Hacker Earns $2 Million In Bug Bounties On HackerOne

Cosmin Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne.

HackerOne says that Cosmin (aka @inhibitor181) was also the 7th hacker to reach $1 million in earnings in just two years, as announced 334 days ago.

He was able to get to the 7-figure payout mark by bringing in roughly $300,000 in bounties over just 90 days. 

The first millionaire hacker, 19-year-old Argentinian Santiago Lopez, was announced by HackerOne in March 2019, one year after he started to learn about hacking as a 16-year-old.

The switch to hunting

The Romanian bounty hunter has been living in Germany with his wife and two dogs for the past six years as he told HackerOne two months ago.

His interest in hacking was stirred up by a HackAttack seminar in Hamburg in mid-2016 while attending University, which led to him switching to bug bounty hunting in late 2017 while still working as a full-stack developer.

To learn the tricks of the trade, he followed HackerOne’s leaderboard and read Hacktivity disclosed reports.

Cosmin was crowned as The Assassin (the hacker with the highest signal) at the Singapore h1-65 live hacking event and was able to secure the same title in London at the 2019 h1-4420 live hacking event.

At the moment, he has 468 vulnerabilities submitted through bug bounty programs belonging to high-profile tech firms like Verizon Media, PayPal, Dropbox, Facebook, Spotify,  AT&T, TikTok, Twitter, Uber, and GitHub, as well as a handful of bugs reported to the U.S. Dept Of Defense.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

After joining the platform in June 2016, Cosmin currently ranks 12th based on all-time stats on HackerOne.

334 days ago we announced Cosmin as the 7th hacker to reach $1 million dollars in earnings. Today we celebrate his achievement to be the FIRST to reach $2 million! Please join us in congratulating @inhibitor181! 🥳#TogetherWeHitHarder pic.twitter.com/RGIKTog1mo

— HackerOne (@Hacker0x01) December 23, 2020

9th HackerOne millionaire

HackerOne says that, so far, only 9 bug bounty hunters have earned $1 million on the platform, with Jon Colston (aka @mayonaise) being the ninth hacker to reach this goal after reporting over 170 vulnerabilities in government and enterprise organizations.

The other ones are Santiago Lopez (@try_to_hack) from Argentina, Cosmin Iordache (@inhibitor181) from Germany, Mark Litchfield (​@mlitchfield​) from the U.K., Nathaniel Wakelam (​@nnwakelam​) from Australia, FransRosen (​@fransrosen​) from Sweden, Ron Chan (​@ngalog​) from Hong Kong, Tommy DeVoss (​@dawgyg​) from the U.S, and Eric (@todayisnew from Canada.

The bug bounty platform announced that $100,000,000 in rewards were earned by ethical hackers as of May 26, 2020.

Since they started helping hackers report vulnerability reports to bug bounty programs, HackerOne hackers have found approximately 170,000 security bugs according to the company’s CEO Mårten Mickos.

More than 700,000 ethical hackers are now using the bug bounty platform to get paid for finding and reporting security bugs in the products of almost 2,000 HackerOne customers.

Also Read: Letter of Consent MOM: Getting the Details Right

12% of HackerOne hackers make over $20,000 each year only from bug bounties, while 1,1% will earn rewards worth over $350,000 annually and 3% over $100,000 per year.