‘White Hat Hacker’ Won’t Disclose OpenSea Bug Details After Lowball Bounty Offer

Blockchain developer, Mr. Ø, has declined to disclose an OpenSea bug after the platform’s measly bounty offer. The Quantum Tech Project/Product Lead claimed yesterday that they had found a “massive vulnerability” in OpenSea. Reportedly, OpenSea reached out to the ‘white hat hacker’ and offered to pay an additional $25,000 for their previous report. However, the marketplace also asked the dev to verify their KYC, following which they declined the bounty offer.

OpenSea bug bounty payout: What we know so far

Yesterday, Mr. Ø took to Twitter to report a new OpenSea bug. According to them, this vulnerability is at the “same scale or worse than the last one”. They also explained that while the bug would not affect the NFTs in users’ wallets, it could still cost “millions in damages”. If this is true, it could further put OpenSea users at a major risk. After all, an earlier listing exploit had cost several users their high-value NFTs. 

“Opensea has reassessed our previous case and has offered an additional $25k IF WE KYC,” Mr. Ø explained. “They have also offered a similar reward for yesterday’s vulnerability, after they’ve gauged the severity.”

However, they “respectfully” declined OpenSea’s offer and wished them the “best of luck” in finding the bug. Besides, the dev also shared screenshots of their alleged conversation with OpenSea. In one of the texts, OpenSea allegedly said, “We don’t know the details but the longer this goes on people may be at risk as per your observation…”

OpenSea has come under fire before as well for their measly bug bounty payouts. To make things worse, the platform is now asking White Hat Hackers to verify their KYC. Hopefully, OpenSea will fix the current vulnerability before it’s too late.