DeFi security: bug bounties and GitHub phishing spike

Multiple DeFi teams report allocating roughly 5–10% of security budgets to ongoing bug-bounty programs rather than one‑off audits, according to a sector analysis of program spend. (nadcab.com) Crowdsourced triage platforms show the shift in hard dollars: HackenProof’s listings page tallies 350+ active programs and cites more than $22,000,000 paid to researchers across tracked bounties. (hackenproof.com) Security research platforms such as Sherlock have published playbooks arguing that continuous public bounties surface live‑state smart‑contract issues missed by pre‑launch audits, framing bounties as an operational detection layer. (sherlock.xyz) Developers on GitHub working on the OpenClaw project were specifically targeted with a fake “$5,000” token‑airdrop lure that used cloned pages and hidden connection prompts to drain wallets, according to Decrypt and CoinDesk incident reports published March 18–19, 2026. (decrypt.co) (coindesk.com) The DeepSnitch AI presale is publicly listed as ending March 31, with site details showing a presale price near $0.04487 and a 30% bonus on purchases above $2,000, a timeline observers link to elevated phishing activity around AI‑focused crypto offerings. (deepsnitch.ai) (webhani.com) Security trackers documented twin GitHub social‑engineering campaigns and autonomous scanners probing CI/CD workflows during Feb–Mar 2026, and reporting groups flagged hundreds of malicious OpenClaw‑related packages and skills used to push stealers and supply‑chain malware. (redmondmag.com) (cryptotimes.io) Incident advisories and bounty platforms (Immunefi, HackenProof) are increasingly coupling public bounties with concrete mitigations—blocking malicious domains, revoking suspicious wallet approvals, and prioritizing rapid triage of presale‑related reports—to reduce theft vectors tied to developer tooling and token launches. (immunefi.com) (hackenproof.com)