Investing

CertiK Launches Hunt, an Invite-Only Web3 Security Platform

Key Facts

  • CertiK announced the launch of CertiK Hunt on 1 July 2026, an invite-only platform connecting vetted security researchers with Web3 projects.
  • Projects can launch bug bounty programs, audit competitions and AI challenges through the platform, with more features planned.
  • The invite-only model is designed to combat spam and low-quality submissions; researchers are vetted on technical expertise, track record and reputation, and projects are reviewed before launching programs.
  • CertiK independently reproduces and rates every finding, setting severity itself rather than leaving it to the protocol, to prevent disputed or downgraded payouts.
  • Quoted are Margarita Kadochnikova, Head of Communications, and Hudson Jameson, Head of Ecosystem at CertiK; the firm reports having secured 5,181 projects and assessed over $500 billion since 2018.

CertiK has launched CertiK Hunt, an invite-only platform connecting elite security researchers with Web3 projects, the firm announced on 1 July 2026. Through the platform, projects can run bug bounty programs, audit competitions and AI challenges — with the gating mechanism, vetted researchers and independent CertiK triage all designed to solve a problem that has dogged bug bounties for years: too much noise, too little signal.

Why invite-only

The defining feature of CertiK Hunt is its exclusivity. Only approved security researchers can participate, evaluated on technical expertise, previous findings, track record and reputation within the security community. Projects joining the platform are also reviewed before launching programs, creating a vetted environment on both sides of the marketplace.

The rationale is to combat one of the biggest challenges facing bug bounty programs: the large volumes of spam and low-quality submissions that flood open platforms. For project security teams, sifting genuine vulnerabilities from noise is a significant operational drain. By restricting participation to vetted researchers, CertiK is betting that a smaller, higher-quality pool produces more impactful findings and far less wasted triage effort — a network, as the company frames it, defined by signal rather than volume.

Independent triage to prevent payout disputes

The second structural feature addresses a long-running source of friction in bug bounties: disputes over severity and payouts. On CertiK Hunt, every submission is independently reviewed by CertiK, which reproduces and rates each finding and sets the severity assessment itself — not the protocol. Accepted findings are then paid out under responsible disclosure.

That independent-arbiter role is the point. Margarita Kadochnikova, Head of Communications at CertiK, framed it around fairness to researchers. “We’ve seen too many cases across the industry where security researchers submit valid vulnerabilities only to face disputes or delayed payouts,” she said. “CertiK Hunt is built to create a trusted environment where high-quality researchers can focus on finding impactful vulnerabilities, projects receive meaningful security insights, and both sides know the rules will be applied fairly.”

By placing severity assessment with a neutral third party rather than the project paying the bounty, CertiK removes the structural incentive for a protocol to quietly negotiate a finding’s severity down to reduce its payout — one of the most common complaints researchers raise about self-run bounty programs.

Continuous security over one-time audits

The launch reflects a broader industry shift from one-time audits toward continuous security. Hudson Jameson, Head of Ecosystem at CertiK, positioned the platform within that transition. “CertiK Hunt is the next step in our mission to secure the Web3 ecosystem,” he said. “By building a network defined by signal and quality rather than volume, we are creating a platform where the best researchers can do their most impactful work, while giving projects greater confidence in the security of their code.”

CertiK Hunt extends the traditional security audit by providing continuous, researcher-driven testing throughout an application’s lifecycle. By combining formal audits with ongoing bug bounty programs, audit competitions and AI-powered security initiatives, the platform is designed to help projects strengthen their security posture long after code is deployed — addressing the reality that a point-in-time audit cannot catch vulnerabilities introduced by later code changes or surfaced by novel attack techniques.

The timing: a rising cost of undiscovered bugs

The launch comes after another year in which billions of dollars were lost to exploits across the Web3 ecosystem. As digital asset markets mature, regulatory scrutiny increases, and protocols grow more complex, the cost of undiscovered vulnerabilities continues to rise — making continuous, high-quality security testing more valuable than ever.

CertiK’s own research has documented the shifting threat landscape driving that cost. Its 2026 Skynet stablecoin threat report found wallet compromise overtaking code vulnerabilities as the dominant exploit vector, while its earlier regulatory report found infrastructure compromises drove 76% of 2025 on-chain losses by value. CertiK Hunt fits a wider expansion of CertiK’s product suite beyond audits — including its recent Skill Scanner for AI agents — as the firm builds out continuous, lifecycle-spanning security infrastructure.

FAQ

What is CertiK Hunt?
CertiK Hunt is an invite-only Web3 security platform, launched on 1 July 2026, that connects vetted security researchers with Web3 projects. Projects can run bug bounty programs, audit competitions and AI challenges, with every submission independently reproduced and severity-rated by CertiK before reaching the project team.

Why is CertiK Hunt invite-only?
The invite-only model is designed to combat the spam and low-quality submissions that flood open bug bounty platforms. Researchers are vetted on technical expertise, previous findings, track record and reputation, and participating projects are also reviewed — creating a trusted environment focused on high-quality, impactful findings rather than submission volume.

How does CertiK Hunt handle payout disputes?
CertiK independently reviews every submission, reproducing each finding and setting its severity assessment rather than leaving that to the protocol paying the bounty. Accepted findings are paid out under responsible disclosure. This neutral-arbiter approach is designed to prevent the severity downgrades and payout disputes that researchers commonly encounter on self-run programs.

CertiK Hunt reflects a maturing view of Web3 security: that protecting protocols handling billions in value requires continuous, vetted, researcher-driven testing rather than a single pre-launch audit. Whether the invite-only model can scale enough researcher supply to meet project demand — without sacrificing the exclusivity that defines it — will be the key question as the platform grows. This article is informational and does not constitute investment or security advice.