Mitchell Amador
@MitchellAmador
Followers
3,778
Following
483
Media
64
Statuses
1,744
Creator of @immunefi , scaling bug bounties, the New Economy Institute, and much more. Come and learn with me! Writing at
Joined January 2021
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Adalet
• 192561 Tweets
Linkin Park
• 188537 Tweets
Gazze
• 117684 Tweets
Engin Polat
• 113053 Tweets
ベイマックス
• 102148 Tweets
Chester
• 96814 Tweets
雇用統計
• 37124 Tweets
Game Day
• 36623 Tweets
大阪府警
• 35838 Tweets
NANON LETSGO NYFW
• 35768 Tweets
エイリアン
• 33655 Tweets
#サクサクヒムヒム
• 31946 Tweets
#ساعه_استجابه
• 30476 Tweets
金メダル
• 29204 Tweets
#浦島坂田船11周年
• 22857 Tweets
#DAY6_9th_Page
• 22276 Tweets
KIDNAP CHAPTER ONE
• 21550 Tweets
Franco Escamilla
• 20680 Tweets
HAPPY BIRTHDAY TANNIE
• 20408 Tweets
#데이식스_청춘의_9번째_페이지
• 13850 Tweets
おぱんちゅうさぎ
• 11552 Tweets
ロムルス
• 11407 Tweets
Pinned Tweet
0/ This thread collects all my best (public) writing into one easy-to-peruse thread. Take a look and be prepared for some pretty out-there ideas.
5
2
19
@Mudit__Gupta
@0xSifu
@BrantlyMillegan
@Cooopahtroopa
Sad that canceling is becoming a thing in Web3. Imagine how most non-Westerners see this; it must look insane that someone who made great contributions to the community is attacked because of his religion.
12
5
119
There have been some really killer bug reports recently, mad respect to the
@immunefi
community. They keep DeFi secure.
5
12
83
Immunefi Security Researchers, know that when you ask us for features, we deliver them. This one in just 3 days. 🥹
Take a look at the 'I'm feeling lucky' button on the side, and go have fun! Let program choice fatigue pass away and let luck chart your course!
Works for both
6
6
74
Can't express just how excited I am for this year. It's going to be a big one for
@immunefi
.
5
5
70
This was a great ask, and
@immunefi
leadership heard it loud and clear. Petition granted!
That's why just, one week later, we've shipped the first piece of the solution: No more false hope emails. Now hackers will only get notifications that they actually need to act on.
Ask
Petition to include a part of the message in the notification so they stop giving me false hope
@immunefi
14
5
98
3
5
67
It took thousands of meetings and countless iterations to drive scaling bug bounty adoption in crypto. With 350+ programs on
@Immunefi
securing $149 billion in assets (?!), crypto is a safer place.
What comes next? An epic ANN in the next few weeks, but also open to ideas. 😄
8
9
53
The thing people don't understand about hackers, is that in addition to being phenomenal puzzle solvers, they're also artists; it's just that their art is an exploit, rather than a jpeg.
Shame more people don't realize that and admire their work.
5
7
47
Exciting news! 🔥
The Firedancer v0.1 Boost kicks off on July 10, with $1m in rewards up for grabs! 💰👉
@jump_firedancer
Get ready to hunt for vulnerabilities — and secure huge earnings. Don’t miss out!
0
15
244
2
14
46
New feature security friends: We've updated our audit contests to use our new program designs. This is only the beginning of the changes coming to
@immunefi
boosts.
With luck it comes as a breath of fresh air. We're all leaving free text fields behind us. 😀
0
1
44
An incredible achievement for
@immunefi
and the security community.
Immunefi has earned more for whitehats than all other web3 platforms put together.
And we did it faster than any bug bounty or pentesting platform, EVER!
Now we’re soaring to new heights!
📢Huge news! 📢
We’ve officially surpassed $100 million in rewards paid to whitehats! 💸
Thank you to our incredible community of researchers and our partners for your dedication and hard work. Here’s to the next $100 million — and beyond.
