Cosmin Iordache is the first bug bounty hunter to win more than $ 2,000,000 in reward awards through vulnerability coordination and the HackerOne bug reward program.
HackerOne says that Cosmin (also known as @ inhibitor181) was also the seventh hacker to reach $ 1 million in earnings in just two years, announced 334 days ago.
He was able to reach the 7-digit payment mark bringing in about $ 300,000 in rewards in just 90 days.
The first millionaire hacker, Argentine Santiago Lopez, 19, was announced by HackerOne in March 2019, a year after he started learning about hacking at age 16.
The switch to hunting
The Romanian bounty hunter has lived in Germany with his wife and two dogs for six years, as he told HackerOne two months ago.
His interest in hacking was piqued by a HackAttack seminar in Hamburg in mid-2016 while attending university, which led him to switch to bug bounty hunting in late 2017, while still working as a full-stack developer.
To learn the tricks of the trade, he followed the HackerOne leaderboard and read the reports released by Hacktivity.
Cosmin was crowned The Assassin (the hacker with the highest signal) at Singapore’s h1-65 live hacking event and was able to secure the same title in London at the 2019 h1-4420 live hacking event.
At the moment, he has 468 vulnerabilities submitted via bug-reward programs owned by high-profile technology companies like Verizon Media, PayPal, Dropbox, Facebook, Spotify, AT&T, TikTok, Twitter, Uber and GitHub, as well as a handful of bugs reported to the US Department of Defense.
After joining the platform in June 2016, Cosmin currently ranks 12th on the basis of all-time statistics at HackerOne.
334 days ago, we announced Cosmin as the seventh hacker to reach $ 1 million in earnings. Today we celebrate your achievement to be the FIRST to reach $ 2 million! Join us to congratulate @ inhibitor181! #TogetherWeHitHarder pic.twitter.com/RGIKTog1mo
– HackerOne (@ Hacker0x01) December 23, 2020
9th HackerOne millionaire
HackerOne claims that, so far, only 9 bug bounty hunters have won $ 1 million on the platform, with Jon Colston (aka @mayonaise) being the ninth hacker to achieve that goal after reporting more than 170 vulnerabilities in government organizations and business.
The others are Santiago Lopez (@try_to_hack) from Argentina, Cosmin Iordache (@ inhibitor181) from Germany, Mark Litchfield (@mlitchfield) from the UK, Nathaniel Wakelam (@nnwakelam) from Australia, FransRosen (@fransrosen) from Sweden, Ron Chan (@ngalog) from Hong Kong, Tommy DeVoss (@dawgyg) from the USA and Eric (@todayisnew from Canada.
The bug bounty platform announced that $ 100,000,000 in rewards were won by ethical hackers on May 26, 2020.
Since starting to help hackers report vulnerability reports for bug-bouncing programs, HackerOne hackers have found approximately 170,000 security bugs, according to the company’s CEO, Mårten Mickos.
More than 700,000 ethical hackers are now using the bug reward platform to be paid for finding and reporting security bugs in the products of almost 2,000 HackerOne customers.
12% of HackerOne hackers earn more than $ 20,000 a year from bug rewards alone, while 1.1% will earn rewards worth more than $ 350,000 annually and 3% more than $ 100,000 a year.