Two ethical hackers have each received a $100,000 reward for discovering some critical bugs on OpenSea.
The duo were individually rewarded for discovering separate critical vulnerabilities in the NFT marketplace in the last ten days.
Corben Leo, a security expert and chief marketing officer at security firm Zellic, was one of the recipients. He reportedly received his $100,000 reward on Monday after using the bug bounty platform HackerOne to find a critical OpenSea vulnerability.
Speaking to The Block, Leo said that the bug could have been exploited by malicious actors to steal funds from the platform. He said:
"It was a vulnerability affecting their web services. It would've allowed an attacker to compromise OpenSea's infrastructure."
The second recipient was an anonymous Whitehat hacker called Nix, who was rewarded for reporting a critical vulnerability on 19 September. Although the bug was also flagged on the HackerOne platform, the “vulnerability report and any details around it are confidential,” said Nix.
An OpenSea representative reportedly confirmed the payments to The Block, adding that patches to the vulnerabilities have been released. “We’re pleased to see the community’s engagement with this program, and even more excited that our average response and patch times have gotten much faster since the program’s launch in October 2021,” the spokesperson said.
OpenSea is currently the largest NFT marketplace in terms of trading volume. However, the platform has experienced a number of security exploits. Earlier this year, a group of hackers made away with over $1 million worth of digital collectibles following a front-end vulnerability that allowed them to buy highly-priced NFTs far below their market value.
OpenSea offers different rewards based on the severity of the threat. For instance, a white hacker could earn up to $6,000 for reporting a “low” level smart contract bug. On the flip side, “critical” vulnerabilities can attract a prize of up to $100,000.