A 19-year-old, self-taught hacker from Argentina, Santiago Lopez, is believed to be the world's first hacker to make US$1 million (£750,000) from hacking legally according to HackerOne whose 2019 Hacker Report also found a 100 percent growth in the Hacker Community.
Since 2015 Lobez has uncovered over 1,600 security flaws. Days after Lopez, who goes by the handle @try_to_hack, had surpassed US$ 1 million in bounty awards, Mark Litchfield/ @mlitchfield also became a million-dollar bug bounty hacker.
White hat hackers on HackerOne have cummulatively been paid more than £14 million (US$19 million) in bug bounties in 2018; its report puts the hacker community at more than 300,000 with at least 600 hackers registering any given day
The wider hacker community has doubled year over year says the report, adding that it has earned US$ 19 million in bounties last year, nearly matching the total bounties paid to hackers in the previous six years combined. But a simple division gives an average per hacker of less than £50 each, hence it is clear most are not earning their living by hacking - and even if most of the money goes to the 600 daily hackers, that equates to £24k per year - which would be further depleted by the million dollar earners.
The report covers hackers located in more than 150 countries responsible for reporting more than 93,000 resolved security vulnerabilities and earning US$ 42 million (£32 million) earned in bug bounties as of 2018 - thus an average of £452 paid for each.
However, only 14.26 percent say that they do it for the money; almost as many do it for fun (13.53 percent) whereas most (40.52 percent) begin hacking to learn and contribute to their career and personal growth. Curiosity and a genuine desire to help the internet become more secure is the motivation for 9.31 percent.
So if most of the rewards actually went to those hacking for cash, the figures above could be multiplied by seven - but of course the altruistic and enthusiast will also have been responsible for important discoveries too.
India, the United States, Russia, Pakistan, and the United Kingdom are the top locations for hackers, representing over 51 percent of all hackers in the HackerOne community, however, six African countries had first-time hacker participation in 2018. Hackers from India and the US alone account for 30 percent of the total community down from 43 last year, showing increased globalisation.
Top earners on HackerOne are reported to be making up to 40 times the median annual wage of a software engineer in their home countries, in some cases US$100,000 (£750,000) for single critical vulnerability.
Luke Tucker, senior director of community and content at HackerOne commented in a press statement: "The perception of hackers is changing. ...companies and government organisations are realising that in order to protect themselves online, they need an army of highly skilled and creative individuals on their side — hackers. As more organisations embrace the hacker community, the safer customers and citizens become."