An ethical hacker from Romania has become the first person to earn $2m in bug bounties through the bounty hunting platform HackerOne.
Talented hacker Cosmin Lordache, also known by his HackerOne handle @inhibitor181, hit his first significant earning milestone almost a year ago when he became the seventh person to pass the million-dollar earning milestone by reporting 468 flaws through the bug bounty hunting platform.
Today, HackerOne announced on the social media platform Twitter that Lordache’s all-time earnings had reached the $2m mark.
The company said: “334 days ago we announced Lordache as the 7th hacker to reach $1 million dollars in earnings. Today we celebrate his achievement to be the FIRST to reach $2 million! Please join us in congratulating @inhibitor181!”
Lordache, who is 30 and now lives in Germany with his wife and two dogs, started hunting for bug bounties just three years ago while working as a full-stack developer. Since taking up bug bounty hunting, he has been crowned The Assassin at both the h1-65 live hacking event in Singapore and last year’s h1-4420 live hacking event in London.
Santiago Lopez, whose hacker handle is @try_to_hack, was just 19 when he became the first bug bounty millionaire. Today, his name is joined by eight others on the bug bounty millionaire list.
Australian Nathaniel Wakelam, known to the hacking community as @nnwakelam, is the second-highest bug bounty earner behind Lordache. To date, Wakelam has earned $1.8m, making him just $200k shy of his next major money milestone.
Demonstrating excellent sportsmanship, Wakelam shared Twitter’s post regarding Lordache’s achievement along with the comment “Beat me by $200k. Congratulations to @inhibitor181!”
The Aussie even encouraged his bug bounty hunting rival to keep up the good work, adding: “See you at 3M.”
In 2019, HackerOne reportedly paid out approximately $40m in bug bounties, with most hackers earning under $20k per year from detecting and reporting bugs. So far, the platform has paid ethical hackers in over 170 different counties a total of $82m.
The platform currently has more than six million bug bounty hunters—a figure that has nearly doubled over the past 12 months—and hosts bug bounty hunting programs for more than 1,700 government agencies and companies.