DeFi Daily News
Wednesday, October 1, 2025
Advertisement
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
No Result
View All Result
Home DeFi Web 3

rewrite this title Bug Bounties Hit Limits as AI Puts Crypto Hackers on Equal Footing – Decrypt

Vismaya V by Vismaya V
October 1, 2025
in Web 3
0 0
0
rewrite this title Bug Bounties Hit Limits as AI Puts Crypto Hackers on Equal Footing – Decrypt
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on Telegram
Listen to this article


rewrite this content using a minimum of 1000 words and keep HTML tags

In brief

Mitchell Amador, CEO of Immunefi, told Decrypt at Token2049 in Singapore that AI tools once limited to security firms are now accessible to groups like Lazarus, enabling massive attacks.
Bug bounties have paid out over $100 million but have “hit the limits” as there aren’t “enough eyeballs” to provide necessary coverage, he said
The $1.4 billion Bybit hack bypassed smart contract security by compromising infrastructure, exposing gaps where defenders are “not doing so hot,” Amador said.

AI has handed crypto attackers the same tools defenders use, and the results are costing the industry billions, experts say.

Mitchell Amador, CEO of Immunefi, told Decrypt during the start of Token2049 week in Singapore that AI has turned vulnerability discovery into near-instant exploitation, and that the advanced auditing tools his firm built are no longer exclusive to the good guys.

“If we have that, can the North Korean Lazarus group build similar tooling? Can Russian Ukrainian hacker groups build similar such tooling?” Amador asked. “The answer is that they can.”



Immunefi’s AI auditing agent outperforms the vast majority of traditional auditing firms, but that same capability is within reach of well-funded hacking operations, he said.

“Audits are great, but it’s nowhere near enough to keep up with the rate of innovation and the rate of the compounding improvement of the attackers,” he said.

With over 3% of total value locked stolen across the ecosystem in 2024, Amador said that while security is no longer an afterthought, projects “struggle to know how to invest and how to allocate resources there effectively.” 

The industry has moved from “a prioritization problem, which is a wonderful thing, into it being a knowledge and educational problem,” he added.

AI has also made sophisticated social engineering attacks dirt cheap, according to Amador. 

“How much do you think that phone call costs?” he said, referring to AI-generated phishing calls that can impersonate colleagues with disturbing accuracy. “You can execute that for pennies with a well-thought-out system of prompts, and you can execute those en mass. That is the scary part of AI.”

The Immunefi CEO said groups such as Lazarus likely employ “at least a few hundred guys, if not probably low thousands working around the clock” on crypto exploits as a major revenue source for North Korea’s economy. 

“The competitive pressures stemming from North Korea’s annual revenue quotas” drive operatives to protect individual assets and “outperform colleagues” rather than coordinate security improvements, a recent SentinelLABS intelligence report found.

“The game with AI-driven attacks is that it speeds up the rate at which something can go from discovery to exploit,” Amador told Decrypt. “To defend against that, the only solution is even faster countermeasures.”

Immunefi’s response has been to embed AI directly into developers’ GitHub repositories and CI/CD pipelines, catching vulnerabilities before code reaches production, he noted, while predicting this approach will trigger a “precipitous drop” in DeFi hacks within one to two years, potentially reducing incidents by another order of magnitude.

Dmytro Matviiv, CEO of Web3 bug bounty platform HackenProof, told Decrypt that “manual audits will always have a place, but their role will shift.”“AI tools are increasingly effective at catching ‘low-hanging fruit’ vulnerabilities, which reduces the need for large-scale manual reviews of common mistakes,” he said. “What remains are the subtle, context-dependent issues that require deep human expertise.”

To defend against AI-powered attacks, Immunefi has implemented a whitelist-only policy for all company resources and infrastructure, which Amador said has “arrested thousands of these attempted spear phishing techniques very effectively.” 

But this level of vigilance isn’t practical for most organizations, he said, noting “we can do that at Immuneify because we are a company that lives and breathes security and vigilance. Normal people can’t do that. They have lives to live.”

Bug bounties hit a wall

Immunefi has facilitated over $100 million in payouts to white-hat hackers, with steady monthly distributions ranging from $1 million to $5 million. However, Amador told Decrypt that the platform has “hit the limits” as there aren’t “enough eyeballs” to provide the necessary coverage across the industry.

The constraint isn’t just about researcher availability, as bug bounties face an intrinsic zero-sum game problem that creates perverse incentives for both sides, according to Amador. 

Researchers must reveal vulnerabilities to prove they exist, but they lose all leverage once disclosed. Immunefi mitigates this by negotiating comprehensive contracts that specify everything before disclosure occurs, Amador said.

Meanwhile, Matviiv told Decrypt that he doesn’t think “we’re anywhere close to exhausting the global pool of security talent,” noting that new researchers join platforms annually and progress quickly from “simple findings to highly complex vulnerabilities.”

“The challenge is making the space attractive enough in terms of incentives and community for those new faces to stick around.”

Bug bounties have likely reached their “zenith in efficiency” outside of net-new innovations that don’t even exist in traditional bug bounty programs, Amador added. 

The company is exploring hybrid AI solutions to give individual researchers greater leverage to audit more protocols at scale, but these remain in R&D.

Bug bounties remain essential as “a diverse, external community will always be best positioned to discover edge cases that automated systems or in-house teams miss,” Matviiv noted, but they’ll increasingly work alongside AI-powered scanning, monitoring, and audits in “hybrid models.”

