Bug Bounty: Hackers Earned $45 Million As Bounties In Last 12 Months


According to virtual private network service provider Atlas VPN, ethical hackers earned $44,754,742 million collectively from bug bounties in the last 12 months.

In total, hackers reported 60,000 valid vulnerabilities. Hackers received $979 on average per single vulnerability.

The United States remains the top payer of bounties, rewarding hackers $39,125,265 in the past year. Rewards paid by the US organizations alone account for 87% of the total amount of bounties paid.

Up next is Russia, which granted $887,236 in bounty rewards to hackers. Bonuses awarded by Russian companies make up 2% of the total bounty prizes awarded to hackers.
Organizations from the UK round out the top 3, with $559,215 paid to hackers as bounty rewards.

Bounty rewards distributed by UK companies amount to a little over 1% of the total amount of bounties paid in the past 12 months.


Rachel Welch, COO of Atlas VPN, shares her thoughts on the topic:

“While bug bounty programs will not solve the cybersecurity talent shortage, organizations can still benefit significantly by outsourcing ethical hackers to identify weak spots in their security measures.”

When it comes to the hackers themselves, US hackers are leading the way. Together the US hackers earned $7,204,299, which accounts for 16% of the total amount of bounty winnings distributed over the last 12 months.

Chinese hackers come in second, commanding $5,355,683. Bounty rewards received by Chinese hackers make up nearly 12% of all bounties paid in the past year.

Chinese hackers are closely followed by Indian hackers, who netted $4,401,251 in bounty winnings. Rewards collected by Indian hackers constitute close to one-tenth of the total amount of bug bounty rewards paid from May 2019 to April 2020.

Technology companies paid the biggest share of bug bounty rewards

Companies in the computer software industry distributed the biggest share of bounty awards to hackers in the past 12 months.

In total, such companies paid out $16,263,982 in bounty awards, which make up more than 36% of the total awards paid.

Next up is companies in the internet and online service industry, which distributed $16,079,195 in bounty rewards to hackers over the past 12 months.

Bounty rewards paid by the organizations in the internet and online service sector also account for nearly 36% of the total bounties awarded in the past year.

Companies in the telecommunication industry occupy the third spot. Together, they distributed $2,497,042 in bounty rewards accounting for close to 6% of the total winnings from May 2019  to April 2020.

About Author: 

Alex T.

(Published in a content partnership with AtlasVPN.)