While today hackers are located in more than 150 countries, the most prolific paying organisations and highest earning hackers hail from just a few countries.
Of the $42+ million awarded to hackers through 2018 on HackerOne, organisations in just 8 countries served as the primary source for more than half that amount. The U.S. and Canada based organisations comprise the lion share of bounties, followed by the U.K., Germany, Russia, and Singapore, all contributing significant bounty awards.
The chart below shows the collective outflow and inflow of bug bounty cashfrom organisations to hackers on the HackerOne platform. From when we published this graph a year ago, there has been some shuffling of the top 10 positions. Hackers from the U.S., India, and Russia continued to dominate in earnings again this year, collectively pulling in 36% of the total value of awarded bounties.
Canadian hackers earned 3.3% of all bounties awarded, moving them into the top 10 this year with just under $1.4 million earned. The Netherlands entered the top 10 as well, with Dutch hackers earning more than 3% of the total bounties awarded. Pakistan, Argentina, and Hong Kong fell out of the top 10, but hackers in each of those countries still earned at least 40% more in 2018 compared with 2017.