Decentralized stablecoin protocol Usual has partnered with blockchain security company Sherlock to launch a groundbreaking bug bounty program.
The program offers $16 million for uncovering critical vulnerabilities anywhere in Usual’s codebase.
A $16M Bug Bounty, Largest In Tech History
This record-breaking prize is the largest bounty reward in technology history.
The initiative reflects both companies’ strong commitment to security and trust in decentralized finance. It aims to protect over $880 million in total value locked and reinforce investor confidence.
Partnership Announcement
Usual and Sherlock have joined forces to strengthen the security of digital financial systems. They described their collaboration as a powerful statement of commitment to robust protocol safety.
Their program surpasses previous prizes from Uniswap, LayerZero Labs, and Wormhole in the crypto industry. This strategic partnership highlights a shared vision for a safer, more resilient blockchain ecosystem.
Both parties are dedicated to identifying vulnerabilities before they can be exploited by malicious actors.
Bug Bounty Program Details
Only vulnerabilities deemed critical will qualify for the $16 million top payout in the new program. All reports must be submitted directly to the Usual bug bounty page on Sherlock’s platform.
Sherlock defines a valid bug as one that causes significant fund losses without any external conditions. Alternatively, a report qualifies if it shows significant fund freezing for more than one year without external conditions. This decisive measure aims to secure the protocol and deter potential security breaches.
Also Read: Sonic Labs And Immunefi Partner Ups To Launch A $2 Million Bug Bounty Program
Understanding Bounty Rewards in Crypto
In the crypto industry, bounty rewards are monetary incentives provided to researchers who discover security flaws. These rewards encourage ethical hackers to find vulnerabilities before cybercriminals can exploit them.
Bug bounty programs create a collaborative security environment between blockchain projects and independent experts. They help projects identify and fix critical issues in their code before they lead to losses.
Payouts are determined by the severity of the vulnerability, fostering accountability and continuous improvement in digital security.
Protocol Audits and Recent Updates
The Usual codebase has undergone twenty previous audits by reputable security firms. A recent Sherlock audit contest offered a prize pool of $209,000 to incentivize the discovery of weaknesses.
However, the team confirmed that no medium-level or higher vulnerabilities were identified during that contest. In January 2025, Usual unveiled a major update to its USD0++ protocol that introduced dual exit mechanisms.
These changes are designed to improve the token’s long-term sustainability and align it with a bond-like financial instrument vision. This update is part of a broader strategy to secure the stablecoin with real-world revenue backing.
Sherlock’s Commitment and Industry Trust
Sherlock’s CEO Jack Sanford, expressed pride in hosting this historic bug bounty program. He stated that Usual’s rigorous approach to security reinforces trust across the ecosystem.
Sherlock continues to lead in blockchain security by offering attractive and innovative reward programs. Their partnership with Usual represents a new era of proactive security measures in decentralized finance. Both companies share a mutual dedication to advancing DeFi with integrity and transparency.
Also Read: ZkLend Suffers $10M Hack, Offers Attacker 10% Bounty For Fund Return Amid Ongoing Crypto Hacks