Security researcher Guido Vranken alleges HackerOne reporter plagiarised their exploit’verbatim’ The vulnerability reported to Monero’s bug bounty program run by HackerOne was a verbatim copy of his previously discovered exploit. Monero confirmed the report was plagiarised, but they are unable to withdraw the already-paid sum of money. HackerOne had paid over $62 million in bug bounty rewards last year, with the figure surpassing $100 million this year according to the platform’s latest report.
Source: https://www.bleepingcomputer.com/news/security/bug-bounty-reporter-cashes-out-on-someone-elses-exploit/