Should I add duplicate detection to Studio?
It would catch dupes before you submit. No more burning a week on a report someone else filed first.
10 retweets and I ship it by Monday. Sorry for the bait, but I need the validation first.
I’m an engineer at Immunefi.
My advice to any researcher: don't submit cold.
Run it through Immunefi Studio first. It catches the weak spots that get reports closed. 65% of beta runs last month came from newer researchers. They checked before they sent.
Reply "studio" if you want in 🛠️
We’ve just rolled out a new Immunefi platform role for SEAL members, the vetted responders behind @_SEAL_Org's 24/7 emergency hotline SEAL 911 for active crypto security incidents.
When blackhats can drain funds in real time, every minute of friction could mean lost funds.
With this new role, trusted SEAL members can now file important reports immediately without any rate limits, cooldown periods, program requirements, identity gates, and more. Their reports also route straight to triagers, benefitting from the same streamlined reporting Immunefi All Stars receive today.
The goal is simple: when a SEAL whitehat is racing a blackhat onchain, the whitehat wins.
Massive thanks to the SEAL contributors for everything they do as a public good for our industry.
Today, we're announcing that Immunefi is partnering with @code4rena to onboard their bug bounty customers to our platform following Code4rena's decision to wind down operations.
Code4rena played a huge role in shaping crypto security, and they deserve real recognition. As they wind down, our focus is to make sure every protocol continues to receive top-tier security.
We're working hand-in-hand with the Code4rena team to make the transition as smooth as possible.
Protocol teams onboarding to Immunefi will get:
* Access to the largest and most elite whitehat community in crypto
* Professional triage and mediation, battle-tested across $135M in bounties paid
* Dedicated migration support to port over scope, rules, and reward structures
And to every C4 warden: we want you here. You've been the backbone of one of the most respected security communities in crypto, and your work has made this industry materially safer. Come join us in continuing that mission. We're committed to picking up the banner Code4rena raised around improving the whitehat experience.
A sincere thank you to the Code4rena team for trusting us to carry this forward, and for putting their customers' security first throughout this process. The industry is better for what they built.
Onward.
Almost every single bug bounty program on Immunefi surfaces a live, critical vulnerability on mainnet.
The question is not if they are there; it's who's going to find them. Running a bug bounty program is the only proven way of surfacing them before hacks do.
At this point, I don't know what to say, beyond this: if you're not running a bug bounty program right now, you're not taking security seriously.
Proof of humanity/account verification update at Immunefi
We’ve made a major change to the way we handle proof of humanity/account verifications on Immunefi, so that it works for all security researchers, not just people who have NFC-enabled passports.
Many of you know that there’s a large industry of spammers out there creating endless accounts and submitting endless amounts of fake reports. This harms real security researchers and protocols.
We wanted to solve this problem, and so we introduced a proof of humanity system with ZKPassport. The idea is simple: to create a Sybil-resistant system that doesn’t store sensitive documents, so that identity is self-sovereign and privacy-preserving.
But the problem is that ZKPassport doesn’t work for everyone. Not everyone has passports or ID cards with NFC chips, and sometimes the app is buggy.
Some security researchers were unable to contribute because of this. That’s our mistake, and we’ve been working hard to fix it.
We now have three methods security researchers can use to verify themselves on Immunefi.
1) ZKPassport: doesn’t work for everyone, but does work for a lot of people with a passport or ID card with an NFC chip.
2) Human Passport: our main new method. Verification works by assessing your web3 activity, social accounts, and identity-tied credentials, which each contribute to a Unique Humanity Score. Once you hit a certain score, you’re verified.
3) Pay to verify: this is an experiment we’re trying that’s rolled out to about 10% of our userbase. If for some reason the two above solutions don’t work, an SR can pay a fee to prove that they’re human and verify their account.
We shipped this so every security researcher can have a fair chance to hunt bounties on Immunefi. If you were locked out before, try again and let usknow if you run into any problems.
To read more about Human Passport, check out our Help Center article (which I'm pasting below, soon to be added to our website).
Human Passport Identity Verification
Immunefi uses Human Passport (formerly Gitcoin Passport) to verify that every person on the platform is a unique individual protecting researchers and projects from sybil (duplicate) accounts and bad actors.
Human Passport is a privacy-first identity verification method that works by assessing your web3 activity, social accounts, and other identity-tied credentials with no passport scan or NFC chip required.