11
26
120
3
5
42
@immunefi
@wormholecrypto
Congrats to
@wormholecrypto
for taking security seriously. Should be pretty clear to the entire community that their word is as good as gold.
0
0
39
SRs rejoice! Bug bounty walls of text are dead 🪦
Our new Bug Bounty Program pages make it effortless to get the info you need to make your hunt a success 💸
Check out this example for
@graphprotocol
’s $2.5m BBP:
#ImmunefiBBPs
4
7
39
The blockchain talent pool is definitely booming; thousands of security researchers, dozens of startups, and a lot to like. We’re far from 2020, when bug bounty programs were rarely adopted and bounty sizes were tiny.
How do we get to the next level? I'm open to ideas.
4
5
36
Introducing: Total Reports Paid — a new way to prioritize hunting 🏹
Want to be sure a bounty program has paid reports in the past? Now you can check: programs can opt-in to show the number of reports they've paid, so you can build more trust in your counterparty.
Pro tip: Use
4
5
38
Thanks
@epicweb3
for hosting DeFi Security Day and bringing together so many great web3 security experts.
Securing DeFi was never so fun!
2
12
33
Bug bounty adoption was a crucial step to prevent an armageddon.
@Immunefi
alone prevented $25B+ in funds from being stolen (a number I'll be re-estimating over the new few months).
If we didn't have bug bounties, crypto would be in a much darker, more hostile place.
1
3
36
The
@immunefi
family and I are doing whatever it takes to ensure security researchers drown in cash, not red bull
Stay strong security friends
You guys don't realize how lucky we are
Meanwhile people in web2 are getting paid in trays of redbull for crits
11
6
90
4
2
34
Hiring tip for fellow founders: if someone actively dislikes animals, that’s a red flag.
Lack of empathy is a serious concern and erodes team morale, don’t risk it. Select for great character, inclusive of mercy and care.
5
3
33
We created the 'I'm feeling lucky' button by community request, and it's been a hit!
To make it even more useful we made it eminently shareable, so that it's effortless to hunt anytime, anywhere.
Happy hunting!
2
2
33
We're getting better security fam... one day soon 'smooth' will be the
@immunefi
new normal.
And then we'll be unstoppable.
1
3
31
Security fam, yesterday you requested an easy way back to the explore page. We heard you.
So we designed, developed, and shipped just that feature the same day.
Enjoy comrades.
3
4
31
Yet another case of ASK and yee shall RECEIVE!
Per
@00xWizard
's feature request we have created a KYC Y/N filter on the
@immunefi
/explore/ page, so you can find the programs that are just right for you.
Enjoy the hunt!
@MitchellAmador
@immunefi
If you guys can add the kyc: yes, no filter, it would be great. Been asking for this multiple times
0
0
0
2
8
31
Finding juicy new targets on Immunefi just got a whole lot easier 🎯
We got tons of requests for this one — and as always, we heard you loud and clear 🫡
We’ve added a column to the Scope section of BBP pages showing when assets were added, so you can see the hottest new
0
3
31
The time of the audit contest is over.
The time of the Attackathon has come.
One Attackathon to rule them all.
One audit competition to rule them all 🏆
Immunefi, in collaboration with the
@Ethereum
Foundation, presents the first-ever Attackathon to enhance Ethereum’s protocol security. 💪
Become a sponsor and help make history ✨
1/4
#EFxImmunefi
102
325
1K
2
2
27
Want to know what a DeFi war room is like when millions are on the line? Live it through our story:
0
9
27
Crypto is now far too large to stay on top of. There was a time when I knew most of the projects in the space... not anymore. Now I can barely keep up with the security sector!
3
3
28
New feature for security researchers, making it easy for you guys to see how many Boosts are live and running at any one time. Enjoy!
Have more feature requests? Let me know what you guys need and we'll make it happen.
2
1
27
My brother in security
@0xnirlin
we did this for you, see
You ask, we ship, that's how it goes fam
5
3
27
@realCaptainWoof
@immunefi
Immunefi is hard mode; there aren't a lot of obvious bugs.
