In the last ten days, OpenSea has awarded $200,000 in bounty incentives to two hackers who found distinct major flaws in the NFT marketplace. Each hacker received a $100,000 bounty.
Corben Leo, a security specialist, and chief marketing officer of security firm Zellic, got $100,000 on Monday for discovering a serious OpenSea vulnerability through the bug bounty portal HackerOne, according to The Block.
“It was a vulnerability affecting their web services. It would’ve allowed an attacker to compromise OpenSea’s infrastructure.”
Another anonymous white hat hacker, Nix, informed that OpenSea awarded them $100,000 for exposing another significant vulnerability on September 19. This bug was also flagged on the HackerOne platform. Nix said that the vulnerability report and any details around it were confidential.
A representative for OpenSea verified that the rewards were legitimate, and that fixes for the vulnerabilities had been released. They stated that the company was pleased to see the reward program with HackerOne operating as expected. The spokesperson said:
“We’re pleased to see the community’s engagement with this program, and even more excited that our average response and patch times have gotten much faster since the program’s launch in October 2021.”
In terms of daily volume, OpenSea is the largest NFT marketplace on Ethereum. However, the platform has historically had interface difficulties and security flaws, resulting in the loss of user assets. To address these concerns, OpenSea partnered with HackerOne, a crowdfunded ethical hacking platform meant to assist businesses in discovering and fixing basic vulnerabilities before they can be exploited.
As part of the initiative, the NFT marketplace provides bounty awards in tiers based on the severity of the danger. A white hat can earn up to $6,000 for a “low” level smart contract defect, while a “critical” one can earn up to $100,000, which is the sum rewarded in the two incidents above. The OpenSea bug bounty program is still active.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu