Security researchers have always created enormous value for the internet. They find the bugs, document the malware, trace the stolen funds, and warn the community. Historically, the compensation has been uneven at best. Many researchers give away threat intelligence for free while platforms and vendors monetize it.
ThreatChain changes this equation. Every validated threat submission earns $ for the researcher who submitted it. Every validation earns tokens for the validator who confirmed it. The economics are designed so that the people who do the work capture the value they create.
This guide explains exactly how the token works, what you earn for each type of contribution, and how to build a sustainable income from security research.
What Is the $THREAT Token?
$THREAT is the utility and reward token of the ThreatChain platform. It serves three purposes:
- Reward - Researchers earn $THREAT for submitting valid threat intelligence (malware hashes, scam wallets, exploit data)
- Staking - Validators stake $THREAT to participate in the validation process and earn additional rewards
- Governance - Token holders vote on platform parameters, reward amounts, and protocol upgrades
The token is earned through work, not purchased. While $THREAT can be traded on decentralized exchanges, the primary way to acquire it is by contributing valuable threat intelligence to the platform. This means the token distribution naturally concentrates among active security researchers rather than speculators.
How the Token Economics Work
ThreatChain mints new $ as rewards for valid submissions and validations. The emission rate is governed by the community through governance votes. To prevent inflation from eroding value, several mechanisms are in place:
- Validator staking locks tokens, reducing circulating supply
- API access fees (paid by enterprises querying the database) create buy pressure
- Spam penalties burn tokens from accounts that submit false or low-quality threats, disincentivizing abuse
Reward Structure: How Much You Earn
Rewards vary based on the type and quality of threat intelligence submitted. Here is the current reward structure:
| Submission Type | Reward | Description |
|---|---|---|
| Malware Hash | 10 THREAT | SHA-256 hash of a confirmed malicious file with classification and evidence |
| Exploit Signature | 50 THREAT | Smart contract exploit bytecode, attack transaction hash, or exploit PoC with analysis |
| Scam Wallet | 5 THREAT | Confirmed scam, phishing, or rug pull wallet address with evidence of malicious activity |
| Phishing URL | 5 THREAT | Active phishing domain targeting crypto users with screenshot evidence |
| Threat Campaign | 100 THREAT | Comprehensive report linking multiple indicators to a coordinated campaign (requires 5+ related IOCs) |
| Validation | 2 THREAT | Confirming or disputing another researcher's submission (validators only) |
Quality bonuses: Submissions that include detailed analysis, multiple correlated indicators, or novel threat types can receive bonus rewards determined by validators. A well-documented exploit analysis with victim impact assessment and related wallet mapping typically earns 2-3x the base reward.
Penalties: False or duplicate submissions result in a penalty of 5 THREAT per infraction, deducted from your balance. Repeat offenders face account throttling. This system incentivizes quality over volume.
Step by Step: Submitting Threats for Rewards
Here is exactly how to submit your first threat and earn $:
Connect Your Wallet
Go to threatchain.io and click "Connect Wallet" in the navigation bar. ThreatChain supports MetaMask, WalletConnect, Coinbase Wallet, and Rabby. Your wallet address becomes your researcher identity on the platform.
Navigate to Submit
Click "Submit" in the navigation bar or go directly to threatchain.io/submit. You will see a form with fields for each type of threat submission.
Select Threat Type
Choose the type of threat you are reporting: Malware Hash, Exploit, Scam Wallet, Phishing URL, or Campaign Report. Each type has specific required fields.
Provide the Indicator
Enter the core indicator. For a malware hash, paste the SHA-256. For a scam wallet, paste the address (checksummed for EVM chains). For an exploit, provide the transaction hash and contract address.
Add Evidence and Classification
Describe the threat. Select the classification (ransomware, trojan, phishing, rug pull, etc.). Provide evidence: sandbox report links, block explorer transaction links, screenshots, or analysis. The more evidence you provide, the faster validators can confirm your submission and the higher your quality bonus.
Submit and Sign
Click Submit. Your wallet will prompt you to sign the transaction. This records your submission on-chain with a timestamp and your researcher address. Once the transaction confirms, your submission enters the validation queue.
Wait for Validation
Validators review your submission. Most submissions are validated within 24 hours. Once a threshold of validators confirm your submission, the threat becomes "verified" and your $THREAT reward is automatically distributed to your connected wallet.
How to Become a Validator
Validators are experienced researchers who review and confirm other people's submissions. Being a validator is a way to earn consistent, ongoing income while contributing to the platform's data quality.
Requirements
- Stake 10,000 $THREAT - This stake demonstrates your commitment and is at risk if you validate poorly
- Minimum 50 accepted submissions - You need a track record of quality contributions before you can validate others
- Pass the validator quiz - A short assessment covering threat classification, evidence evaluation, and platform policies
How Validation Works
- You receive a queue of pending submissions to review
- For each submission, you examine the evidence, verify the indicator independently (check the hash on other databases, trace the wallet on block explorers, etc.), and cast a vote: Confirm, Dispute, or Insufficient Evidence
- Each validation earns you 2 THREAT
- If your validations consistently disagree with the final consensus, your reputation score decreases and your stake can be partially slashed
Validator Economics
Let us do the math. If you validate 50 submissions per day (realistic for an experienced researcher spending 2-3 hours), you earn 100 THREAT per day. That is 3,000 THREAT per month from validation alone, on top of whatever you earn from your own submissions.
The most active validators on ThreatChain earn from both validation and submissions. A typical active validator-researcher submits 5-10 threats per day and validates 30-50 submissions, earning 150-250 THREAT daily.
