[ad_1]
Ukrainian hackers and safety researchers say bug bounty platform HackerOne is withholding their bug bounty rewards, in some circumstances 1000’s of {dollars}, and refusing to let hackers withdraw their earnings.
A number of hackers and researchers with affected HackerOne accounts mentioned in tweets that HackerOne is obstructing payouts, citing financial sanctions and export controls following the Russian invasion of Ukraine in late February, however that the sanctions don’t apply to them.
“In case you are based mostly in Ukraine, Russia, or Belarus all communications and transactions (together with swag transport) have been paused in the intervening time,” in line with an e-mail from a HackerOne assist consultant to safety researcher Vladimir Metnew, which he tweeted out. Metnew, who’s Ukrainian however at present within the European Union, advised TechCrunch that his account is frozen. “I believe they blocked funds for everybody who registered from Ukraine,” Metnew mentioned.
Bug bounty firm HackerOne acts as an middleman between the hackers and safety researchers who discover and report safety bugs and the businesses that ask for assist fixing their services. In 2020, HackerOne paid out greater than $107 million in bug bounty rewards to researchers, lots of whom depend on their earnings as a supply of revenue.
Different hackers and researchers who’re nonetheless in Ukraine are reporting related circumstances, that their accounts are frozen or that they can’t withdraw funds. Bob Diachenko, a Ukrainian safety researcher whose findings have been periodically reported on TechCrunch, mentioned in a tweet that he had $3,000 in earnings since February at present withheld from his account.
The transfer to dam payouts throughout Ukraine has been met with anger and confusion, and with none obvious official communication from the bug bounty firm. It’s not clear what sanctions or export controls HackerOne is referring to. The U.S., the European Union and several other different allied nations have imposed stiff financial sanctions in opposition to Russia and Belarus, in addition to an embargo on territory within the japanese Donbas area of Ukraine at present held by separatist teams and Crimea, which was annexed by Russia in 2014. However Ukraine will not be topic to these sanctions.
One affected Ukrainian hacker who goes by the deal with kazan71p mentioned in a tweet that they’re “not from Crimea or Donbas … you simply suspended all Ukrainian accounts, you simply put the entire nation below sanctions,” referring to HackerOne.
HackerOne has not mentioned why it blocked payouts to Ukrainian hackers and researchers or cited the particular sanctions it believes apply. When reached a number of hours earlier than publication, a HackerOne spokesperson was unable to right away remark or reply our questions. TechCrunch will replace if and once we study extra.
The account freezes appeared to return into impact across the time that HackerOne chief government Marten Mickos mentioned in a since-deleted tweet thread that HackerOne would “re-route” earnings for hackers dwelling in sanctioned nations — notably Russia and Belarus — to charity since sanctions forestall the corporate from transacting with these residents.
One hacker, who goes by the deal with xnwup, mentioned HackerOne is taking $25,000 in earnings “as a result of I’m a Belarusian citizen.” The hacker, who expressed their assist for Ukraine however feared for his or her security as a consequence of talking out in opposition to the Belarusian regime, mentioned their earnings have been the “results of years of arduous work.”
Mickos recanted his feedback about re-routing funds in a brand new tweet thread, now providing to donate hackers’ rewards solely with their permission.
Learn extra on Russia’s invasion of Ukraine:
[ad_2]
