Category: web3 bug-bounty platform / audit-competition infrastructure / managed-triage and review services / onchain security operations control plane
Summary: Immunefi is a web3 security platform whose current first-party surface spans bug bounties, audit competitions, managed triage, security reviews, monitoring, firewall integrations, and a large public researcher ecosystem. The combined homepage, project-onboarding pages, audit-competition docs, severity-classification framework, GitHub organization, and official security-playbook PDF make it worth cataloging as a broad onchain security-operations control plane rather than as a simple bug-bounty marketplace.
What it does:
Operates bug bounty programs for blockchain protocols and infrastructure teams, connecting projects with a large network of web3 security researchers
Runs time-bound audit competitions that produce bug reports, managed triage, live feedback, and final summary reporting for protocol teams
Provides adjacent security operations services including multisig transaction review, monitoring, managed triage, firewall coverage, and audit or PR-review options exposed through the project onboarding flow
Maintains platform-level severity-classification frameworks that standardize how vulnerabilities are categorized across hosted programs
Publishes and curates security education and exploit-analysis material through its GitHub organization and official Web3 Security Library
Key claims:
The homepage calls Immunefi “The Leader in Onchain Security” and says it protects 190B+acrossweb3,hasprevented25B+ in hacks, works with 60k+ security researchers, and secures 650+ protocols
The official projects page says Immunefi is the leading bug bounty and security services platform for web3, is chain-agnostic, and provides a secure dashboard, PR/comms support, and access to a large whitehat network
The official Audit Competitions page says the product has generated 10,000+ bug reports and paid out $6M+ to top-tier security researchers, while explicitly describing a structured engagement model with capped reward pools, managed triage, and final summary reporting
The project contact/onboarding flow is especially high-signal because it lists security offerings beyond bounty hosting — including multisig transaction review, monitoring, firewall, audit, audit competition, bug bounty, managed triage, and Nexus BBP cover — which broadens the categorization substantially
The severity-classification systems page shows Immunefi maintains its own evolving vulnerability taxonomy, which is a meaningful piece of platform infrastructure rather than simple marketplace copy
The GitHub organization and Web3-Security-Library repository show Immunefi also acts as a public knowledge and coordination layer for exploit reviews, tutorials, tools, and vulnerability education across web3 security
Whitepaper: Immunefi does not appear to have a single canonical protocol whitepaper, but it does publish an official Web3 Security Playbook PDF that is useful as a first-party strategic/security document and has been saved locally as ../whitepapers/immunefi-web3-security-playbook.pdf. Broader current primary sources are summarized in ../whitepapers/immunefi-primary-sources-2026-04-28.md.
Comparable to: broad security-operation stacks with marketplace surfaces attached.
Differs from: narrower contest or bounty venues because Immunefi leans harder into severity taxonomy, managed triage, and ongoing incident-response-adjacent operations.