Over the past ten days, two ethical hackers found critical flaws in the NFT marketplace on their own. OpenSea paid them $200,000 as a reward. Each hacker was given $100,000 as a reward.
The first was given to Corben Leo, a security expert and the chief marketing officer of the security company Zellic. He said he got $100,000 on Monday for using the bug bounty website HackerOne to find a critical OpenSea vulnerability.
Leo told The Block that bad hackers could have used the critical bug to steal assets if it hadn’t been found. “It was a problem with their website services. It would have made it possible for an attacker to break into OpenSea’s system “said Leo.
Nix, another anonymous white-hat hacker, told The Block that OpenSea had also paid them $100,000 on September 19 for telling them about a different serious vulnerability. Nix didn’t give us any more information.
Nix says that the vulnerability report and any information about it are private. This bug was also reported through the HackerOne system.
A representative for OpenSea told The Block that the bounties were real and that patches for the holes had been made available. They said that the business was happy to see that the goals of HackerOne’s bounty program were being met.
The spokesperson said, “We’re pleased to see the community’s engagement with this program, and even more excited that our average response and patch times have gotten much faster since the program’s launch in October 2021.”
OpenSea is the largest NFT market on Ethereum in terms of daily volume. But the platform has had problems with its user interface and security flaws in the past, which caused user assets to be lost.
To solve these problems, OpenSea joined a program with HackerOne, a crowdfunded platform for ethical hacking that helps businesses find and fix fundamental vulnerabilities before they can be used against them.
As part of the program, OpenSea has different levels of rewards based on how dangerous the threat is. For example, a “critical” smart contract bug can earn a whitehat up to $100,000, while a “low” level bug can earn a whitehat up to $6,000. This is the exact amount that was given in both cases. The bug bounty program for OpenSea is still running on HackerOne.