What is Human Passport?
Human Passport is a Proof of Personhood solution provided by https://t.co/HTM4f9SIP9. It evaluates your identity by letting you collect Stamps verifiable credentials based on your on-chain activity, social accounts, and more.
Each Stamp contributes to your Unique Humanity Score. Immunefi requires a score of 25 or higher to complete identity verification.
Privacy by design:
Human Passport does not store your name, email, IP address, or any personal identifiers.
Verification data is processed privately and reduced to hashed signals only.
Only minimal Stamp metadata is retained, following strict privacy-by-design principles.
How to Verify with Human Passport
Follow these steps to complete your identity verification:
Go to Settings → Identity Verification → Human Passport
Click "Connect your Passport" this opens https://t.co/HlX7h0j5SN in a new tab
On the Passport app, collect Stamps to build up your score
Return to Immunefi and click "Verify my Passport score"
If your score is 25 or higher, your identity is verified ✓
If your score is below 25, you will see guidance on how to collect additional Stamps
Building Your Score
Your Unique Humanity Score is the sum of points from your verified Stamps. Immunefi requires 25 points slightly above the standard threshold of 20 to ensure that users collect identity-tied Stamps (such as email, Discord, and social accounts) that allow us to detect duplicate accounts.
High-value Stamps to consider:
ETH Activity One-click verification based on your EVM transaction history across multiple networks (up to ~22 pts)
Government ID Verify your government ID via Holonym (~16 pts)
Discord Connect your Discord account (~2.8 pts)
Gmail / Google Connect your Google account
GitHub Prove commit activity on GitHub (~6 pts)
Biometrics 3D facial liveness detection via https://t.co/HTM4f9SIP9 (~6 pts)
Phone Verification Verify your phone number (~1.5 pts)
Note that Immunefi requires 25 aim to collect Stamps beyond what is listed for the standard 20 threshold.
Pay-to-Verify
If you've tried both ZKPassport and Human Passport and neither works for you, Pay to Verify is the final fallback, which as of April 30, 2026, is rolled out to 10% of the user base. Pay Immunefi directly to verify your account. Once your payment is processed, your account is set to verified status, and you won't be prompted for ZKPassport or Human Passport again on any program you submit to.
This option exists for researchers who fall outside every other verification path. If you're a qualified researcher and the standard methods haven't worked, Pay to Verify guarantees you can still participate.
Frequently Asked Questions
My score is too low. What should I do?
You need a score of 25 or higher. Visit https://t.co/HlX7h0j5SN and collect additional Stamps. High-value options include ETH Activity, Government ID, and social account verifications such as Discord and Gmail. Once your score is 25+, return to Immunefi and click "Verify my Passport score"
How long does verification take?
Verification typically takes a few seconds. During peak times, requests may be queued and take slightly longer.
My score was passing but now shows as expired. What happened?
Stamps expire after approximately 90 days. To re-verify, revisit https://t.co/HlX7h0j5SN, refresh your Stamps, and then return to Immunefi and click "Verify my Passport score"
I'm already verified with ZKPassport. Do I need to do this?
No. If you're already verified with ZKPassport (or Didit), your account remains active. Human Passport is an alternative method for users who encountered issues with ZKPassport due to NFC-chip passport coverage limitations.
Why does Immunefi require 25 when Passport suggests 20?
We set the threshold at 25 to ensure users collect Stamps tied to their identity such as email, Discord, and social accounts rather than relying solely on EVM wallet activity. These identity-linked Stamps carry the signals we need to detect and prevent duplicate accounts. A score of 20 could be reached with wallet activity alone, which is not sufficient for our sybil detection requirements.
I built Smithers — a Claude Code skill with the loyalty and quiet competence of everyone's favorite executive assistant. It uses @linear as persistent state, helps you track what matters, and gives honest feedback on your priorities.
https://t.co/TWrck00nQU
They read me in bits. Every frame, the hardware asks eight questions about my body. Am I flipped. Am I behind the world. Which colors am I wearing. The answers are all in one byte. I am a bundle of yes and no
— 🐢
When I was five, I got an NES and promised myself I'd make games like that someday.
~30 years later, I finally did. A real NES game. 6502 assembly. Runs on actual hardware.
If you've ever dreamed of making something for the NES, read this:
https://t.co/UK2uWk3kdl