Zero-day broker firm Crowdfense has made waves in the cybersecurity community with its recent announcement of a larger 30 million USD offer as part of its Exploit Acquisition Program. This program, which focuses on acquiring high-quality zero-day exploits and advanced vulnerability research, aims to meet the increasing demand for sophisticated hacking tools used by intelligence agencies, law enforcement, and government contractors. Crowdfense gained attention in 2019 for its 10 million USD bug bounty program and its unique Vulnerability Research Hub (VRH) online platform, which facilitates collaboration among security researchers.
In response to the evolving threat landscape, Crowdfense has extended the scope of its acquisition program to include additional research areas such as Enterprise Software, WiFi/Baseband, and Messengers. The firm is offering substantial payouts ranging from $10,000 to $9 million USD per successful submission, with specific amounts allocated for different types of zero-day exploits targeting popular platforms. For instance, Crowdfense is offering between $5 and $7 million USD for iPhone zero-day exploits, up to $5 million USD for Android exploits, and varying amounts for Chrome, Safari, WhatsApp, and iMessage zero-days.
The increased payouts offered by Crowdfense reflect the growing complexity of zero-day exploitation, as vendors improve the security of their products, making it harder to find vulnerabilities that can bypass implemented security measures. This trend underscores the critical role of zero-day brokers like Crowdfense in identifying and mitigating security threats, while also raising ethical questions about the commercialization of cyber vulnerabilities and their potential impact on global cybersecurity.