But there are a lot of non-obvious ones.
Need to shift mindset from picking low hanging fruit to thinking like a true hacker; how do I break this system?
Then you'll realize there are bugs, bugs everywhere.
2
4
27
@0xriptide
@immunefi
it's in the backlog. I hope to launch this sometime this year.
Thing is this feature is less valuable than creating better transactions in the first place, which is where my attention is going atm. That takes precedence.
2
2
27
Some
@immunefi
power users thought we were being a little too paranoid with our fast-acting auto-logout settings...
So by popular request, we've loosened them up a bit. Now your login should last the workday.
Enjoy everyone.
0
3
27
Severity upgrades happen only on
@immunefi
, because we care more about real report levelling than anyone else. The truth is what counts with us.
So much more on this is coming, ready yourself. And in the meantime keep hunting and winning! We all love to see it.
4
3
26
I've got some vibes inbound security fam.
Brace yourself.
1
2
25
Many Security Researchers have requested an easier, more pleasant way to read Boost reports than trudging through our Github repo; we've heard you, and so we put together a quick Gitbook MVP, which gives you:
1) A pleasant report reading experience, grouped by contest
2) Full
1
5
26
Elite hackers rejoice! Your recognition is now limitless 🤩
Today on, once you’ve earned $100k+ on Immunefi, you’ll unlock Super Whitehat powers and all rate limits will unlock for you in perpetuity. Ideal for multi-protocol crits.✅
Happy hunting!🏹
0
3
26
The Lazarus group is arguably the biggest advanced persistent threat in crypto right now (definitely the scariest). Immunefi's recent report shows they've been responsible for over $300 million stolen this year alone. Read more about it on Fortune:
1
5
23
You asked, we delivered: Google Sign-On has arrived, and can be enforced across all program users in the Organization settings. Formerly a customer feature request, now shipped. :)
@immunefi
is your secure vulnerability dashboard. More access control tooling in the works!
3
5
24
Come join the biggest audit in Solana’s history
0
6
23
Even moarrrrr audit contests on
@immunefi
! This time with the biggest staking protocol in the entire onchain economy.
Legends will be borne from this contest. If you win it, you can be sure that you'll be in high demand from staking protocols across the world.
🎉 The countdown is now live for our Boost with
@LidoFinance
which focuses on Mellow Decentralized Validator Vault 🎉
👉 $100k reward pool
👉 3 weeks duration
👉 3700 nSLOC
👉 Starts on August 15th
Don't miss out on this! More details at the link below:
0
4
33
0
1
23
In light of the recent onchain hack impact piece, I remind all of your security researchers that you CAN become a 100x hacker, and only YOU can keep crypto safe.
Do your duty, and become a security legend.
0
4
29
EthCC proved that, like in real life, the side events are the real main event.
Can’t wait to side event with you all in the future.
2
2
23
To all of the
@immunefi
security family, remember we need to be aspiring to this level of achievement.
Our job is to prevent the apocalypse.
0
4
22
A few new features shipped today. The first one for Projects on
@immunefi
: users can now search by report ID within the Immunefi dashboard.
This was a recent request from one of our customers, and it didn't take long to get shipped.
Enjoy everyone.😘
2
1
23
After inflation resistant assets and DeFi, onchain security has next greatest product-market fit in crypto.
And success for any onchain vertical strengthens that PMF.
This means
@immunefi
is going to be huge. 360 bounties today, but 1000 more incoming.
Incredible bounties to
1
0
22
We have created the most impartial and effective dispute resolution methodology in the bug bounty world. Severity upgrades are proof of that.
Everyone wins: More trust drives more whitehat reports, driving more positive sum security impact for all.
Stay good everyone.
@MitchellAmador
@immunefi
Back in 2022, when Immunefi was still working out its methodologies, it had a bit of a mixed reputation.
Two years later, I can safely say that it has really locked down its negotiating skills in favour of whitehats.
