OpenSea pays two ethical hackers $200,000 for discovering bugs
Two ethical hackers have each received a $100,000 reward for discovering some critical bugs on OpenSea.
The duo were individually rewarded for discovering separate critical vulnerabilities in the NFT marketplace in the last ten days.
Corben Leo, a security expert and chief marketing officer at security firm Zellic, was one of the recipients. He reportedly received his $100,000 reward on Monday after using the bug bounty platform HackerOne to find a critical OpenSea vulnerability.
I'm uncomfortable tweeting stuff like this out, but...
— Corben Leo (@hacker_) September 26, 2022
I found a critical vulnerability in @opensea this weekend and reported it through @Hacker0x01.
They fixed the issue within 3 hours of reporting and I just got this notification👏🫢 pic.twitter.com/od6EFA5KSb
Speaking to The Block, Leo said that the bug could have been exploited by malicious actors to steal funds from the platform. He said:
"It was a vulnerability affecting their web services. It would've allowed an attacker to compromise OpenSea's infrastructure."
The second recipient was an anonymous Whitehat hacker called Nix, who was rewarded for reporting a critical vulnerability on 19 September. Although the bug was also flagged on the HackerOne platform, the “vulnerability report and any details around it are confidential,” said Nix.
Impressed by @opensea's commitment to security. 👏
— nix.eth (@nix_eth) September 20, 2022
I discovered a vulnerability on https://t.co/YQXXfgZBG4 and reported it through @Hacker0x01. In less than 12 hours they had triaged, reproduced, patched, and awarded me a sizable bounty! pic.twitter.com/Xgv2VGfrW5
An OpenSea representative reportedly confirmed the payments to The Block, adding that patches to the vulnerabilities have been released. “We’re pleased to see the community’s engagement with this program, and even more excited that our average response and patch times have gotten much faster since the program’s launch in October 2021,” the spokesperson said.
OpenSea is currently the largest NFT marketplace in terms of trading volume. However, the platform has experienced a number of security exploits. Earlier this year, a group of hackers made away with over $1 million worth of digital collectibles following a front-end vulnerability that allowed them to buy highly-priced NFTs far below their market value.
OpenSea offers different rewards based on the severity of the threat. For instance, a white hacker could earn up to $6,000 for reporting a “low” level smart contract bug. On the flip side, “critical” vulnerabilities can attract a prize of up to $100,000.
Check our guide of the most promising crypto
