Alejandro Munoz-McDonald
Alejandro Muñoz-McDonald is a Senior Security Researcher and Smart Contract Lead Triager at Immunefi, with over eight years of experience in Web3 security. He joined Immunefi in January 2022 as one of the earliest members of the company’s 24/7 triage team.
Immunefi has facilitated more responsible disclosures than any other organization in the crypto ecosystem. In his role, Alejandro has personally handled thousands of vulnerability reports and has been directly involved in hundreds of critical incident response events across DeFi, bridges, and core blockchain infrastructure. This hands-on exposure to real-world exploits, near-misses, and complex attack paths has given him a rare, practical perspective on where crypto systems fail in practice.
Session
In 2025 alone, Immunefi paid out close to $11,000,000 in bug bounties for critical crypto vulnerabilities. preventing exploits that could have resulted in hundreds of millions of dollars in losses.
This talk breaks down a few of the highest-impact bounty payouts of 2025, focusing on what actually drove seven-figure and high six-figure rewards. We’ll examine specific vulnerabilities, system designs, and attacker mindsets behind the most severe findings, and explain why these specific bugs justified such large payouts.
This session is grounded in specific cases in 2025 across DeFi, bridges, L2s, and core infrastructure. Attendees will gain a practical understanding of where the highest paying security risks surfaced in 2025, and what both researchers and protocol teams should prioritize going forward.