<p><span style="font-weight: 400;">OpenSea has paid $200,000 in bounty rewards to two ethical hackers who discovered separate critical vulnerabilities in the NFT marketplace in the last ten days. Each hacker was individually rewarded $100,000.</span></p> <p><span style="font-weight: 400;">The first was paid to</span> <a href="https://twitter.com/hacker_"><span style="font-weight: 400;">Corben Leo</span></a><span style="font-weight: 400;">, a security expert and chief marketing officer at security firm Zellic, who said that he received $100,000 on Monday for having discovered a critical OpenSea vulnerability via the bug bounty platform HackerOne. </span></p> <p><span style="font-weight: 400;">Had it not been found, the critical bug could have been potentially exploited by malicious hackers to steal assets, Leo told The Block. "It was a vulnerability affecting their web services. It would've allowed an attacker to compromise OpenSea's infrastructure," he said.</span></p> <p><span style="font-weight: 400;">Another anonymous whitehat hacker, who goes by </span><a href="https://twitter.com/nix_eth"><span style="font-weight: 400;">Nix</span></a><span style="font-weight: 400;">, told The Block that OpenSea also rewarded them $100,000 for reporting another critical vulnerability on 19 September, though Nix did not provide additional details.</span></p> <p><span style="font-weight: 400;">“The vulnerability report and any details around it are confidential,” Nix said. This bug was also flagged on the HackerOne platform.</span></p> <p><span style="font-weight: 400;">A spokesperson for OpenSea confirmed to The Block that these bounties were genuine, adding that respective patches to the vulnerabilities have been issued. They said that the firm was satisfied in seeing the bounty program with HackerOne working as intended.</span></p> <p><span style="font-weight: 400;"> “We’re pleased to see the community’s engagement with this program, and even more excited that our average response and patch times have gotten much faster since the program’s launch in October 2021,” the spokesperson said.</span></p> <p>OpenSea is the largest NFT marketplace on Ethereum in terms of daily volume. But the platform has previously faced user interface issues that have resulted in a loss of user assets.</p> <p><span style="font-weight: 400;">To deal with these issues, OpenSea entered a program with HackerOne, a crowdfunded ethical hacking platform designed to help companies discover and fix basic vulnerabilities before they can be misused.</span></p> <p>As part of the program, OpenSea offers bounty rewards in tiers according to how serious the threat is. For instance, a "low" level SeaPort (OpenSea's smart contract) bug can earn a whitehat up to $1,000, while a "critical" one can lead to a prize of up to $3,000,000. The bug bounty program from OpenSea is still live on HackerOne.</p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>