HackerOne Paid $500k in Bug Bounties at DEF CON

Written by

Celebrating the success of this year’s live hacking event, HackerOne (H1) recently announced that more than $500,000 was paid in bounties during the third annual h1-702 at DEF CON 26 in Las Vegas last month.

More than 75 hackers from over 20 countries hacked five targets (including the United States Marine Corps) over the course of five days. Introduced back in August 2016 by a small group of HackerOne staff members hosting a contest over three days and nights, the live hacking event has blossomed into H1-702 2018, a five-night event that earned hackers half a million dollars combined. Additionally, hackers received a custom swag buffet for each night, which included 15,000 items.

Over the course of the five days, hackers filed 915 vulnerability reports, 66% of which were deemed valid. “Of the 607 valid reports, nearly 200 were marked as high or critical in severity. Customers cumulatively paid out $539,712 in bounties for one of the the greatest bounty weeks in HackerOne history,” the organization wrote in today’s blog post.

Different hackers were honored each night with an award, the recipient of which was chosen by customers and HackerOne staff. Each of those top hackers was to be deemed “The Vigilante” of the evening. Four overall awards were handed out on the final evening, bestowing the titles of “The Exalted,” “The Assassin,” “The Exterminator” and “The Most Valuable Hacker,” to the top four hackers.

Hosted at the W Hotel, the event included a hacker village complete with 80in. TV screens and a wet deck with hacker-equipped cabanas. To ensure hackers had the means to share their experiences on their social media channels, H1 hosted a Facebook page, where users shared an array of images, including the funky chandeliers that bedazzled the wet deck.

As part of this year’s event, HackerOne also welcomed 50 members of the Women in Security and Privacy group on Friday, August 10. One highlight of the evening was the shared insight from Jesse Kinser (@randomdeduction), who talked about her experience as a hacker, as well as her take on the best tools and programs to hack on.

What’s hot on Infosecurity Magazine?