Security Engineer makes $30,000 in 2 weeks finding bugs on PlayStation!

Security Engineer, Andy Nguyen (theflow0) made $30,000 in 2 weeks and $60,000 in the last two years for reporting PlayStation bugs.

Those of you who have been following the PlayStation scene would all know the dev who is known by his handle, theflow0. Those with a PlayStation had him to thank for about an year ago, when an exploit for firmware 6.20 was disclosed by him. But, in the past two weeks, the dev, whose real name is Andy Nguyen, made $30,000 for bugs he found. The HackerOne page only tags the bugs under PlayStation. So, it is hard to tell for now, if it is a bug that affects PS4 or PS5, or maybe both.

Bugs found by theflow0

Checking the HackerOne page for PS4, it seems Nguyen has reported 5 bugs or exploits in total affecting PlayStation. His first report was made on 21st March, 2020. This is believed to be the exploit that led to the kernel exploit for firmware 6.20. This actually led to the scene springing back into action after 5.05 exploit which was released long ago. Since that point, Andy Nguyen reported four other bugs which earned him a total of $60,000 just finding bugs for the system.

But, let me make it clear. The task is not easy at all. When you release a console like PlayStation 4 with some of the most coveted titles in the world, as the manufacturer, Sony makes sure that almost every hole is plugged. So, finding a bug reversing code for which there is no manual or even, proper decryption keys, is, in the least a developer’s biggest nightmare. Thus, 5 bugs in a span of 2 years is nothing less than a Herculean task. So, congratulations are in order for the dev, theflow0.

HackerOne PlayStation Bounty Program: Can I report bugs and make money?

The simple answer is yes! If you are into security research or white hacking and possess the knowhow, this is definitely a legit opportunity to make some hardcore cash, while doing something you love. That being said, if you are someone who has been active on the scene for quite some time, there are chances that companies would invite you to come find bugs on their platforms.

For example, checking the bug that I linked above, we see that Andy Nguyen was infact invited by PlayStation to report bugs and collect bounty on HackerOne. And, it’s totally understandable, as the man’s reputation precedes him. He has contributed a lot to the PlayStation scene. Some of his noteworthy works are h-encore, VitaShell, modoru, etc. which helped many people owning a PS Vita. His GitHub page bears testament to all his awesome contributions.

As for you guys who might be looking to get into the bounty hunting game, worry not! There are multiple options, given you have the technical knowledge and the necessary equipment. Moreover, PlayStation is not the only company with such a bounty program. Here are a few useful links that might help you early on in your venture.

Many game developers too have bug bounty programs. Here are links to a few of them.


I am sure you would be inspired by Andy Nguyen’s work, especially given the price tag associated with his work. I wish you all the best.

Be the first to comment

Leave a Reply

Your email address will not be published.