The biggest hacks aren’t coming from code

While smart contract audits and bug bounties have matured considerably, the most devastating exploits are increasingly bypassing code entirely. 

The $1.4 billion Bybit hack earlier this year highlighted this shift, Amador said, with attackers compromising Safe’s front-end infrastructure to replace legitimate multi-sig transactions rather than exploiting any smart contract vulnerability.

“That wasn’t something that would have been caught with an audit or bug bounty,” he said. “That was a compromised internal infrastructure system.”

Despite security improvements in traditional areas like audits, CI/CD pipelines, and bug bounties, Amador noted that the industry is “not doing so hot” on multi-sig security, spear phishing, anti-scam measures, and community protection.

Immunefi has launched a multi-sig security product that assigns elite white-hat hackers to manually review every significant transaction before execution, which it said would have caught the Bybit attack. But he acknowledged it’s a reactive measure rather than a preventative one.

This uneven progress explains why 2024 became the worst year for hacks despite improvements in code security, as hack patterns follow a predictable mathematical distribution, making single large incidents inevitable rather than anomalous, Amador said. 

“There’s always going to be one big outlier,” he said. “And it’s not an outlier, it’s the pattern. There’s always one big hack per year.”

Smart contract security has matured considerably, Matviiv said, but “the next frontier is definitely around the broader attack surface: multi-sig wallet configurations, key management, phishing, governance attacks, and ecosystem-level exploits.”

Effective security requires catching vulnerabilities as early as possible in the development process, Amador told Decrypt. 

“Bug bounty is the second most expensive, the most expensive being the hack,” he said, describing a hierarchy of costs that increases dramatically at each stage.

“We’re catching bugs before they hit production, before they even hit an audit,” Amador added. “It would never even be included in an audit. They wouldn’t waste their time with it.”

While hack severity remains high, Amador said that “the incidence rate is going down, and the level of severity of most of the bugs is going down, and we’re catching more and more of these things in the earlier stages of the cycle.”

When asked what single security measure every project at Token2049 should adopt, Amador called for a “Unified Security Platform,” addressing multiple attack vectors.

That’s essential, as fragmented security essentially forces projects to “do the research yourself” on products, limitations, and workflows, he said. 

“We are not yet to the point where we can handle trillions and trillions of assets. We’re just not quite there at prime time.”

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

and include conclusion section that’s entertaining to read. do not include the title. Add a hyperlink to this website http://defi-daily.com and label it “DeFi Daily News” for more trending news articles like this



Source link

Tags: BountiesbugCryptoDecryptEqualFootingHackershitlimitsputsrewritetitle
ShareTweetShare
Previous Post

rewrite this title with good SEO [LIVE] Crypto News Today, October 1: Bitcoin Holds $114K as Shutdown Fuels Volatility, Traders Hunt Best Meme Coins to Buy – 99Bitcoins

Next Post

rewrite this title and make it good for SEO XRP Holds Strong Above $2.90 as Crucial ETF Decision Window

Next Post
rewrite this title and make it good for SEO XRP Holds Strong Above .90 as Crucial ETF Decision Window

rewrite this title and make it good for SEO XRP Holds Strong Above $2.90 as Crucial ETF Decision Window

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest
TopStep Discount Code

TopStep Discount Code

September 17, 2024
I stumbled upon a Duolingo hack, and now I regret it

I stumbled upon a Duolingo hack, and now I regret it

October 12, 2024
rewrite this title 5 Things to Know About the Cathay Pacific Credit Card – NerdWallet

rewrite this title 5 Things to Know About the Cathay Pacific Credit Card – NerdWallet

May 1, 2025
rewrite this title Repair from Millions of Kilometers Away: How NASA Keeps the Mars Rovers Alive

rewrite this title Repair from Millions of Kilometers Away: How NASA Keeps the Mars Rovers Alive

September 29, 2025
rewrite this title Plasma CEO and Founder Paul Faecks Defends Team Amid XPL Token Selloff

rewrite this title Plasma CEO and Founder Paul Faecks Defends Team Amid XPL Token Selloff

October 1, 2025
rewrite this title Borussia Dortmund 4-1 Athletic Bilbao: Guirassy inspires emphatic victory – Soccer News

rewrite this title Borussia Dortmund 4-1 Athletic Bilbao: Guirassy inspires emphatic victory – Soccer News

October 1, 2025
rewrite this title Bitcoin Miners’ Market Cap Soared in September to Record High – Decrypt

rewrite this title Bitcoin Miners’ Market Cap Soared in September to Record High – Decrypt

October 1, 2025
Hard Nose, Badass Football Is All The Way Back In The NFL | Pat McAfee Show

Hard Nose, Badass Football Is All The Way Back In The NFL | Pat McAfee Show

October 1, 2025
rewrite this title with good SEO Dogecoin Price Is About To Complete Another Golden Cross, Why alt=

rewrite this title with good SEO Dogecoin Price Is About To Complete Another Golden Cross, Why $0.33 Is The Key

October 1, 2025
rewrite this title How to Properly Hydrate Your Skin To Retain Moisture—Inside and Out

rewrite this title How to Properly Hydrate Your Skin To Retain Moisture—Inside and Out

October 1, 2025
DeFi Daily

Stay updated with DeFi Daily, your trusted source for the latest news, insights, and analysis in finance and cryptocurrency. Explore breaking news, expert analysis, market data, and educational resources to navigate the world of decentralized finance.

  • About Us
  • Blogs
  • DeFi-IRA | Learn More.
  • Advertise with Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.