In this episode of the DeFi Download, Piers Ridyard interviews Travin Keith, co-founder of Immunefi. Immunefi is the leading bug bounty platform in crypto, currently protecting over $25 billion in user funds.
Travin and Piers discuss DeFi project vulnerabilities and how bug bounties are just as important as audits. Travin describes the characteristics of a good hacker and how Immunefi brings together hackers and projects to create more secure DeFi apps and platforms.
[00:42] What exactly is a bug bounty, and why is it important?
[04:10] The philosophy of the open-source movement
[06:52] The "Homo economicus" fallacy, and why would any hacker capable of discovering an exploit in a project choose to accept a pay-out that is less than what they could get for exploiting that vulnerability?
[12:11] The old way of thinking of companies that used to sue hackers for discovering vulnerabilities.
[14:39] Amount of funds protected and of bounties paid out by Immunefi, as well as the case of Alexander Schlindwein
[20:16] Immunefi's approach to recruiting hackers
[24:55] What qualities make a good hacker, according to Travin's experience, that Immunefi looks for when looking for hackers for the White Hat Scholarship?
[26:42] What events does Immunefi attend in order to recruit hackers?
[28:29] Travin's business background and what it was like to live in Longyearbyen, Svalbard, in the Arctic. His path to co-founding Immunefi.
[37:45] Immunefi's collaboration with the Maker ecosystem, including work and incubation with the Sustainable Ecosystem Scaling Core Unit
[40:19] What would Travin change or improve about the current ecosystem if he had a magic wand? What are his thoughts, particularly on bug bounties and hacking, and what behaviour change he believes is critical for more founders and projects to understand?
[44:53] The difference between a white hat and a black hat hacker