The Entire HackerOne Team is Beyond Excited that The Ranks of Seven-Figure-Earning Hackers have Risen to Eight This Month

By : Krishna Anindyo | Thursday, February 27 2020 - 13:40 IWST

Congratulations, Cosmin! The world's seventh million-dollar bug bounty hacker
Congratulations, Cosmin! The world's seventh million-dollar bug bounty hacker - Cosmin @inhibitor181 is the seventh to join this talented group of hackers, proving to the world that the concept of hacking as a viable career has become a reality. Not only are more hackers earning most or all of their income from hacking, but they’re also making a good living doing it.

Besides the eight hackers passing the US$1 million earnings milestone, twelve more hit US$500,000 in lifetime earnings and 146 earned US$100,000, up from 50 last year. That puts a hacking career well above today’s global average IT salary of US$89,732. 

We sat down with Cosmin to learn how he got started, what contributed to his success, and his views on the industry’s present and future. Congratulations, Cosmin.

Hey! My name is Cosmin and my hacker handle is inhibitor181. I am 30 years old, I was born and raised in Romania, Bucharest and have been living with my wife and 2 dogs in Germany for the past 6 years.

Totally by accident; it’s kind of a funny story. While working as a dev, we were allowed to pick for our future development an event or course. I, with a few colleagues, picked a practical hacking seminar in Hamburg and there I found out about the existence of bug bounty platforms.

Quickly enough, I have made an account, was miserable at first, but slowly, slowly gained more experience and now I have been doing it full-time for almost 2 years.

I usually work while my wife works and she has a different schedule. Let’s say I wake up, have breakfast, start hacking, I take my dogs out for a nice break and then I come back to continue hacking if I am still in the mood. If I am not in the mood or tired, I do something else, usually end up playing rocket league with some friends.

There are quite a few factors here and the combination is what it’s important for me, The steep learning curve and never-ending process of learning, The financial winnings, The live events I have a very competitive nature, In the end, I really love spending my time hacking and I enjoy trying to break other people’s work to make it better for the future for everybody.

Yes, I have a favourite program, a private one that usually eats about 70-80% of my time. Basically, if I am not going to a live hacking event I usually hack there. I really like very deep apps where you can learn from failures and from everything you do or read. When the pieces of the puzzle start coming together it’s very enjoyable and fulfilling.  


My favorite program had a 4x promo for criticals for just 24 hours with another 48 hours notice beforehand and I was in the middle of a breakthrough and research I was already doing for the last week. It was very lucky and I had managed to get 3 criticals in, gaining 3 x US$28k.

Very hard to say as each project is unique, has its own specific challenges and it’s shifting very often. I have various projects that I cannot make myself stick to, start or finish them. So with the risk of sounding extremely broad, those are the ones that are the most challenging, the ones that you cannot even start.

Industries that handle PII and financial institutions. In my opinion, those 2 are the critical parts in the online industry that has to be as secure as possible.

This is my daily job, we spend it on everything we want. We do not have any exquisite hobbies or anything that eats a big chunk of the money we have.

In my opinion identity theft is the biggest risk. Almost there is also the risk of losing your life savings or money. When one of those things happens, in order to “fix it”, if possible, you will need to spend incredible amounts of energy and time that will definitely affect you financially, mentally and physically.

Definitely, businesses both big and small seem to be a lot more open to hacker-powered security and start seeing its advantages. They are also more willing to invest more time and money into them in order to attract more experienced hackers and gain the maximum from it.

First, to realise that this takes time, it’s an incredibly steep learning curve! Then, be prepared to invest time into it. If you have those 2 in mind and you go down this path, you will definitely succeed.

Read the documentation, learn to write your own tools, read security articles, invest time also in research, learn to write your reports and always approach your target tactically and with the strategy that fits you well. Also, it’s very important to realise that you and your mindset are unique, so don’t follow what X or Y says. Try to grab from everybody little bits, analyse them and then integrate them in your workflow only if it suits you.




News Comment

Today's Industry

Electro-Balancer (E-Balancer)

Rabu, 13 Januari 2021 - 16:00 WIB

ZASCHE Handling Rolls Out New Range of Electric Balancers

the E-Balancer is a versatile tool suited for a broad range of heavy-duty industrial applications.

Taylor Armerding, Software Security Expert at Synopsys Software Integrity Group (Photo by Linkedin)

Rabu, 13 Januari 2021 - 15:40 WIB

What is the Cost of Poor Software Quality in the U.S.?

And if you doubt its credibility, or that it applies to software, check out the latest report from the Consortium for Information & Software Quality (CISQ), in partnership with Synopsys, “The…

Nivedita Murthy - Senior Security Consultant, at Synopsys Software Integrity Group

Jumat, 08 Januari 2021 - 17:35 WIB

DevSecOps: The good, the bad, and the ugly

DevSecOps is the practice of integrating security into every stage of the DevOps pipeline.

MP200 ExtremeBevel

Rabu, 23 Desember 2020 - 14:05 WIB

Hypertherm Introduces Extreme Bevel Plasma Consumables for its MAXPRO200 Air and Oxygen Plasma System

The MAXPRO200 is a true workhorse for companies demanding great cut quality along with high productivity and low operating costs.

Jonathan Knudsen - Senior Security Strategist, Synopsys Software Integrity Group

Jumat, 18 Desember 2020 - 13:20 WIB

How to Cyber Security: Software Security is Everyone’s Responsibility

Software security is a kind of team project — everyone in the organisation has an impact on security and risk.