HackerOne is allegedly blocking Ukrainian hackers from receiving their bug bounty payouts, according to Ukrainian hackers.
As a result, Ukrainian hackers and security researchers claim that a bug bounty platform called HackerOne is withholding their bug bounty payouts and refusing to allow them cash out their money.
The Russian invasion of Ukraine in late February resulted in economic penalties and export limitations, according to several affected HackerOne accounts, but the sanctions do not apply to them, according to several hackers and researchers who tweeted about it.
For the time being, "all communications and transactions (including swag shipment) are suspended for customers in Ukraine, Russia, or Belarus," a HackerOne support representative wrote in an email to security researcher Vladimir Metnew. In an interview with TechCrunch, Ukrainian-born Metnew said his account had been frozen. According to Metnew, "I believe that they prohibited payments for everyone who registered from Ukraine."
As a middleman between security researchers and hackers who discover and report security flaws and the businesses seeking assistance in fixing their products, HackerOne offers bug bounty programs. There will be more than $107 million in bug bounty prizes paid out to researchers by HackerOne in 2020.
The accounts of other cybercriminals and researchers remaining in Ukraine have been frozen, and they are unable to get any money out of them. Security researcher Bob Diachenko, whose results have appeared on TechCrunch, tweeted that he had $3,000 in earnings withheld from his bank account since February.
As a result of the bug bounty company's decision to halt payouts in Ukraine, many Ukrainians have expressed outrage and perplexity. We don't know what HackerOne is referring to in terms of sanctions or export regulations. Sanctions against Russia and Belarus as well as an embargo on Ukraine's eastern Donbas region held by separatist groups and Crimea, which Russia invaded in 2014, have been imposed by a number of friendly states. That is not the case for Ukraine.
There is a Ukrainian hacker that goes by the handle of "Aleksander." According to kazan71p, they are "neither from Crimea or the Donbass... " Because of your actions, you just put the entire country under sanctions," he said, referring to HackerOne.
HackerOne has not explained why it has prohibited payments to Ukrainian hackers and researchers, or cited the particular restrictions it believes apply. Attempts to reach a HackerOne spokesperson for comment or clarification prior to publishing were unsuccessful.
Bounty payouts will resume in the near future, HackerOne chief technology officer Alex Rice told TechCrunch after the article was published
For the sake of Ukraine's fight for freedom, bounty payments will not be restricted to Ukrainian hackers." 'I'm sincerely sorry for the stress that this has created, and I'm determined to getting things back to normal,' Rice said. Immediately after the Biden administration imposed financial sanctions on the two occupied regions of Ukraine, we immediately began working to guarantee that no bounty were inappropriately issued." Some hackers in this region have experienced payment processing delays as a result of this issue, which the team is attempting to remedy. My personal commitment is to see all bounty processing restart before the end of the week, as this inconvenience grieves me deeply.
In a since-deleted tweet thread, HackerOne CEO Marten Mickos indicated that HackerOne would "re-route" the revenues of Russian and Belarusian hackers to charity because sanctions prevent the company from conducting transactions with those residents.
"I am a Belarusian citizen," claimed xnwup, a hacker who goes by the handle HackerOne is withdrawing $25,000 from his earnings. Their hard work has paid off, according to the hacker, who declared his support for Ukraine but feared for his life because he had spoken out against Belarusian dictatorship.
Retraction: Mickos has retracted his words about re-routing funds, and now only offers to donate hackers' rewards if they provide their permission in the new tweet thread
Post a Comment