Ukrainian hackers and security researchers have claimed that leading bug bounty platform HackerOne has blocked their payouts running into thousands of dollars.
According to them, HackerOne is blocking payouts citing economic sanctions and export controls following the Russian invasion of Ukraine.
“If you are based in Ukraine, Russia, or Belarus, all communications and transactions (including swag shipping) have been paused for the time being,” according to an email from HackerOne that security researcher Vladimir Metnew tweeted late on Monday.
HackerOne told TechCrunch that bounty payouts will resume shortly.
“We actively support Ukraine’s fight for freedom and have no intention of restricting bounty payments to Ukrainian hackers. I’m truly sorry for the stress caused here, and am committed to getting things back up and running as quickly as possible,” the company was quoted as saying in the report.
In 2020, HackerOne paid out more than $107 million in bug bounty rewards to researchers.
Ukrainian security researcher Bob Diachenko tweeted that he had $3,000 in earnings since February currently withheld from his account.
“I am from Ukraine and Hackerone is not sending bounties here as well (they owe me like 3k USD since Feb). I guess they simply disabled payouts to the entire country, no matter if it is occupied or not,” he said.
Several hackers and researchers who are still in Ukraine reported their accounts being frozen or they could not withdraw funds.