What is Zerodium?
Zerodium is a trusted place where you can buy zero-day exploits.
Zerodium is used by security researchers and hackers to make money from vulnerabilities they find in operating systems, software, hardware, and devices.
You have many options to make money by finding vulnerabilities.
- The vulnerability can be disclosed to the software and hardware vendors. Many companies offer a Bug Bounty program that pays for such discoveries. This is what the “White Hat” should do.
- The exploit can be sold on the black market. You can sell the exploit on the black market. Your exploit will be used for criminal purposes and you could be criminally liable. These “black-hat” buyers will likely pay the most for exploits.
- The vulnerability can be sold to Zerodium or another similar organization. These companies are called “grey hats”.
Zerodium is known for its strong record in protecting its source code. Zerodium pays a handsome bounty and only invests in high-risk vulnerabilities as well as fully functional, reliable exploits.
If you discover a way to hack a newer iPhone, then you can sell it to Zerodium for a nice 7-figure sum.
What does Zerodium do about vulnerabilities it buys?
Zerodium is selective about who it resells the vulnerabilities to. They only sell to governments and large defense contractors who are willing and able to pay high prices for this information.
Zerodium employs an internal team of researchers to analyze, secure, document, and test the vulnerability before it is provided to the customer/end-user.
Zero-day exploits have a limited shelf life. The vulnerabilities will eventually be fixed. However, those who first identify the vulnerability can make a lot of money at Zerodium and similar sites.