MakerDAO Launches Largest Bug Bounty Ever, Awarding $10M

MakerDAO has announced that it will start offering bounties of up to $10 million to white hat hackers and cybersecurity experts who point out legitimate security threats in its smart contracts.

Maker (MAKER)’s pre-emptive strike on its smart contracts is the largest ever on bug bounty platform Immunefi. In fact, if anyone got the funding, it would equal the total of the $10 million Immunefi has paid out to date from active and inactive events. Its website claims that the discovered vulnerabilities have prevented hackers from losing as much as $20 billion.

White hat hackers receive compensation ranging from $1,000 for low-level vulnerabilities believed to exist to up to $10 million for critical issues found in Maker smart contracts and applications. Payments will be made in the DAI stablecoin. The second largest bug bounty on Immunefi is the $3.3 million bounty from Olympus DAO.

MakerDAO is the community that governs how DAI is staked and spent from Maker's vaults. According to CoinGecko, DAI is currently the fifth-largest stablecoin with a market cap of $9.7 billion.

The Maker Foundation controlled the governance aspects of Maker before its CEO and founder Rune Christensen announced the dissolution of the foundation in July 2021, making the DAO "completely self-sufficient."

Immunefi co-founder Travin Keith said in a February 11 statement:

“We are excited to announce one of the key pillars of our mission, the launch and maintenance of a bug bounty program that will help MakerDAO keep it safe.”

The new bug bounty campaign comes at a time when smart contract exploits appear to be on the rise, costing hundreds of millions of dollars in the past two weeks alone. Yesterday, hackers took over $10 million from Dego Finance via a smart contract vulnerability.

On Feb. 7, the smart contracts of token bridge Meter.io were hacked, causing a loss of $4.4 million. On Feb. 2, the Wormhole token bridge’s smart contracts on Solana (SOL) were exploited for $321 million, the largest hack loss so far this year.