Business

Hacker earns $2 million in bug bounties on HackerOne

Published

on

Cosmin Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne.

HackerOne says that Cosmin (aka @inhibitor181) was also the 7th hacker to reach $1 million in earnings in just two years, as announced 334 days ago.

He was able to get to the 7-figure payout mark by bringing in roughly $300,000 in bounties over just 90 days.

The first millionaire hacker, 19-year-old Argentinian Santiago Lopez, was announced by HackerOne in March 2019, one year after he started to learn about hacking as a 16-year-old.

The switch to hunting
The Romanian bounty hunter has been living in Germany with his wife and two dogs for the past six years as he told HackerOne two months ago.

His interest in hacking was stirred up by a HackAttack seminar in Hamburg in mid-2016 while attending University, which led to him switching to bug bounty hunting in late 2017 while still working as a full-stack developer.

To learn the tricks of the trade, he followed HackerOne’s leaderboard and read Hacktivity disclosed reports.

Cosmin was crowned as The Assassin (the hacker with the highest signal) at the Singapore h1-65 live hacking event and was able to secure the same title in London at the 2019 h1-4420 live hacking event.

At the moment, he has 468 vulnerabilities submitted through bug bounty programs belonging to high-profile tech firms like Verizon Media, PayPal, Dropbox, Facebook, Spotify, AT&T, TikTok, Twitter, Uber, and GitHub, as well as a handful of bugs reported to the U.S. Dept Of Defense.

After joining the platform in June 2016, Cosmin currently ranks 12th based on all-time stats on HackerOne.

9th HackerOne millionaire

HackerOne says that, so far, only 9 bug bounty hunters have earned $1 million on the platform, with Jon Colston (aka @mayonaise) being the ninth hacker to reach this goal after reporting over 170 vulnerabilities in government and enterprise organizations.

The other ones are Santiago Lopez (@try_to_hack) from Argentina, Cosmin Iordache (@inhibitor181) from Germany, Mark Litchfield (​@mlitchfield​) from the U.K., Nathaniel Wakelam (​@nnwakelam​) from Australia, FransRosen (​@fransrosen​) from Sweden, Ron Chan (​@ngalog​) from Hong Kong, Tommy DeVoss (​@dawgyg​) from the U.S, and Eric (@todayisnew from Canada.

The bug bounty platform announced that $100,000,000 in rewards were earned by ethical hackers as of May 26, 2020.

Source: HackerOne

Since they started helping hackers report vulnerability reports to bug bounty programs, HackerOne hackers have found approximately 170,000 security bugs according to the company’s CEO Mårten Mickos.

More than 700,000 ethical hackers are now using the bug bounty platform to get paid for finding and reporting security bugs in the products of almost 2,000 HackerOne customers.

12% of HackerOne hackers make over $20,000 each year only from bug bounties, while 1,1% will earn rewards worth over $350,000 annually and 3% over $100,000 per year.

Source: https://www.bleepingcomputer.com/news/security/hacker-earns-2-million-in-bug-bounties-on-hackerone/?&web_view=true

Click to comment
Exit mobile version