10 Famous Bug Bounty Hunters of All Time

If you are following HackRead you must be aware of what is bug bounty and how it works but did you know who are the most famous Bug Bounty Hunters?

Bug Bounty Programs are programs whereby an individual is rewarded by the company or website concerned after they have pointed out a bug in such website. They are also called vulnerability bounty programs or hacker bounty programs. And researchers who do reporting of the bugs and defects in such programs or websites are called bounty hunters. These reportings help companies to get rid of such bugs at the right time before they are exploited by hackers and other miscreants.

The job of a bug bounty hunter is straight, find a bug and get rewarded. This is turned into a great profession for many. In this article, we shall be enlisting the names of 10 famous bounty hunters who are trusted by companies all around and are famous for their good deeds.

1. Roy Castillo

This bug bounty hunter has a lot of achievements in his kitty. Not only did he report the stored XSS in Gmail for iOS but he also reported a bug in Facebook which exposed the user’s primary email address.

Roy Castillo / Image Source: Soldierx

2. Frans Rosén

The founder of Detectify, Mr. Frans Rosén, has been responsible for finding XSS vulnerability in Mega which increased his bank balance by €1,000. Rank wise, he currently stands second in the list of bug bounty hunters in Hackerone. He has been consistent with reporting vulnerabilities and is rewarded handsomely.

Frans Rosén / Image Source: YouTube

3. Nir Goldshlager

The man is responsible for bypassing Imperva Web Application Firewall with his unique research position. In 2012, he held the top rank in Facebook Security Hall of Fame (White Hat Hacker). When he is not finding bugs, he is busy with his responsibilities as the SEO of Break Security.

Nir Goldshlager / Image Source: Nadlanu

4. Emily Stark

Emily is known for participating in a lot of crowdsourcing security platforms. She works as an engineer at the Google Chrome Security Team. Before joining Google, she was a core developer in a JavaScript application framework called Meteor.

Emily Shark / Image Source: Avatars

5. Neal Poole

A Security Engineer at Facebook who works on the Product Security team is credited with reporting nearly a dozen flaws prior to joining Facebook. He was also acknowledged in Facebook’s Whitehat Hall of Fame. He has also reported several bugs in Google and Mozilla.

Neal Poole / Image Source: Avatars

6. Mazin Ahmed

The owner of blog.mazinahmed.net was the finder of Multiple CSRF vulnerabilities in Facebook Messenger. His research on W3 Total Cache’s Vulnerability That Leads to Full Deface (CVE-2014-9414) has won him accolades from all over the world.

Mazin Ahmed / Image Souce: Twitter

7. Mohamed Ramadan

Mr. Ramadan’s shot to limelight with his reporting of a bug in the Facebook Camera app for iOS which allowed hijackers to intrude into the system of the victim. He has also reported bugs in Google, Facebook, Twitter, Microsoft, Apple, to name a few. He Is the author of the book, CODENAME: Samurai Skills Course.

Mohamed Ramadan / Image Source: Twitter

8. Shubham Shah

At the age of 16, he was able to bypass the 2-Factor-Authentication Google, Yahoo, and others. This goes on to show the amount of talent that this bounty hunter possesses. He finds his name in the Whitehat Hall of Fame in PayPal. Based in Sydney, he now holds the responsibilities at Bishop Fox as a security analyst.

Shubham Shah / Image Source: Facebook

9. Rafay Baloch

This man is credited with finding a remote code execution vulnerability in Paypal. This led to Paypal offering him a job plus a huge monetary reward of $10,000. He also discovered the Android Stock Browser Address Bar Spoofing which was fatal for the current as well as the earlier versions of Android.

Rafay Baloch / Image Source: Twitter

10. Bitquark

Once ranked no. 1 in the list of bounty hunters, he now shares security bugs on http://bitquark.co.uk/, his personal blog. He has also received rewards worth $13,000 from Google’s ‘Google Sites’.

Bit Quark / Image Source: Pinterest


Believe it or not, but bug bounty hunting is one of the biggest social services that one could do to the mankind contemporarily. These bounty hunters have exposed a lot of vulnerabilities that could have proved fatal to the privacy and security of a large section of the population. Recognizing such persons for their contribution to the online world is a small tribute to these talents from our team.

Related Posts