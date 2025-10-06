Key Notes

The bounty covers smart contracts and web applications with rewards scaling by threat severity levels.

ImmuneFi has protected over $190 billion in user funds and paid $120 million to security researchers.

DeFi suffered approximately 144 successful exploits in 2025 with losses dropping 37% to $509 million in Q3.

Leading decentralized finance platform on Solana, Kamino, has announced the chain's largest bug bounty program to date in partnership with ImmuneFi, a leading incentivized cybersecurity project focused on crypto, DeFi, and Web3. The bug bounty starts on Monday, Oct. 6, and, so far, has no deadlines.

Overall, the program is structured in two categories: (i) smart contracts and (ii) websites and applications. Smart contracts pay the highest bounties, structured by threat level: critical, high, and medium.

Any reported critical vulnerability will reward the independent auditor with 10% of the funds directly affected, up to a maximum of $1.5 million and down to a minimum of $150,000 for encouragement. High- and medium-level smart contract bugs will pay up to $100,000 and a flat $10,000, respectively. The website and applications rewards are up to $50,000 and $10,000 for critical- and high-level threats.

Before this ImmuneFi campaign, Kamino had been self-hosting its bug bounties for three years, with significant security improvements. Moreover, the protocol counts on an open-source and publicly verifiable code, more than 18 previous audits, and verifiable onchain builds—putting security as a priority.

Now, “through this partnership, Kamino’s contracts are tested by the largest network of security researchers in the industry,” says the announcement’s thread on Oct. 6.

Notably, ImmuneFi’s track record speaks for itself as a key security services provider in the industry. According to Kamino’s post, the project has effectively protected over $190 billion in users’ funds, paying more than $120 million in rewards to independent security experts, uncovering “countless critical vulnerabilities that audits alone had missed.”

Security Breaches in DeFi in 2025

While ImmuneFi has directly contributed and disclosed significant numbers on prevented exploits thanks to its bug bounties, many other projects in DeFi have accumulated huge losses due to exploited vulnerabilities not found in due time via private or independent audits.

According to multiple sources, there were approximately 144 successful exploits in DeFi in 2025. Q1 registered 38 incidents, Q2 had a rough estimate of 75 incidents, and Q3 approximately 31 incidents.

Yet, crypto hack losses dropped 37% in Q3 to $509 million, according to Cointelegraph, but September saw a record surge in million-dollar incidents, led by exchange and DeFi exploits. Before that, August registered the third consecutive month of a rise in crypto hacks, Coinspeaker reported. Another report from July calculated over $2.1 billion lost in over 75 crypto hacks in 2025 H1. Out of the $2.1 billion by July, $357 million was registered in April alone—a number 11 times higher than the one in May.

