED QUESTIONS

How much do bug bounties pay?

Varies enormously: $1K-$10K for low severity, $10K-$100K for high, $100K-$10M for critical. The payout reflects potential impact — a critical bug in a protocol with $1B TVL warrants a large bounty.

Who participates in bug bounties?

Independent security researchers, audit firms, and white-hat hackers. Some researchers specialize in specific protocol types or vulnerability classes. It's a legitimate and lucrative profession.

Do all DeFi protocols have bug bounties?

Most serious protocols do. The absence of a bug bounty is a red flag — it suggests the team either can't afford one or doesn't take security seriously. Check Immunefi for a protocol's program.

What is Bug Bounty?

WHY IT MATTERS

FREQUENTLY ASKED QUESTIONS

FURTHER READING

Let agents act without letting them run wild.

What is Bug Bounty?

WHY IT MATTERS

FREQUENTLY ASKED QUESTIONS

RELATED TERMS

FURTHER READING

Let agents act without letting them run wild.