# HackerOne Top-Paying Programs (Repo Prioritization)

Date: 2026-02-15

Source: `hackerone-network-top-paying.jsonl` (semi-structured export parsed by `scripts/hackerone_top_paying.py`)

## Top-Paying With In-Scope Code Repos (SOURCE_CODE + bounty eligible)

Coinbase (handle=`coinbase`, max=1000000 USD)
- https://github.com/coinbase/cb-mpc

Chainlink (handle=`chainlink`, max=100000 USD)
- https://github.com/smartcontractkit/chainlink
- https://github.com/smartcontractkit/external-adapters-js

TRON DAO (handle=`tron_dao`, max=100000 USD)
- https://github.com/tronprotocol/java-tron

Cosmos (handle=`cosmos`, max=50000 USD)
- https://github.com/cosmos/gaia
- https://github.com/cosmos/iavl
- https://github.com/cosmos/ics23
- https://github.com/cosmos/ledger-cosmos
- https://github.com/iqlusioninc/crates
- https://github.com/iqlusioninc/tmkms
- https://github.com/iqlusioninc/yubihsm.rs
- https://github.com/skip-mev/go-fast-contracts
- https://github.com/cosmos/evm

MetaMask (handle=`metamask`, max=50000 USD)
- https://github.com/Web3Auth/web3auth-web

Chia Network (handle=`chia_network`, max=50000 USD)
- https://github.com/Chia-Network/chia-blockchain
- https://github.com/Chia-Network/chia-blockchain-gui
- https://github.com/Chia-Network/chia_rs
- https://github.com/Chia-Network/chiapos
- https://github.com/Chia-Network/chiavdf
- https://github.com/Chia-Network/clvm_rs

## Top-Paying Without Concrete GitHub Repos Listed in bounty-targets-data

These appear in the export, but `bounty-targets-data` does not list concrete GitHub repos as in-scope `SOURCE_CODE` targets (some are app/domain/API targets, or org-level patterns):
- Crypto.com (handle=`crypto`, max=2000000 USD)
- OKG (handle=`okg`, max=1000000 USD)
- 1Password - CTF (handle=`1password_ctf`, max=1000000 USD)
- Shopify (handle=`shopify`, max=200000 USD) (org-level: https://github.com/Shopify)
- Superhuman (formerly Grammarly) (handle=`superhuman`, max=100000 USD)
- Wickr (handle=`wickr`, max=100000 USD)
- Wallet on Telegram (handle=`wallet_on_telegram`, max=100000 USD)
- Nintendo (handle=`nintendo`, max=50000 USD)
- Nord Security (handle=`nordsecurity`, max=50000 USD)
- CoinSpot (handle=`coinspot`, max=50000 USD)
- Figma (handle=`figma`, max=50000 USD)
- Deribit (handle=`deribit`, max=50000 USD)
- PlayStation (handle=`playstation`, max=50000 USD)
- PayPal (handle=`paypal`, max=30000 USD)
- Epic Games (handle=`epicgames`, max=25000 USD)
- Airbnb (handle=`airbnb`, max=25000 USD)
- Playtika (handle=`playtika`, max=5000 USD)
- Credit Karma (handle=`creditkarma`, max=5000 USD)