Bug Bounties Hit Limits as AI Puts Crypto Hackers on Equal Footing

AI has handed crypto attackers the same tools defenders use, and the results are costing the industry billions, experts say.

Mitchell Amador, CEO of Immunefi, told Decrypt during the start of Token2049 week in Singapore that AI has turned vulnerability discovery into near-instant exploitation, and that the advanced auditing tools his firm built are no longer exclusive to the good guys.

“If we have that, can the North Korean Lazarus group build similar tooling? Can Russian Ukrainian hacker groups build similar such tooling?” Amador asked. “The answer is that they can.”

Immunefi’s AI auditing agent outperforms the vast majority of traditional auditing firms, but that same capability is within reach of well-funded hacking operations, he said.

“Audits are great, but it’s nowhere near enough to keep up with the rate of innovation and the rate of the compounding improvement of the attackers,” he said.

With over 3% of total value locked stolen across the ecosystem in 2024, Amador said that while security is no longer an afterthought, projects “struggle to know how to invest and how to allocate resources there effectively.” 

The industry has moved from “a prioritization problem, which is a wonderful thing, into it being a knowledge and educational problem,” he added.

AI has also made sophisticated social engineering attacks dirt cheap, according to Amador. 

“How much do you think that phone call costs?” he said, referring to AI-generated phishing calls that can impersonate colleagues with disturbing accuracy. “You can execute that for pennies with a well-thought-out system of prompts, and you can execute those en mass. That is the scary part of AI.”

The Immunefi CEO said groups such as Lazarus likely employ “at least a few hundred guys, if not probably low thousands working around the clock” on crypto exploits as a major revenue source for North Korea’s economy. 

“The competitive pressures stemming from North Korea’s annual revenue quotas” drive operatives to protect individual assets and “outperform colleagues” rather than coordinate security improvements, a recent SentinelLABS intelligence report found.

“The game with AI-driven attacks is that it speeds up the rate at which something can go from discovery to exploit,” Amador told Decrypt. “To defend against that, the only solution is even faster countermeasures.”

Immunefi’s response has been to embed AI directly into developers’ GitHub repositories and CI/CD pipelines, catching vulnerabilities before code reaches production, he noted, while predicting this approach will trigger a “precipitous drop” in DeFi hacks within one to two years, potentially reducing incidents by another order of magnitude.

Dmytro Matviiv, CEO of Web3 bug bounty platform HackenProof, told Decrypt that “manual audits will always have a place, but their role will shift.”

“AI tools are increasingly effective at catching ‘low-hanging fruit’ vulnerabilities, which reduces the need for large-scale manual reviews of common mistakes,” he said. “What remains are the subtle, context-dependent issues that require deep human expertise.”

To defend against AI-powered attacks, Immunefi has implemented a whitelist-only policy for all company resources and infrastructure, which Amador said has “arrested thousands of these attempted spear phishing techniques very effectively.” 

But this level of vigilance isn’t practical for most organizations, he said, noting “we can do that at Immunefi because we are a company that lives and breathes security and vigilance. Normal people can’t do that. They have lives to live.”

Bug bounties hit a wall

Immunefi has facilitated over $100 million in payouts to white-hat hackers, with steady monthly distributions ranging from $1 million to $5 million. However, Amador told Decrypt that the platform has “hit the limits” as there aren’t “enough eyeballs” to provide the necessary coverage across the industry.

The constraint isn’t just about researcher availability, as bug bounties face an intrinsic zero-sum game problem that creates perverse incentives for both sides, according to Amador. 

Researchers must reveal vulnerabilities to prove they exist, but they lose all leverage once disclosed. Immunefi mitigates this by negotiating comprehensive contracts that specify everything before disclosure occurs, Amador said.

Meanwhile, Matviiv told Decrypt that he doesn’t think “we’re anywhere close to exhausting the global pool of security talent,” noting that new researchers join platforms annually and progress quickly from “simple findings to highly complex vulnerabilities.”

“The challenge is making the space attractive enough in terms of incentives and community for those new faces to stick around.”

Bug bounties have likely reached their “zenith in efficiency” outside of net-new innovations that don’t even exist in traditional bug bounty programs, Amador added. 

The company is exploring hybrid AI solutions to give individual researchers greater leverage to audit more protocols at scale, but these remain in R&D.

Bug bounties remain essential as “a diverse, external community will always be best positioned to discover edge cases that automated systems or in-house teams miss,” Matviiv noted, but they’ll increasingly work alongside AI-powered scanning, monitoring, and audits in “hybrid models.”

The biggest hacks aren’t coming from code

While smart contract audits and bug bounties have matured considerably, the most devastating exploits are increasingly bypassing code entirely. 

The $1.4 billion Bybit hack earlier this year highlighted this shift, Amador said, with attackers compromising Safe’s front-end infrastructure to replace legitimate multi-sig transactions rather than exploiting any smart contract vulnerability.

“That wasn’t something that would have been caught with an audit or bug bounty,” he said. “That was a compromised internal infrastructure system.”

Despite security improvements in traditional areas like audits, CI/CD pipelines, and bug bounties, Amador noted that the industry is “not doing so hot” on multi-sig security, spear phishing, anti-scam measures, and community protection.

Immunefi has launched a multi-sig security product that assigns elite white-hat hackers to manually review every significant transaction before execution, which it said would have caught the Bybit attack. But he acknowledged it’s a reactive measure rather than a preventative one.

This uneven progress explains why 2024 became the worst year for hacks despite improvements in code security, as hack patterns follow a predictable mathematical distribution, making single large incidents inevitable rather than anomalous, Amador said. 

“There’s always going to be one big outlier,” he said. “And it’s not an outlier, it’s the pattern. There’s always one big hack per year.”

Smart contract security has matured considerably, Matviiv said, but “the next frontier is definitely around the broader attack surface: multi-sig wallet configurations, key management, phishing, governance attacks, and ecosystem-level exploits.”

Effective security requires catching vulnerabilities as early as possible in the development process, Amador told Decrypt. 

“Bug bounty is the second most expensive, the most expensive being the hack,” he said, describing a hierarchy of costs that increases dramatically at each stage.

“We’re catching bugs before they hit production, before they even hit an audit,” Amador added. “It would never even be included in an audit. They wouldn’t waste their time with it.”

While hack severity remains high, Amador said that “the incidence rate is going down, and the level of severity of most of the bugs is going down, and we’re catching more and more of these things in the earlier stages of the cycle.”

When asked what single security measure every project at Token2049 should adopt, Amador called for a “Unified Security Platform,” addressing multiple attack vectors.

That’s essential, as fragmented security essentially forces projects to “do the research yourself” on products, limitations, and workflows, he said. 

“We are not yet to the point where we can handle trillions and trillions of assets. We’re just not quite there at prime time.”