What is Zerodium?

By Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3 •  Updated: 11/10/18 •  2 min read

Zerodium is a reputable place where you can sell zero-day exploits.

Hackers and security researchers know that Zerodium is a way to cash in on vulnerabilities that they discover in operation systems, software and hardware, and devices.

There are several ways that you can make money from discovering vulnerabilities.

Zerodium has a strong track record of protecting their sources.  The company pays an attractive bounty and is only interested in high-risk vulnerabilities and fully functional and reliable exploits.

For example, if you find a way to penetrate a newer iPhone, you can certainly sell the hack to Zerodium for a nifty 7 figure sum.

What does Zerodium do with vulnerabilities that it purchases?

Zerodium is very selective on who they resell the vulnerabilities too.  Their customers are governments and large defense companies who have the ability and willingness to pay very high sums for such information.

Zerodium has an internal team of researchers who analyze, test, secures, and documents the vulnerability before providing it to the end-user/customer.

Zero-day exploits usually have a short shelf life.  Eventually, the vulnerabilities are found and patched.  But the persons who initially identify the feat can undoubtedly cash in at Zerodium or similar sites.


Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

Donald Korinchak is a Cybersecurity Professional in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in business, leadership, and cybersecurity issues.