Ethereum Foundation Raises Bug Bounty Maximum to $1 Million

Key Insights

• Ethereum Foundation quadrupled the maximum bug bounty to $1 million from $250,000.
• The maximum bounty is only for critical bugs that are fundamental to the integrity of the Ethereum blockchain.
• Ethereum has been rolling out initiatives to boost its security in recent months.

Ethereum Foundation has quadrupled the maximum payout for its bug bounty program. The  Foundation Protocol Security lead, Fredrik Sivantes, shared this development on X. He noted that the maximum bounty has increased from $250,000 to $1 million.

The increase in the maximum payout highlights the Ethereum Foundation’s focus on strengthening blockchain security. It incentivizes white-hat hackers to identify vulnerabilities more actively.

Maximum Payout Only For Critical Bugs

The Ethereum Foundation has increased the maximum payout. However, the $1 million will apply only to bugs classified as critical. These bugs directly affect the network and key protocols.

According to the announcement, a critical bug affects more than 50% of validators. This enables the theft of ETH from wallets or allows the minting of an unlimited supply. Bugs that allow the burning of ETH or are capable of taking down the entire network are also included among critical-severity risks.

However, the maximum bounty for any other type of bug is $50,000, covering low- to high-severity bugs. High-severity bugs affect 33% of the network or validators.

Meanwhile, other vulnerabilities not listed in the bug severity categories are not considered for the bug bounty program. These include bugs in ERC-20 contracts, infrastructure bugs, and any vulnerability that does not affect the Ethereum ecosystem.

Interestingly, those living in countries that are on the US sanctions list cannot participate in the program. This is quite interesting given that state-sponsored bad actors targeting blockchain protocols are likely to come from sanctioned states.

Ethereum Rolling Out Security Initiatives as Bounty Program Offers Leaderboards

Meanwhile, the increase in maximum bounty is only one of the many security initiatives on Ethereum in recent months. In 2025, the Ethereum Foundation launched a $2 million contest. It asked security researchers to find vulnerabilities in the Fusaka codebase before deploying an upgrade.

The DAO Security Fund also launched in January 2026 with $220 million. It seeks to deploy unclaimed funds from the 2016 hack to ensure the network remains secure.

Interestingly, the Ethereum Foundation bounty program also awards points to security researchers who identify bugs. This appears to be another incentive to encourage activity within the ecosystem.

The program has two leaderboards: Execution Layer Bug Bounty and Consensus Layer Bug Bounty. Leading the Execution Layer leaderboard are Martin Holst Swende, Guido Vranken, and Sam Sun. They hold 64,500 points, 35,200 points, and 35,000 points, respectively.

Protolambda leads the Consensus Layer Leaderboard with 42,400 points. Quant Thoi Minh Nguyen with 19,960, and Jonny Rhea with 18,700 followed it. Guido Vranken is also on the list with 17,850 points.

The post Ethereum Foundation Raises Bug Bounty Maximum to $1 Million appeared first on The Market Periodical.