Hacker tried for three weeks to contact Google, which mistakenly paid him $250,000, to get his money back



Sam Curry, a security researcher and bughunter, told us that he received an obscure payment of $250,000 from Google. He tried, but without success, for three weeks to find out through the company's tech support why it happened and how to return the money to the bughunter who it was really meant for.

Featured book: Business made simple book PDF Kindle edition download

Hacker tried for three weeks to contact Google, which mistakenly paid him $250,000, to get his money back

Curry searches for various vulnerabilities in web applications and works as a security engineer at Yuga Labs. His employer and the hacker are both registered on Google's paywall for finding vulnerabilities in its services. But Curry did not find or send information to Google about the kind of critical vulnerability for which the company pays such large sums. He was also lucky that Google did not pay him $1 million, which is now the maximum payout for a working exploit chain to remotely execute code to bypass the Titan M security chip.

In the end, Curry decided not to do anything with the money in his account and wait for Google's response, as he decided for himself that the company probably paid him by accident.

A Google representative did get in touch with Curry, but only after publicity about the situation from the hacker society in the media.

The company admitted that it had made a costly mistake. "Our bugbounty payment team recently made a payment to the wrong party as a result of human error. We appreciate that the affected partner quickly informed us about it, and we are working to rectify the situation," a Google spokesperson told the media. The company did not specify the details of the incident, although its information system should minimize such human errors.

Curry thanked Google for the response and explained that he was curious how often something like this happens at Google and what systems the company has to check such errors. He also told the media that so far the company's money is still in his account and nothing happens to it.

Featured book: American government power and purpose 16th edition PDF Kindle edition download

In July 2021, Google announced that it had paid more than 2,000 security researchers from 84 different countries to report more than 11,000 vulnerabilities since the company launched its vulnerability bounty program more than a decade ago. Since January 2010, Google has paid more than $29 million in vulnerability rewards to experts and enthusiasts.

Read also

Withholding TaxGeneral Accepted Accounting StandardsLetter Of IntentWhat is scarcityYear-to-dateLong-Term LiabilitiesNon-Disclosure AgreementChief Operating OfficerReturn on InvestmentChief Marketing OfficerChief Financial OfficerAsset Protection TrustChief Security OfficerCertified Financial PlannerElectronic Funds TransferLimited Liability CompanyClose of BusinessCompany FinanceCash FlowAutomated Teller MachineReturn on EquityStagnation meaningCertified Management AccountantNon-Profit OrganizationCertified Financial ManagerChief Technology OfficerProfit and Loss StatementGross Margin




Business and Finance terms

Withholding Tax General Accepted Accounting Standards Letter Of Intent Scarcity Year-to-date Long-Term Liabilities Non-Disclosure Agreement Chief Operating Officer Return on Investment Chief Marketing Officer Chief Financial Officer Asset Protection Trust Chief Security Officer Certified Financial Planner Electronic Funds Transfer Limited Liability Company Close of Business Company Finance Cash Flow Automated Teller Machine Return on Equity stagnation Certified Management Accountant Non-Profit Organization Certified Financial Manager Chief Technology Officer Profit and Loss Profit and Loss Statement Gross Margin