Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant’s Surgery

On Tuesday, security researcher Brett Buerhaus put out a call for help on Twitter. Buerhaus said that his brother and his wife needed help to pay for a life-saving open heart surgery that their unborn daughter would need as soon as she is born. 

Buerhaus then said he'd go hunting for security vulnerabilities in an attempt to raise money via bug bounties for a GoFundMe fundraiser set up by the couple. 

"Depending on her condition, she will either have open heart surgery at a few months old or just a few days old in the worst case scenario. She will have to have this surgery at an out-of-state medical center," Jennifer Buerhaus, the future mother, wrote on the fundraiser's page. "She will require lifelong, ongoing medical care."

On Wednesday night, Buerhaus and his friend Sam Curry, another security researcher, went looking for bugs in a large crypto currency project, according to Curry.

Just a few hours later, they found a serious bug in the project's code, reported it, and the next morning they got awarded $50,000, Curry told Motherboard. 

"We got kind of lucky," Curry told Motherboard in a phone call. "We found it on the first night. And we spent like, probably like two or three hours trying to escalate it. But we found it pretty quickly, luckily, which was a kind of a nice treat."

At that point, Curry donated part of the bounty, $4,497, to help the fundraiser reach its goal of $25,000. Since then, the fundraiser has blown past $29,000.

Drew Buerhaus, the future father, told Motherboard that "this has been an overwhelming week of mixed emotions, with lots of tears, and a breathtaking outcome from the love pouring in from all over the world." 

"We're in awe," he said in an email.

Buerhaus also shared a note that he and his wife sent to his brother so that he could share it with the cybersecurity community. 

"My wife and I are speechless," they wrote. "Without your assistance, we would have not been able to push to our goal in such a short amount of time. You all selflessly supported someone you didn’t even know, with problems that weren’t your own, and to that, makes this extremely special to us."

Curry noted that by the time he and Buerhaus started looking for bugs, several people in the cybersecurity community had already flocked to donate to the fundraiser. Before Curry's donation the GoFundMe was at $20,503, according to the website's record of donations. 

"I'm really happy," Curry said. "It's been really, really cool to se, everyone in the community kind of coming together."

Brett Buerhaus, who drew attention to his brother's plight with his tweet, said that he did not expect so much help. 

"It was a beautiful reminder that security can be a giant family and there are people here with big hearts," he told Motherboard in an online chat.

Subscribe to our cybersecurity podcast, CYBER.