Google: What would you do if you were accidentally given a big payout? This white hat hacker chose transparency!
A Google employee mistakenly transferred the amount of $250,000 to Sam Curry, a white hat hacker, who nevertheless tried to return the huge amount of money immediately.
Sam Curry is a security engineer at Yuga Labs, the company responsible for popular NFT projects such as Bored Ape Yacht Club. He disclosed the mistake that Google made in a post on Twitter, and as he said, he had been trying to contact the tech giant for three weeks to return the money, but he did not receive any response from the company.
How Did Curry Get The Money?
Google: Curry describes himself as a white hat hacker and is using his skills and knowledge as a “bug bounty hunter.” That means he gets paid by big-name tech companies to search for vulnerabilities in their software and databases. In fact, Curry has worked for Google in this capacity before, and when he saw the 250.000 dollars, he initially thought this might have been a hefty payout for a prior job.
When Curry realized that the money had been transferred by mistake, he immediately decided to contact the company to return the huge amount of money.
In 2021, the Department of Homeland Security (DHS) introduced its “Hack DHS” program and invited cybersecurity researchers and ethical hackers to participate and identify potential vulnerabilities in specific DHS external systems. Back in April, the DHS reported that more than 450 cybersecurity experts identified 122 vulnerabilities in its systems, and 27 of them were characterized as vital.
“It’s been a little over 3 weeks since Google randomly sent me $249,999 and I still haven’t heard anything on the support ticket. Is there any way we could get in touch with Google? (it’s OK if you don’t want it back…)”, Curry wrote on Twitter, and his post went viral.
However, as soon as the news spread, Google quickly corrected the mistake, and the company realized what had happened.
A Human Error
According to the tech giant, the mistaken payment resulted from human error.
“Our team recently made a payment to the wrong party as the result of human error,” wrote a Google spokesperson in an email to CNN. “We appreciate that it was quickly communicated to us by the impacted partner, and we are working to correct it.”
It seems that Google tried to pay another bug bounty hunter, and an employee made a mistake and transferred the vast amount of money to Curry, who was already in the company’s payment system.
Twitter users were quick to comment on Curry’s post, criticizing Google for ignoring their occasional requests and generally being slow to respond. However, there were a lot of users who suggested that Curry should keep the vast amount of money.
Curry stated that he was interested in learning how frequently something similar occurs at Google and what procedures are in place to look for similar failures.