Meet Six Hacker Millionaires: The HackerOne group

RapidVPN/ April 9, 2020/ Blog/

Bug bounty platform HackerOne that six hackers have become millionaires after participating in the bug bounty programs managed by the platform. 

The first white hat hacker that was able to earn over $1 million through HackerOne programs was Santiago Lopez from Argentina. He is a 19-year-old hacker who goes online with the moniker ‘@try_to_hack’ and is a member of the HackerOne platform from 2015. This young hacker has already discovered thousands of vulnerabilities through the platform, some of them including Twitter and Verizon Media services.

The second white-hat hacker who made earning over $1 million is Mark Litchfield, who goes online with the moniker ‘mlitchfield’. He discovered hundreds of vulnerabilities in the big software firms, including Dropbox, Starbucks, Shopify, Rockstar Games, etc.

The two of them have other company now, including Nathaniel Wakelam from Australia, Frans Rosen from Sweden, Ron Chan from Hong Kong, and Tommy DeVoss from the U.S. All of them have joined the $1 million hacker ranks by hacking for improved internet security.

Now, HackerOne club has six researchers that have earned over $1 million in bounties.

Last year, HackerOne has made known this information as part of the 2019 Hacker-Powered Security Report. The company said that more than $62 million in bounties were earned by these hackers in more over than 150 countries.

In order for one to understand the importance of this bug bounty program, it is enough for a fact that more than six of the ten top banks in North America are currently working with HackerOne, to be known.

The announcement says that almost every five minutes, a hacker reports a vulnerability. And furthermore, every 60 seconds, a hacker partners with an organization on HackerOne. In total, it is more than 1,000 interactions per day with hackers and governments and companies and all of them work in unity towards a safer internet.

The report further continues that 25% of all resolved vulnerabilities were classified either as high to critical severity in the past year, and it caused an increase in the bounty payments. In the past year, security researchers that reported vulnerabilities through HackerOne platform earned in total $21 million, representing an increase of $10 million over the previous year.

The first white hat hackers that joined HackerOne was Santiago Lopez from Buenos Aires. In February last year, he officially became the first-ever bug-bounty millionaire. He told the press that he got into hacking at the age of 15, and even earned his first bug bounty at 16. He made $50. His life changed after he signed the deal with HackerOne.

He says: “I realized how much money I could make through ethical hacking. The platform opened me up to leading organizations that pay very well for vulnerabilities, so I had an opportunity to make a lot of money and to make a career out of bounty hunting. I generally spend about six or seven hours a day hacking, so it’s almost like a full-time job. When you find the bug it’s the best feeling in the world. I will always want to hack as I enjoy the challenge so much, but I would like to go to university or college at some point and start studying. After that, I would like to start my own company within the security space. Hacking will always be a big part of my life.”

On the other hand, Australian-born Nathaniel Wakelam is 24 and is the chief information security officer at a security consultancy. He is most recently settled in Thailand. Same like Lopez, he got into hacking as a teenager, spending most of his time hacking a video game in order to give himself an unfair advantage. He first turned to hacking as a money-earner as a cash-strapped student. At that time Yahoo had created their bug bounty program and he managed to earn $60,000 in bug bounties and so decided to do it full time. Nowadays, Wakelam works with Riot Games, which is a game studio behind the extremely popular game “League of Legends”, and Verizon. Like Lopez, Wakelam says he can’t imagine his future without hacking.

HackerOne CEO Marten Mickos says that as long as there are software vulnerabilities, there will be millionaire hackers. He further states that “…to think of the hundreds of millions saved by fixing vulnerabilities and preventing breaches.”

At the heart of HackerOne were three fundamental tenets that the company believed would come true:

  1. Ignoring hackers will be viewed as negligence.
  2. Security will be collaborative.
  3. Transparency will breed trust.

This community wasn’t submitting pull requests to collaborate on code, but rather has been working together to uncover and suggest fixes for security bugs. Lots and lots of bugs. Up till this date, HackerOne has paid out $65 million in bounties. The company’s hacker community has reported more than 7.000 security vulnerabilities. And as impressive as HackerOne’s current statistics may be, for every security vulnerability its community finds, there are thousands more to go undetected. With an open-source, the point for the companies is to figure out how to deal with a world filled with software bugs. In order for the companies to differentiate themselves through software innovation, the hacker communities like HackerOne will be required to ensure the security of that software. So, expect many millionaire hackers.