My thanks. 🙏
1
2
32
2
2
21
Just a few crits away from $100m in payouts to whitehats on
@immunefi
#ImmunefiStats
We've now reached $95m in payouts to whitehats.
Unreal.
What should we do to celebrate at $100m?
6
21
69
2
3
22
Beasting.
This was my best year yet in bug bounties. Feeling thankful and hoping that next year is even better. Thanks
@immunefi
@OddlySpecivik
@0xMackenzieM
#ImmunefiWrapped
21
15
237
0
1
20
Coming at you with another upgrade to the hunting experience on Immunefi✨
The mediation button on reports is now available at all times, so you can get the help you need when you need it. And if mediation does not yet apply, a modal lets you know.
No more second-guessing, just
1
2
20
It’s true, we’re in the audit contest big leagues now. And will continue to be.
$2.7 Mil on Immunefi contest over the next 30 days
And this isn't even the biggest news we have in the next 30 days!!!
Legit unbelievable what we got coming next for you!
2
2
38
1
0
19
Haven’t done one of these in a while, so glad to get this out there!
It was a great exploit, phenomenal work
NEW bugfix review
"A critical vulnerability was identified and reported by whitehat
@riproprip
in the Raydium protocol on January 10, 2024...A bounty of $505,000 in RAY tokens was awarded to the whitehat for this discovery...."
1
10
71
0
2
20
Onwards and upwards from here.
We've just raised our Series A.
So far, we've paid out $60 million in bounties to some of the world's best hackers and saved $25 billion from being hacked in web3.
Expect many more big things from us in the future.
Let's secure web3 together.
21
46
272
2
1
20
In web2, a BIG bug bounty payout might be only $25-50k, but onchain blackhats can earn millions from a single exploit, which kills disclosure incentives.
The only solution: scaling bug bounties should be proportional (to some reasonable degree) to the capital at risk. A life
1
1
19
Like Alladin's Genie in the Lamp, you make a feature request and
@immunefi
grants it.
From feature request to production in just 3 days. Now all whitehats can search their historical reports by the project they submitted to or report title they used. Enjoy
@sentient_x
!
@immunefi
is it possible to add a feature to search your submitted bugs per project as well? Current search is limited to Status and Severity, but at times you want to find an old report quickly to a project.
@MitchellAmador
1
0
2
0
4
20
Whitehat found bug, requested fix, fix now live.
Same day shipping security fam. Only for you.
Feedback always welcome on
@immunefi
!
@MitchellAmador
Hey, I found it did not behaves as expected. When you happen to open a bounty program directly from google results and hit this button, it brings you back to google, not on the explore page of Immunefi
1
0
2
2
1
19
Crypto has a real issue with operators doing N projects at the same time. This slows our outcomes.
Which is strange, because success in our space is so leveraged that doing one thing well typically leads to dramatically better results.
I'ma do one thing.
3
0
19
We’ve only just begun and the Immunefi security community has already delivered huge security impact.
The message is clear: if you need an audit contest, come roll with us.
In just 7 days on the
@FolksFinance
Boosts (audit contests), we have:
- 2 Criticals
- 3 Mediums
- 4 Lows
- 1 Insight
- 5 reports still escalated by Immunefi
This means the whole pool has been unlocked.
JUMP IN AND HUNT!
2
5
31
0
2
19
Immunefi elites are just better than others.
Already unlocking this huge pool is an amazing achievement.
5 Highs and 3 Criticals have been confirmed in the Fuel Attackathon unlocking the $1M reward pool!
With 4 days left, this is your chance to find bugs, earn rewards, and help secure
@fuel_network
's $90M+ deposits
Time to get hunting
10
12
74
1
0
19
The future of Immunefi is a whole new level of vibes.
You’re going to love it.
1
3
18
The community will wake up to the severity of DeFi hacks when 'the big one', a hack of hundreds of millions in size, happens.
It may have already happened.
1
5
17
Is onchain security improving? According to the metric that matters most (funds stolen), yes. Hack volumes are rising, yet the overall impact is diminishing. Despite 247 hacks in 2023 alone, the aggregate impact decreased, with $1.7B in funds impacted, against $3.7B in 2022.
