OpenSea gives a prize of $200,000 to two ethical hackers
OpenSea has rewarded two ethical hackers $200,000 in bounties for discovering different significant vulnerabilities in the NFT marketplace within the last 10 days. Each hacker was compensated with $100,000.
Corben Leo, a security specialist and chief marketing officer of the security company Zellic, claimed he won $100,000 on Monday for discovering a serious OpenSea vulnerability via the bug bounty portal HackerOne.
The significant flaw might have been used by malevolent hackers to steal assets, Leo told The Block, had it not been discovered. “It was a security flaw that affected their online services. It would have let an attacker to breach the infrastructure of OpenSea “he stated.
Nix, a second anonymous whitehat hacker, informed The Block that OpenSea also awarded them $100,000 on September 19 for identifying another significant vulnerability, however, Nix did not disclose any other information.
“The vulnerability report and all surrounding facts are secret,” stated Nix. This vulnerability was also reported through the HackerOne network.
A representative for OpenSea verified to The Block that these incentives were legitimate and that fixes for the vulnerabilities in question had been released. They expressed satisfaction that the reward program with HackerOne was operating as expected.
Since the program’s introduction in October 2021, typical response and patch times have decreased significantly.
OpenSea is the biggest NFT exchange on Ethereum based on daily trading volume. However, the platform has historically had user interface difficulties and security flaws that led to the loss of user assets.
To address these challenges, OpenSea enrolled in a program with HackerOne, a crowdfunded ethical hacking platform aimed to assist businesses in identifying and fixing fundamental vulnerabilities prior to their exploitation.
As part of the initiative, OpenSea provides tiered bounties based on the severity of the danger. For example, a “low” level smart contract defect may result in a reward of up to $6,000, but a “critical” level fault can result in a reward of up to $100,000 — the identical amount granted in both situations.