A self-described hacker was accidentally paid almost $250,000 by Google. He was confused about the payment.
On Tuesday, Sam Curry tweeted about the mysterious payment from Alphabet Inc.’s GOOGL,
Google. “It’s been a little over 3 weeks since Google randomly sent me $249,999 and I still haven’t heard anything about the support ticket. Is there any way we can get in touch with @Google?” he wrote.
“It’s OK if you don’t want it back…,”[ads1]; he joked.
Curry describes himself as a hacker and bounty hunter in his Twitter bio. He works as a staff security engineer at Yuga Labs, the crypto and non-fungible token (NFT) specialist that created the famous Bored Ape Yacht Club NFT project.
Opinion: Don’t Reject Bored Apes — NFTs May Prove to Be a Convenient Platform for Sales and Smart Contracts
NPR reports that Curry sometimes does bug bounty work for Google and other companies.
“Google actually contacted me and I’m going to go into the bank today to pay it back,” Curry told MarketWatch on Friday.
“Our team recently made a payment to the wrong party as a result of human error,” a Google spokesperson told MarketWatch. “We appreciate that it was quickly communicated to us by the affected partner and we are working to rectify it.”
Bug bounties are paid by companies and other organizations when someone discovers a vulnerability in their systems and reports the vulnerability, or “bug,” back to them. Last year, for example, the Department of Homeland Security launched its “Hack DHS” program, which invited vetted cybersecurity researchers and ethical hackers to identify potential vulnerabilities in certain remote DHS systems.
In April 2022, the department reported that more than 450 vetted researchers identified 122 vulnerabilities, of which 27 were determined to be critical. DHS distributed a total of $125,600 in bounties, it said.
Alphabet shares were down 0.9% before the market opened on Friday. The stock has fallen 29.0% year-to-date through Thursday, compared with the S&P 500 index SPX,
which has fallen 18.2%.