4
5
17
Introducing the new best home for your security victories.
Reports, earnings, ranking, achievements, and more to come. All of it will live in your Immunefi Profile, showing everyone you're a legend in the making.
Head over to and make your profile; you
Introducing Immunefi Profiles for the world’s most elite security researchers.🏅
Immunefi Profiles showcase your hard-earned, legendary achievements and badges. 💪
To create your own, log in to the Immunefi Dashboard (), just like
@lonelysloth_sec
did.
8
21
98
0
3
18
Need moar victories for the security community. Expect us!
1
0
18
Achievement unlocked, epic work!
That would be a badge to earn.
With hard work, anyone gets a Confirmed Critical in
@immunefi
But can you draw a Confirmed Rainbow?
> 1 insight, low, med, high, and crit in any order, in a row. Uncropped images only.
14
4
130
2
0
18
Big numbers aside, the ecosystem really is getting more secure.
@immunefi
is a hugeee part of that and soon, I'll prove it.
May these numbers trend forever lower per unit of onchain TVL.
Crypto losses due to hacks and scams hit $336 million in Q1: Immunefi
8
8
26
1
0
17
How do the new program summaries look? Do they do the job, or is the more you need that's missing?
1
0
17
5
0
16
Are there 10x devs for onchain security? Yes, there are.
@storming0x
asked if there are 10x auditors, and of course there are!
But they too should move aside, for the 100x hackers is the true demonstration of the vast delta in onchain attacking skills.
0
1
17
For those of you who want to read the long form post on my blog, complete with stats and graphs and deeper analysis of the subject, you can read that here:
2
4
17
Glad to see our unique efforts to create the most fair and impartial security platform being appreciated. We really do put 110% into this.
And it's why we can be trusted with programs and reports that no one else can; integrity is deep in the
@immunefi
DNA.
@1_00_proof
@MitchellAmador
@immunefi
In my experience they work very hard at being fair and impartial.
They don’t automatically side with reporter but actually do the hard work to understand the issue and give a fair evaluation — which I think is the best for both projects and reporters.
0
1
18
0
3
16
Feeling lucky? Well, you should be, because we've upgraded the 'I'm feeling lucky' mechanic to be even more fun and helpful!
1) We’ve added a ‘Feeling Lucky for Scope?’ mechanic, so that you can get random assets-in-scope put right in front of you. Let lady luck guide your
1
3
16
There's no stronger onchain industry than the security industry.
We are more onchain-native, more long term focused than almost all our (absolutely phenomenal) sister industries.
We are foundation upon which an onchain world is being built.
0
3
16
Yes, it really has improved a ton. The security community (especially
@immunefi
imo) have hit the security ball out of the park, and in a wonderful way.
There's another order of magnitude or two of improvements needed before Crypto is truly primetime ready, but we'll get there.
One of the biggest DeFi Wins recently happened in silence:
Security has gotten way better -- thanks to projects are investing way more in security,
@immunefi
, and
@_SEAL_Org
Graph below doesn't even paint the full picture bc it includes CeFi and phishing attempts.
1
2
23
0
2
16
@immunefi
@fuel_network
Attackathons are a whole new level of audit contests.
Move aside forerunners,
@immunefi
has arrived.
2
0
16
Great to have you aboard Ash. Security friends, give Ash a follow! Here’s here to help you with the anything you may need on
@immunefi
👋Hi, Twitter fam! I’m excited to join
@immunefi
as Hacker Success! 🚀I'm here to support our talented Security Researchers and make sure their skills shine.
Let’s secure the future of Web3 together! 🛡️✨
10
6
85
0
0
16
@Audinarey
@BKWeb3
@UnoHeuss
@trust__90
@immunefi
Yes, this is the direction we're going.
But for context, this is not simple, and in many places it's highly illegal to do this without being a particular type of licensed institution.
We've developed/are developing the way to do this right, at massive scale.
3
0
16
@josephdelong
@immunefi
This is why the top projects in DeFi use
@immunefi
.
