Kamino partners with ImmuneFi for Solana’s biggest bug bounty program, rewarding up to $1.5M for critical smart contract vulnerabilities.
Leading decentralized finance platform on Solana SOL $234.0 24h volatility: 2.3% Market cap: $127.59 B Vol. 24h: $7.49 B , Kamino, has announced the chain’s largest bug bounty program to date in partnership with ImmuneFi, a leading incentivized cybersecurity project focused on crypto, DeFi, and Web3. The bug bounty starts on Monday, Oct. 6, and, so far, has no deadlines.
Overall, the program is structured in two categories: (i) smart contracts and (ii) websites and applications. Smart contracts pay the highest bounties, structured by threat level: critical, high, and medium.
Any reported critical vulnerability will reward the independent auditor with 10% of the funds directly affected, up to a maximum of $1.5 million and down to a minimum of $150,000 for encouragement. High- and medium-level smart contract bugs will pay up to $100,000 and a flat $10,000, respectively. The website and applications rewards are up to $50,000 and $10,000 for critical- and high-level threats.
Before this ImmuneFi campaign, Kamino had been self-hosting its bug bounties for three years, with significant security improvements. Moreover, the protocol counts on an open-source and publicly verifiable code, more than 18 previous audits, and verifiable onchain builds—putting security as a priority.
Now, “through this partnership, Kamino’s contracts are tested by the largest network of security researchers in the industry,” says the announcement’s thread on Oct. 6.
1/ In collaboration with @immunefi, Kamino is launching the largest bug bounty in Solana DeFi—worth up to $1.5M
A major step forward in reinforcing Kamino’s security framework 🧵 https://t.co/Kl4DG4pL9o pic.twitter.com/V8XVsP1Cnt
— Kamino (@kamino) October 6, 2025
Notably, ImmuneFi’s track record speaks for itself as a key security services provider in the industry. According to Kamino’s post, the project has effectively protected over $190 billion in users’ funds, paying more than $120 million in rewards to independent security experts, uncovering “countless critical vulnerabilities that audits alone had missed.”
Security Breaches in DeFi in 2025
While ImmuneFi has directly contributed and disclosed significant numbers on prevented exploits thanks to its bug bounties, many other projects in DeFi have accumulated huge losses due to exploited vulnerabilities not found in due time via private or independent audits.
According to multiple sources, there were approximately 144 successful exploits in DeFi in 2025. Q1 registered 38 incidents, Q2 had a rough estimate of 75 incidents, and Q3 approximately 31 incidents.
Yet, crypto hack losses dropped 37% in Q3 to $509 million, according to Cointelegraph, but September saw a record surge in million-dollar incidents, led by exchange and DeFi exploits. Before that, August registered the third consecutive month of a rise in crypto hacks, Coinspeaker reported. Another report from July calculated over $2.1 billion lost in over 75 crypto hacks in 2025 H1. Out of the $2.1 billion by July, $357 million was registered in April alone—a number 11 times higher than the one in May.
next