Competitive smart contract auditing platform Code4rena has announced plans to wind down operations, with Web3 security firm Immunefi absorbing its customers and community of security researchers. The closure, confirmed via a statement on X, marks the end of a platform known for its “warden” competition model where independent researchers competed to find vulnerabilities for rewards and on-chain reputation.
Code4rena stated that all open contests and bounties will be completed and existing engagements will receive proper closure. Immunefi will help migrate protocols’ bounty scopes, reward structures, and operational rules to ensure continuity. The transition aims to keep security programs active rather than forcing projects to rebuild them from scratch. Immunefi acknowledged Code4rena’s role in shaping crypto security and pledged support for migrating researchers and protocols.
The shutdown comes less than two years after blockchain security firm Zellic acquired Code4rena in 2024, with both companies then asserting that Code4rena would continue independent operations. Earlier, in 2023, Code4rena raised $6 million from Paradigm to fund auditor incentives and platform expansion. The rapid reversal underscores tightening conditions in the DeFi audit market.
The closure intensifies concerns over DeFi security at a time when exploit incidents are surging. DefiLlama recorded more than 20 crypto exploits in April alone, the highest monthly incident count ever tracked. JPMorgan analysts recently warned that recurring exploits are limiting institutional participation, as persistent security failures erode confidence among large financial firms. While not all exploits stemmed from smart contract flaws, the trend highlights systemic challenges.
Broader DeFi market weakness compounds the pressure. Total value locked across DeFi protocols dropped from roughly $160 billion in October to about $83 billion today, according to The Block’s data dashboard. Reduced protocol activity shrinks budgets for audits and bounty programs, making specialized security platforms vulnerable. Code4rena’s exit may concentrate bug bounty activity on larger platforms like Immunefi, while making researcher retention more critical in an environment of rising exploit counts and capital outflows.
