Is DeFi secure?
Interview with Mitchell, Founder of Immunefi, the New Crypto Bug Bounty Platform
This is the first interview of a new interview series that DeFi Value is launching to explore the ever growing DeFi space.
2020 was the year of DeFi. The excitement around DeFi projects was unprecedented, many protocols changed forever the way we interact with financial services. The exponential growth in TLV (Total Locked Value) in DeFi also raised some concerns around security and risks.
I had the opportunity to discuss security in DeFi with Mitchell, founder of Immunefi, the first bug bounty platform focused on smart contract security, along with co-founders Travin and Duncan. Immunefi launched last week, and we managed to get in touch with Mitchell and sit down with him for some questions about the project and about the DeFi space in general. You can also follow Immunefi on Twitter and join the Discord community.
What are the biggest risks in DeFi today?
You’d expect me to say that the biggest risk to DeFi are clever exploits resulting in loss of contract funds. But I don’t believe that’s true. The biggest risk is that DeFi will never lose the reputation that online shopping had in the late 1990s: anonymous, niche, and dangerous. Immunefi is doing for DeFi what companies like PayPal, Stripe, and Shopify have done for online shopping: removing security risk and bringing high-quality decentralized financial products to the masses. We help prevent hacks to make DeFi safe for users.
Why is it so hard to find auditors for smart contracts?
Auditors are skilled hackers who have built a widely-recognized reputation. However, not all skilled hackers are widely-recognized. Immunefi taps into those high-skill hackers who haven’t yet built their reputation to deliver high-quality smart contract security services with less lead time and with lower price. The small number of recognized auditors are being overwhelmed with the sheer demand and growth of DeFi. This growth is a wonderful thing, but leaves a gap that Immunefi aims to fix.
What exactly is Immunefi, and how does it address these problems?
Immunefi is a bug bounty market where talented white-hat hackers flex their skills and get the biggest bounties available in security. Demand is high, so the payouts are high and the hacks are legendary. Immunefi will provide bug bounty hosting, consultation, bug triaging, and program management services to blockchain and smart contract projects.
Who do you hope to reach with this project? What are the benefits the company can provide to blockchain projects, classical startups, devs, researchers, and hackers?
So many different people! Let’s talk about the devs, researchers, and hackers first. Immunefi-native bounties are those that we personally host and manage. We bring you only the highest-quality bounties where you won’t have to argue about the legitimacy of your bug to get paid. We also require that the bugs you find be made public with credit after they’ve been patched, so that it can be a feather in your cap.
For blockchain projects, and startups, Immunefi provides the highest number and most talented eyes on your project. If your bounty goes unclaimed on Immunefi, you can have great confidence in the security of your project. Immunefi also simplifies the bug bounty project. Our consultation, bug bounty best practices, and bug triaging services make starting and managing a bug bounty program a breeze.
What's your vision for Immunefi over the long-term, and how do you think it will change the blockchain space if successful?
Immunefi has aspirations to be much more than a simple bug bounty clearinghouse. We want to be the immune system for crypto. We plan to offer other smart-contract and blockchain-oriented security services such as crisis management, exploit postmortems, best practices seminars, and an exclusive expert network where projects can get personalized security advice from the biggest experts in the field.
Immunefi’s hope is that DeFi will become as mainstream as apps like Robinhood or movements like WallStreetBets. The demand for financial products is there, and everyone should have safe access to them. DeFi’s magic is that the community decides what financial products should exist and grow, and we want Immunefi to be the security layer that makes growth possible.
I really appreciated discussing DeFi security with Mitchell. I strongly believe that the whole ecosystem needs to be aware of the security risks, and we need the best white-hat hackers in the space to grow safely.
In the meantime stay healthy and keep your investment healthy.
Best
Daniele
I am sending periodic emails focused on understanding and evaluating DeFi (Decentralized Finance) projects. Sign up now so you don’t miss the next interview.
This post is not an investment advice. It is strictly informative with educational purpose. It is not a solicitation to buy or sell any assets or to make any financial decisions.