Ukrainian hackers and security researchers say bug bounty platform HackerOne is retaining their bug bounty rewards and refusing to let hackers withdraw their earnings.
Several hackers and researchers with affected HackerOne accounts tweeted that HackerOne is blocking payouts, citing economic sanctions and export controls following the Russian invasion of Ukraine, but that the sanctions don’t apply to them.
Bob Diachenko, a Ukrainian security researcher, said in a tweet that he had $3,000 in earnings since February currently withheld from his account. HackerOne acts as an intermediary between the hackers and security researchers who find and report security bugs and the companies that ask for help fixing their products and services.
HackerOne Chief Technology Officer Alex Rice said, “We actively support Ukraine’s fight for freedom and have no intention of restricting bounty payments to Ukrainian hackers. I’m truly sorry for the stress caused here, and am committed to getting things back up and running as quickly as possible. When the Biden administration announced financial sanctions against the two occupied regions of Ukraine, we immediately began work to ensure that no bounties were inappropriately issued to those sanctioned regions. This has created a delay in the processing of payments for some hackers in this region that the team is actively working to resolve.”
In 2020, HackerOne paid out more than $107 million in bug bounty rewards to researchers, many of whom rely on their earnings as a source of income.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
