Cosmin Lordache is the first bug bounty hunter to earn more than $2 million in bug bounty awards through the vulnerability coordination and bug bounty program HackerOne.
Cosmin (aka @inhibitor181) was also the 7th hacker to earn $1 million in just two years, as announced 334 days ago. He managed to get the payout by bringing in roughly $300,000 in bounties over just 90 days.
The Romanian bug bounty hunter who has been living in Germany for the past six years got interested in hacking due to a HackAttack seminar in Hamburg in mid-2016 while attending University. He then switched to bug bounty hunting in late 2017 while still working as a full-stack developer.
He followed HackerOne’s leaderboard and read Hacktivity disclosed reports.
Cosmin was crowned as The Assassin (the hacker with the highest signal) at the Singapore h1-65 live hacking event and also received the same title in London at the 2019 h1-4420 live hacking event.
As of now he has submitted 468 vulnerabilities through bug bounty programs belonging to high-profile tech firms like Verizon Media, PayPal, Dropbox, Facebook, Spotify, AT&T, TikTok, Twitter, Uber, and GitHub, as well as a handful of bugs reported to the U.S. Dept Of Defense.
Cosmin joined the platform in June 2016, and currently ranks 12th based on all-time stats on HackerOne.
HackerOne says that, so far, only 9 bug bounty hunters have earned $1 million on the platform. They announced that as of May 26, 2020, around $100,000,000 in rewards were earned by ethical hackers.
As hackers are reporting vulnerability to bug bounty programs, HackerOne hackers have found around 170,000 security bugs.
Over 700,000 ethical hackers are now using the bug bounty platform to get paid for finding and reporting security bugs in the products of almost 2,000 HackerOne customers.