April 2026 Immunefi Ecosystem Update
Ready to get involved in the Ecosystem? Buy IMU →
Allocating into crypto security? Talk to us →
Base Chose Immunefi to Secure its Biggest Independent Upgrade
On April 21, the audit competition for Base Azul went live with a $250K prize pool. Base Azul is Coinbase's first independent L2 upgrade since splitting from the OP Stack, and the team picked the Immunefi platform’s audit competition format over every other option to pressure-test the code before May 13 mainnet activation.
When institutions custodying billions onchain pick a security partner, they keep picking the Immunefi platform. Base now joins Anchorage Digital on that list.
See the Base Azul audit competition →
April Highlights
KAST, the Global Stablecoin Platform, Partners with Immunefi
KAST, a stablecoin payments platform built by Circle, Revolut, and Wise alumni and used across 170+ countries, moved its security program onto the Immunefi platform. Every dollar of stablecoin value flowing through KAST now sits behind the largest crypto security researcher network in the world. KAST joins Anchorage Digital and a growing roster of institutions that recognize real money needs real security.
The same token that aligns this ecosystem is available to you. Buy IMU now.
$650M stolen. DeFi's worst month in over a year. The pattern keeps repeating.
April 2026 was the worst month for DeFi security in over a year. Public trackers put the running total at up to $650M stolen across 28-30 separate incidents, notably:
- Kelp DAO's wrapped ether vault lost $293 million on April 19 when an attacker exploited a third-party cross-chain messaging configuration.
- Drift Protocol lost $285 million to a socially engineered Security Council compromise on April 1. Total DeFi TVL dropped over $13 billion in the 48 hours after the Kelp incident alone.
One-shot security cannot keep up with this market. The infrastructure that needs protecting (cross-chain components, privileged operator keys, governance) requires continuous coverage. The winning stack is a permanent, incentivized researcher network. That is the model the Immunefi platform runs, and it is the only one that compounds in defenders' favor as AI scales both sides.
Pledge IMU to a researcher here to protect the DeFi ecosystem.
Record platform quarter. Record active researcher month.
The numbers behind it:
- $7.3M Q1 researcher payouts: the strongest quarter since Q2 2024 (vs. ~$3.5M average across Q2–Q4 2025)
- $300K to bpop23293, $125K to adnanthekhan, $100K to gregoai (Q1 critical severity highlights)
- $134M+ cumulative all-time researcher payouts, end of March
- 85,000+ registered researchers as of early April
- 3,720 new researchers in April alone, +194% YoY
- 166 Elite-tier researchers active
Top-of-funnel growth, with engagement quality steady: roughly 1 in 10 newcomers submits immediately, and the active base has more than doubled year over year.
The network is both bigger and working harder. See the platform →
April by the Numbers:
| Metric | February | March | April |
|---|---|---|---|
| Protocols Protected | 263 | 243 | 232 |
| Live Threats Prevented | 86 | 247 | 132 |
| Total Researcher Payouts (all-time) | $131.2M | $133.9M | $134.9M |
| IMU Price | $0.003281 | $0.002731 | $0.002385 |
| IMU Pledged (Hacker Pledging) | 14.3M | 15.7M | 16.3M |
Immunefi Platform Progress + May Roadmap
The platform shipped a wave of new upgrades aimed at the researcher experience:
- Human Passport: a new method for researchers to verify their accounts. Not all could use ZKPassport, so Human Passport will cover the gaps. A big win both for security researchers and anti-spam efforts.
- Optional Proof of Humanity. Projects now choose whether their program requires humanity verification.
- Smarter auto-banning. Duplicate reports no longer count toward the auto-ban threshold, ending a common source of unfair bans.
Future focus. Doubling down on five core offerings: Audit Competitions (Base Azul live, $250K pool), Audits, Bug Bounty Programs (230 active), PR Reviews, and Managed Triaging. Q1 payouts up 221% QoQ and April's $650M+ in DeFi losses confirm the thesis: continuous coverage beats one-shot audits.
For IMU-specific developments, Hacker Pledging Season 2 runs through July 7 with a bonus structure designed to compound IMU demand alongside the platform's growing share of critical vulnerability disclosures. More pledges feed sharper threat detection, stronger protection drives more protocol participation, which feeds more researchers, reports, and pledges in turn.
Content Highlights
- 94% of Long-Running Bug Bounty Programs On Immunefi Have Surfaced a Critical Vulnerability - the data point that should pin every protocol team to the wall.
- Vulnerability by Ecosystem 2020-2026 - five years of vulnerability data sliced by chain. The pattern is clear.
- Silicon Valley Embraces New Breed of Bodyguards After Altman Attack, AI Backlash - When AI founders need bodyguards, onchain security is an established imperative
- Crypto Hackers Drain $1.08 Billion in 68 Attacks as Social Engineering Surges - Drift was not an outlier. Social engineering is now the dominant attack vector.
Join the Mission
For the community: Buy IMU →
For institutional partners: Get in touch with Institutional Relations →
Immunefi protects $190B in TVL across 232 protocols. 93% of critical vulnerability disclosures in crypto flow through this platform. If you're allocating capital into crypto security infrastructure like IMU, we'd like to talk.
The Immunefi Foundation is scaling security to save crypto from hacks and build a safe, resilient onchain economy. The IMU token coordinates protocols, researchers, and community to continuously compound security for a safer onchain future.