HackerOne announces first bug hunter to earn more than $2M in bug bounties

Pierluigi Paganini December 27, 2020

White hat hacker could be a profitable profession, Cosmin Iordache earned more than $2M reporting flaws through the bug bounty program HackerOne.

Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne.

334 days ago we announced Cosmin as the 7th hacker to reach $1 million dollars in earnings. Today we celebrate his achievement to be the FIRST to reach $2 million! Please join us in congratulating @inhibitor181! 🥳#TogetherWeHitHarder pic.twitter.com/RGIKTog1mo
— HackerOne (@Hacker0x01) December 23, 2020

HackerOne announced that the bug bounty hunter Cosmin Iordache (@inhibitor181) was the first to earn more than $2,000,000 in bounty awards. According to HackerOne, in March 2019 the first hacker that become a millionaire was Santiago Lopez (19).

In august 2019, HackerOne announced that five more hackers have become millionaires thanks to their contributes to the bug bounty programs managed by the platform.

In June 2020, the platform announced that the bug bounty hacker @mayonaise is the ninth hacker to earn $1 Million hacking for good on the HackerOne platform.

The list of millionaire hackers today includes:

Santiago Lopez (@try_to_hack) from Argentina;
Cosmin Iordache (@inhibitor181) from Germany;
Mark Litchfield (@mlitchfield) from the U.K.;
Nathaniel Wakelam (@nnwakelam) from Australia;
FransRosen (@fransrosen) from Sweden;
Ron Chan (@ngalog) from Hong Kong;
Tommy DeVoss (@dawgyg) from the U.S;
Eric (@todayisnew) from Canada;
Jon Colston (@mayonaise) from the U.S;

Cosmin has already submitted 468 vulnerabilities through bug bounty programs, he reported security flaws in systems and services of prominent organizations including Verizon Media, PayPal, Dropbox, Facebook, Spotify, AT&T, TikTok, Twitter, Uber, and GitHub, The Romanian white hat hacker also reported multiple flaws to the U.S. Dept Of Defense.

“He was able to get to the 7-figure payout mark by bringing in roughly $300,000 in bounties over just 90 days.” reported Bleeping Computer.

In May, HackerOne announced that it has paid a total of $100,000,000 in rewards to bug bounty hackers as of May 26, 2020.

HackerOne is proud to announce that hackers have earned $100 Million in bug bounties by hacking for good on our platform. You made this possible! Use the hashtag #HackerOneHits100 to keep up with all of our celebrations and to share your bug bounty story. Lots more to come! 💯 pic.twitter.com/KKLKcXfrJ3
— HackerOne (@Hacker0x01) May 27, 2020

According to the HackerOne bug bounty platform, around 12% of hackers earn over $20,000 each year in bug bounties, while 1,1% will earn rewards worth over $350,000 annually and 3% over $100,000 per year.

In the last two years, seven white hat hackers earned more than $1 million.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, HackerOne)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini October 08, 2025

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

Pierluigi Paganini October 08, 2025