Immunefi launches ‘All Stars’ elite whitehat program amid record $1.4 billion Bybit hack and rising onchain losses

Web3 bug bounty and security services platform Immunefi has launched its "All Stars" program, aiming to bring together the best-performing researchers and auditors in a year where mounting crypto losses have already surpassed $1.7 billion.Immunefi claims to operate the largest blockchain security community, with more than 60,000 researchers, helping to protect over $190 billion in user funds across protocols like Polygon, Optimism, Chainlink, The Graph, Synthetix, LayerZero, and Sky from being stolen. The platform says it has distributed more than $116 million in bounties to ethical hackers and researchers to date, while saving over $25 billion in user funds.All Stars kicks off on Monday with its first researcher, LonelySloth, who has generated $3.6 million in earnings on Immunefi for 60 paid reports. A further nine initial members of the program will be announced over the coming days. Top leaderboard researchers on Immunefi — including Barracuda, RetailDdene, PwningEth, and GothicShanon, who together have earned over $36.6 million — get a fast-tracked process, though applications remain open to all qualified candidates.However, Immunefi believes gatekeeping talent holds the ecosystem back, with the All Stars program taking a different, non-exclusive approach. This means members are free to work wherever they choose, and as long as they meet Immunefi's requirements for activity and commitment, they'll keep their access to All Stars benefits. Immunefi's expectations include regular participation in a mixture of audits, audit competitions, bug bounties, and pull request reviews, founder and CEO Mitchell Amador told The Block.In return, members gain exclusive access to high-paying gigs and priority consideration for security work. More specifically, All Stars receive preferential access to invite-only private code review programs, exclusive access to pull request reviews, early access to new features on Immunefi’s AI-powered Magnus security orchestration platform, entry to specialized bounty competitions and retainer agreements, and a dedicated support manager, according to Amador. However, he stressed that bug bounties will remain open, so that everyone has a chance to submit important vulnerabilities. "Crowdsourced security is open to anyone who wants to participate," Amador said. "What this means is that you naturally get two categories of users over time: users who hunt on code every few months when they have time, or users who make it their obsession. We noticed a growing number of users in the second category, and so a main driver behind this program was giving security researchers who show up consistently day in and day out even more tools to succeed and develop their career."Proactive protection of the ecosystemThe move comes in the wake of Bybit's record $1.4 billion exploit in February — the largest crypto theft of all time and the overwhelming majority of the $1.74 billion in crypto losses seen year-to-date. Nevertheless, that figure is already greater than the total $1.49 billion registered in all of 2024.Immunefi argues this shows that even well-established crypto platforms are still top targets for increasingly advanced hackers, but with the right incentives and recognition, security researchers are crucial in proactively protecting the ecosystem against threats."With the All Stars, we're building a long-term community of the absolute best elite researchers — not just bug hunters, but professionals ready to take on the most complex security challenges in the space," Amador said. "This program is a major step forward in giving researchers the recognition, resources, and opportunities they need to thrive and stay onchain."Immunefi audits to be conducted by All StarsImmunefi audit services will also be carried out by All Stars researchers who've demonstrated their expertise in discovering and responsibly disclosing real, funds-at-risk vulnerabilities onchain — the highest standard of security excellence in web3 — the team said. Participation is invite-only, based on proven capability and trustworthiness. Once admitted, researchers can choose an "audits-only" mode, allowing them to focus exclusively on audits without meeting other activity requirements.As a result, protocols can also specifically request a particular All Stars member for audits, Amador confirmed.Starting with 10 members, All Stars will be opened to another 10 researchers following the launch, after which the firm will reassess the program.Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.