We do whatever it takes to protect the community. 🛡️🪲
0
0
16
Security fam, how do we like the little swords in the banner? Does it satisfy you?
Beyond that, any way we can make this banner better/more to your liking?
1
2
16
Fun new feature: Attackathons live on top of the boost tab, so that they jump out.
You can also see that there are two buttons there, a 'Learn' and a 'View Attackathon' button.
This is because we've got a lot of content prepped, but we also wanted to keep the Attackathon
1
3
15
Every month the millies are flowing to security researchers for their incredible work.
Accept their embrace, hunt on
@immunefi
security fam.
#ImmunefiStats
Check out the earnings whitehats pulled in on Immunefi this June.
Outstanding job!
July is just kicking off. Time to make it count!
1
3
22
3
3
14
It’s hard not to be long on
@RobertMCForster
, he’s a man of real commitment. Much respect, looking forward to his 2022 at
@ArmorFi
3
5
15
I've got so much more to share with you all about this, thread coming soon. We're creating the worlds' best bug bounty program experience, and this is the first major piece of that experience to come.
0
1
15
Feature update: We've made Responsible Publication more visible and easy to understand!
First, we've embedded it on the right-hand control panel within reports, so you can get answers in one click.
Second, we've refactored the RP guide, making it dead simple.
We hope this
0
4
16
A bounty for champions here.
Only on
@immunefi
The Morpho Bug Bounty has been raised to $2.5M
It is now the second-largest bounty for any lending protocol, providing an added layer of security to Morpho's heavily audited and formally verified code base.
More details below.
5
9
55
0
3
13
We're at an all time high for bug bounties in crypto, but more are coming very soon.
I wonder how big we'll get by the end of 2024. I'd be shocked if we weren't over $200m.
0
0
14
1
0
14
Working with
@joranhonig
is a masterclass in thinking like an attacker.
We're back.
You've missed us.
We have the next installation in the much-demanded U UP interview series with a Mr.
@joranhonig
, an elite web3 whitehat.
Read more to discover his background and bug bounty secrets.
3
19
49
1
0
14
3
2
14
Honestly the more I learn about the mid 1800s Victorians the more it becomes apparent that we were borne out of their greatness.
The creativity per capita was astounding, the health of the culture vital. In a generation or two they built the foundation of the modern world.
4
1
13
Security comrades, I'll be in Brussels for EthCC, tell me you'll be there! Can't wait to see as many of you in person as I can. :)
We're happy to announce that our team will be at
@EthCC
in Brussels! Come say hi and meet
@MitchellAmador
,
@RehmanSajjad
,
@adrianhetman
,
@Dan_Immunefi
,
@huvoliveira
👋
Date: July 10-11
Location: EthCC[7]'s Sponsors Hall (Olympus)
See you there! 😎
3
5
21
3
2
14
Mad respect to Wormhole for always being pioneer.
They are constantly raising the bar for onchain security.
We're thrilled to announce
@WormholeFdn
, steward of the
@Wormhole
platform, as the first sponsor in the
@Ethereum
protocol Attackathon on Immunefi! 💥
Thank you for your support in advancing onchain security 🔐
Find out more & sponsor now:
#EFxImmunefi
4
27
123
0
1
14
Sure, the onchain environment is a dark forest, with many adversaries. We know.
But they aren't all North Korean hackers stalking your every commit. That's an adversarial narrative, designed to turn opinion against the onchain community.
Let's not propagate it prematurely.
1
1
12
You wanted more
@immunefi
audit contests, you got more.
This one for all the amazing contributors to the Fuel Attackathon; they shall reap what they have sowed, to the tune of $65,000. Happy hunting!
🎉 The countdown is now live for our NEXT IOP with
@ThunderbyFuel
— the first of the 4 Fuel dApps.🎉
👉 $65k reward pool
👉 3 weeks duration
👉 1806 nSLOC
👉 Starts on August 12th
Don't miss out on this! More details at the link below:
0
5
21
0
1
13