Wormhole launches Bug Bounty Program on Immunefi with $10 million reward for critical bugs

2 min readFeb 11, 2022

We believe it is vital to motivate white hats to help keep the ecosystem secure. That’s why we are now offering the crypto industry’s largest bounty for critical attacks — $10 Million.

Our bug bounty program provides users with an additional level of security and shows our long-term commitment to making the Wormhole protocol and the greater DeFi ecosystem more secure.

If you find a bug, report it here:(https://www.immunefi.com/bounty/wormhole)

What is covered?

The bug bounty program covers smart contracts, web UI, guardian nodes, and Wormhole integrations. Its focus is on preventing:

  • Exploits resulting in the locking, loss, or theft of user funds.
  • General forging of unverified data or validation of forged messages.
  • Determinism bugs that could lead to inconsistent bridge states.
  • Governance manipulation.
  • Exposure of infrastructure private keys and/or PII.
  • Vulnerabilities in the node operating software resulting in invalid behavior.
  • Remote code execution.
  • Bugs that can facilitate Sybil attacks.


Rewards are distributed according to the impact of the vulnerability and are based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains. It encompasses everything from consequence of exploitation to privilege required, as well as likelihood of a successful exploit.

Smart Contracts and Blockchain

  • Critical Up to $10,000,000
  • High $100,000
  • Medium $10,000
  • Low $2,500

Websites and Applications

  • Critical $50,000
  • High $10,000
  • Medium $5,000
  • Low $1,000

About Immunefi

Immunefi is the premier bug bounty platform for smart contracts and DeFi projects. It’s where security researchers review code, disclose vulnerabilities, and make crypto safer for all participants.

Because bug bounty programs allow security researchers to discover and disclose potential vulnerabilities in smart contracts and applications, the programs protect projects and their users. Security researchers are rewarded based on the severity of the vulnerability they discover, as determined by the project affected.

About Wormhole

Wormhole is a generic message passing protocol that connects high value blockchains together. Its applications leverage the core messaging layer to facilitate interoperability between ecosystems. Secured by 19 guardians, developers leverage the protocol to send arbitrary data cross-chain including tokens, NFTs, oracle data, governance decisions, and more. Recent implementations of Wormhole include the Portal bridge and NFT bridge, which allow for seamless asset transfers across supported chains. Wormhole is currently connected to Solana, Terra, Ethereum, Binance Smart Chain, Polygon, Avalanche, and Oasis. Its design — which is easily extensible and upgradable — allows for quick consensus, connects more chains, and enables developers to build on top of Wormhole easily.





Cross-chain interoperability protocol connecting high value blockchains