LayerZero and Immunefi launch largest crypto bug bounty program with up to $15M in rewards

LayerZero Labs, the team behind cross-chain messaging protocol LayerZero, has partnered with bug bounty and security services platform Immunefi to launch a $15 million bug bounty for its protocol, Bryan Pellegrino, co-founder and CEO of LayerZero, exclusively told TechCrunch.

The bug bounty alliance will offer a maximum reward of $15 million for each new vulnerability found by white hat hackers. The platform has announced bug bounties in the past, but none so large, Pellegrino said.

The $15 million maximum reward also makes this the largest bug bounty program in the crypto ecosystem, surpassing MakerDAO’s $10 million program.

“We have enough money to pay out plenty of bounties. The security of the protocol comes before anything else,” Pellegrino said. The reward money will come from the equity entity of LayerZero Labs, Pellegrino added.

Immunefi says it provides security services for more than $60 billion in user funds across crypto-based projects and companies like Polygon, Synthetix, Chainlink, SushiSwap, MakerDAO and Optimism. It has paid out over $75 million in rewards for bug bounties to date.

Last month, LayerZero raised $120 million in a Series B round at a $3 billion valuation. Unlike Web 2.0 messaging platforms like WhatsApp and Telegram, its messaging protocol lets users send different types of messages between blockchains, like cross-chain interactions, eliminating the need for intermediaries. LayerZero connects over 30 mainnet blockchains, including two non-Ethereum Virtual Machines (EVMs) and Aptos.

In the past year, the crypto ecosystem lost about $9.33 billion to exploits, hacks and scams, with a little under $1 billion recovered, according to De.Fi’s REKT database.

Over $3.9 billion was “lost” last year, according to Immunefi’s Crypto Losses 2022 report. While that might seem like a whopping amount of capital to lose track of, it’s 51.2% less than 2021, when over $8 billion was stolen, the report found.

In 2022, the majority of losses, or $3.77 billion, were due to hacks across 134 specific incidents. About $175 million was lost to fraud across 34 incidents in the same time frame.

Launched in March 2022, LayerZero has seen transaction volume of over $15 billion in its 14 months so far, Pellegrino said. Since its inception, the messaging protocol has “never had a security exploit or hack,” he added.

LayerZero spent about $5 million on auditing last year to ensure its security, and it aims to follow a process to ensure its code’s security before it’s released, Pellegrino said.

Even though the market sees fewer losses, the numbers being lost are still massive. In March, hackers stole around $200 million from crypto lending platform Euler Finance. While this sounds like a lot of money — and it is — it’s only the 26th-largest crypto theft ever, De.Fi data showed.

“For anyone building in the space, security should be the priority above all else,” Pellegrino said. “If you don’t have good security, eventually you will be hacked.”