NFT marketplace OpenSea offers two ethical hackers a $200,000 prize

SNEAK PEEK

  • OpenSea paid two ethical hackers a $200,000 bounty for discovering critical flaws in the NFT marketplace on their own during the previous ten days.
  • Corben Leo, a security expert, and the chief marketing officer of the security firm Zellic, received the first one.
  • More than $1.65 million has been spent on bounties so far, of which $475,000 has been distributed in the previous 90 days, according to data.

Two ethical hackers who independently found key vulnerabilities in the NFT marketplace during the past 10 days received $200,000 in bounty payments from OpenSea. Every single hacker received a prize of $100,000.

The first was given to Corben Leo, a security specialist, and the chief marketing officer of the security company Zellic, who claimed to have gotten $100,000 on Monday for having used the bug bounty website HackerOne to find a severe OpenSea vulnerability.

Leo explained that if the serious problem hadn’t been discovered, it might have been used by malevolent hackers to steal assets. “It was a flaw that their web services were subject to. It would have let an attacker penetrate the system of OpenSea, “he added.

According to HackerOne, $500 is usually rewarded for a low-risk bug; this amount rises to $6,000 for a medium issue, $20,000 for a high-risk one, and $100,000 for a bug that is crucial to OpenSea.io.

According to data, more than $1.65 million has reportedly been spent on bounties so far, of which $475,000 has been given out in the last 90 days. White hat hacking has rigorous guidelines because a hacker’s tests cannot in any way impact how a business operates. Attacks using social engineering (like phishing) are likewise forbidden.

Another anonymous white hat hacker named Nix informed that OpenSea had also given them $100,000 for disclosing a different significant vulnerability on September 19. Nix withheld all additional details.

According to Nix, the vulnerability report and all information associated with it are private. Additionally, the HackerOne system was found to have the same issue.

The Block was informed by an OpenSea representative that the bounty was valid and that the appropriate fixes for the vulnerabilities had been made available. They stated that the company was happy to learn that HackerOne’s reward program was succeeding in its goals.