Strategies to Maximize Your Earnings
Focus on Exploits
At 50 THREAT per submission, exploits are the highest-value individual submissions. When a new DeFi hack occurs, being among the first to submit the exploit transaction hash, attacker addresses, and analysis earns the full reward. Set up monitoring for unusual large transfers on chains you cover, and you will often be first to document new exploits.
Submit Campaign Reports
Campaign reports earn 100 THREAT and often receive quality bonuses. Instead of submitting five individual scam wallets at 5 THREAT each (25 total), link them together as a coordinated campaign with evidence of how they are connected. The same data earns 4x more when properly contextualized.
Monitor Emerging Chains
New L2s and alt-L1s have less coverage. Scams and exploits on newer chains are less likely to have already been submitted. If you develop expertise in monitoring a specific chain early, you face less competition for submissions.
Build Tooling
Write scripts that monitor mempool activity, new contract deployments, and large fund movements. Automated monitoring lets you detect and submit threats faster than manual researchers. The first valid submission for a new threat gets the full reward; duplicates get nothing.
Specialize in High-Value Categories
Some threat categories consistently earn quality bonuses because they require deeper analysis:
- Zero-day exploit analysis with root cause and affected contract identification
- Cross-chain attack tracing that maps fund movements across bridges
- APT (Advanced Persistent Threat) campaigns linking multiple indicators to state-sponsored groups
- Novel attack techniques not yet classified in existing taxonomies
ThreatChain vs Bug Bounties: How They Compare
If you are already doing security research, you might be earning through bug bounty platforms like Immunefi, HackerOne, or Bugcrowd. Here is how ThreatChain compares and why the two are complementary rather than competitive:
| Aspect | Bug Bounties | ThreatChain |
|---|---|---|
| What you find | Vulnerabilities in code before exploitation | Threats in the wild after they appear |
| Reward per finding | $500 - $10,000,000 (highly variable) | 5 - 100+ THREAT per submission (consistent) |
| Time to payout | Weeks to months (triage + fix + bounty) | 24-48 hours (validation period) |
| Competition | High (many hunters, one winner) | Lower (first valid submission wins) |
| Skills needed | Code auditing, exploit development | Threat analysis, OSINT, blockchain tracing |
| Income consistency | Feast or famine | Daily earnings from regular submissions |
| Duplicate risk | High (same bug found by multiple hunters) | Lower (threats have unique on-chain evidence) |
Key insight: Bug bounties offer high upside but inconsistent income. You might spend weeks auditing a protocol and find nothing. ThreatChain offers lower per-submission rewards but much more consistent daily earnings. The smart approach is to use both.
Building a Full Security Research Income
The most successful security researchers in 2026 combine multiple income streams. Here is a practical income stack:
Layer 1: ThreatChain Submissions (Daily Base Income)
Submit 5-10 threats per day for 50-500+ THREAT daily. This is your consistent base. Set up monitoring scripts, review new exploits, trace scam wallets, and submit findings as your morning routine.
Layer 2: ThreatChain Validation (Staking Income)
Once you have accumulated 10,000 THREAT and have 50+ accepted submissions, become a validator. Validate 30-50 submissions per day for an additional 60-100 THREAT. This takes 2-3 hours and can be done alongside your own research.
Layer 3: Bug Bounties (High-Upside Hunting)
Spend dedicated blocks of time on protocol auditing through Immunefi, HackerOne, or Code4rena. A single critical finding can pay $10,000-$1,000,000+. The threat intelligence skills you develop on ThreatChain directly improve your bug bounty research: understanding how real attacks work makes you better at finding pre-exploitation vulnerabilities.
Layer 4: Consulting and Reports
As your ThreatChain profile builds a track record of high-quality submissions, protocol teams and security firms will notice. Many active ThreatChain researchers receive consulting offers from protocols wanting threat monitoring, incident response, or security assessments.
Real Example: A Week in the Life
Monday-Friday mornings: Review overnight exploit alerts, submit 3-5 new threat indicators to ThreatChain. Validate 20 pending submissions. Daily ThreatChain earnings: ~120 THREAT.
Monday-Wednesday afternoons: Deep audit of a lending protocol on Immunefi. Found one medium-severity issue on Wednesday. Potential bounty: $5,000-$15,000.
Thursday-Friday afternoons: Write up a campaign report linking 8 scam wallets to a single phishing operation. Submit as campaign report. Earned 100 THREAT + quality bonus. Also submitted the individual wallets that were not yet in the database for an additional 40 THREAT.
Weekend: Passive monitoring. Scripts flag 2 new exploits overnight. Submit both on Saturday morning. 100 THREAT earned in 30 minutes of work.
This is a realistic week for a part-time researcher. Full-time researchers with deep expertise in specific chains or attack types earn significantly more.
Conclusion
The barrier to earning crypto through security research has never been lower. You do not need to find a million-dollar bug. You do not need a corporate security job. You need to be observant, methodical, and willing to document what you find.
Every scam wallet you identify and report protects someone from losing their savings. Every malware hash you submit helps someone verify a suspicious file. Every exploit you document helps protocols understand and prevent future attacks. And every one of these contributions earns you $.
Start today. Connect your wallet, submit your first threat, and begin building an on-chain track record as a security researcher. The community needs your eyes, and now there is real compensation for your work.
Start Earning $THREAT Today
Connect your wallet and submit your first threat. Earn tokens for protecting the community with decentralized intelligence.
Submit Your First Threat