A self-described hacker was randomly paid almost $250,000 by Google. He was baffled by the payment.
On Tuesday, Sam Curry tweeted about the mysterious payment from Alphabet Inc.’s
Google. “It’s been a little over 3 weeks since Google randomly sent me $249,999 and I still haven’t heard anything on the support ticket. Is there any way we could get in touch @Google?” he wrote.
“It’s OK if you don’t want it back…,” he quipped.
Curry describes himself as a hacker and a bug bounty hunter in his Twitter bio. He works as a staff security engineer at Yuga Labs, the crypto and non-fungible token (NFT) specialist that created the famous Bored Ape Yacht Club NFT project.
NPR reports that Curry sometimes does bug bounty work for Google and other companies.
“Google did indeed contact me and I’m going to head into the bank today to pay it back,” Curry told MarketWatch on Friday.
“Our team recently made a payment to the wrong party as the result of human error,” a spokesperson for Google told MarketWatch. “We appreciate that it was quickly communicated to us by the impacted partner, and we are working to correct it.”
Bug bounties are paid out by companies and other organizations when someone discovers a vulnerability in their systems and reports the vulnerability, or “bug,” back to them. Last year, for example, the Department of Homeland Security launched its “Hack DHS” program, which invited vetted cybersecurity researchers and ethical hackers to identify potential vulnerabilities in certain DHS external systems.
In April 2022 the Department reported that more than 450 vetted researchers identified 122 vulnerabilities, 27 of which were determined to be critical. DHS awarded a total of $125,600 in bounties, it said.
Alphabet shares were down 0.9% before the market open on Friday. The stock has dropped 29.0% year to date through Thursday, compared with the S&P 500 index
which has dropped 18.2%.