CertiK launched CertiK Hunt on 1 July 2026, an invite-only platform connecting vetted security researchers with Web3 projects for bug bounty programs, audit competitions and AI challenges. The platform addresses two persistent problems in bug bounty programs: high volumes of spam and low-quality submissions that drain project security teams, and disputes over severity ratings and payouts when protocols downgrade findings. CertiK independently reproduces and rates every submission, setting severity itself rather than leaving it to the protocol, while restricting participation to researchers vetted on technical expertise, track record and reputation within the security community. The launch follows another year in which billions of dollars were lost to exploits across the Web3 ecosystem, as digital asset markets mature and protocols grow more complex.
The defining feature of CertiK Hunt is its exclusivity. Only approved security researchers can participate, evaluated on technical expertise, previous findings, track record and reputation within the security community. Projects joining the platform are also reviewed before launching programs, creating a vetted environment on both sides of the marketplace.
The rationale is to combat one of the biggest challenges facing bug bounty programs: the large volumes of spam and low-quality submissions that flood open platforms. For project security teams, sifting genuine vulnerabilities from noise is a significant operational drain. By restricting participation to vetted researchers, CertiK is betting that a smaller, higher-quality pool produces more impactful findings and far less wasted triage effort — a network, as the company frames it, defined by signal rather than volume.
Every submission on CertiK Hunt is independently reviewed by CertiK, which reproduces and rates each finding and sets the severity assessment itself — not the protocol. Accepted findings are then paid out under responsible disclosure.
Margarita Kadochnikova, Head of Communications at CertiK, framed the independent-arbiter role around fairness to researchers. "We've seen too many cases across the industry where security researchers submit valid vulnerabilities only to face disputes or delayed payouts," she said. "CertiK Hunt is built to create a trusted environment where high-quality researchers can focus on finding impactful vulnerabilities, projects receive meaningful security insights, and both sides know the rules will be applied fairly."
By placing severity assessment with a neutral third party rather than the project paying the bounty, CertiK removes the structural incentive for a protocol to quietly negotiate a finding's severity down to reduce its payout — one of the most common complaints researchers raise about self-run bounty programs.
Hudson Jameson, Head of Ecosystem at CertiK, positioned the platform within a broader industry shift from one-time audits toward continuous security. "CertiK Hunt is the next step in our mission to secure the Web3 ecosystem," he said. "By building a network defined by signal and quality rather than volume, we are creating a platform where the best researchers can do their most impactful work, while giving projects greater confidence in the security of their code."
CertiK Hunt extends the traditional security audit by providing continuous, researcher-driven testing throughout an application's lifecycle. By combining formal audits with ongoing bug bounty programs, audit competitions and AI-powered security initiatives, the platform is designed to help projects strengthen their security posture long after code is deployed — addressing the reality that a point-in-time audit cannot catch vulnerabilities introduced by later code changes or surfaced by novel attack techniques.
The launch comes after another year in which billions of dollars were lost to exploits across the Web3 ecosystem. As digital asset markets mature, regulatory scrutiny increases, and protocols grow more complex, the cost of undiscovered vulnerabilities continues to rise — making continuous, high-quality security testing more valuable than ever.
CertiK's own research has documented the shifting threat landscape driving that cost. Its 2026 Skynet stablecoin threat report found wallet compromise overtaking code vulnerabilities as the dominant exploit vector, while its earlier regulatory report found infrastructure compromises drove 76% of 2025 on-chain losses by value. CertiK Hunt fits a wider expansion of CertiK's product suite beyond audits — including its recent Skill Scanner for AI agents — as the firm builds out continuous, lifecycle-spanning security infrastructure.
CertiK reports having secured 5,181 projects and assessed over $500 billion since 2018.
What is CertiK Hunt?
CertiK Hunt is an invite-only Web3 security platform, launched on 1 July 2026, that connects vetted security researchers with Web3 projects. Projects can run bug bounty programs, audit competitions and AI challenges, with every submission independently reproduced and severity-rated by CertiK before reaching the project team.
Why is CertiK Hunt invite-only?
The invite-only model is designed to combat the spam and low-quality submissions that flood open bug bounty platforms. Researchers are vetted on technical expertise, previous findings, track record and reputation, and participating projects are also reviewed — creating a trusted environment focused on high-quality, impactful findings rather than submission volume.
How does CertiK Hunt handle payout disputes?
CertiK independently reviews every submission, reproducing each finding and setting its severity assessment rather than leaving that to the protocol paying the bounty. Accepted findings are paid out under responsible disclosure. This neutral-arbiter approach is designed to prevent the severity downgrades and payout disputes that researchers commonly encounter on self-run programs.
Related News
Novig Selects Eventus Validus for Prediction Market Trade Surveillance
Palantir CEO Karp Criticizes OpenAI and Anthropic Token Model
Ethereum Institutional Launches as Nonprofit to Accelerate Adoption
OneCoin Fraud Victims' $40M Compensation Claims Deadline Closes June 30
6 AI browsers tricked by '2+2=5' game, all SSH credentials leaked