Apex has found bugs that, if exploited, would have led to more than $100 billion in losses, earned nearly $1 million in bounties, and currently sits at #1 on the HackerOne Business leaderboard for 2026. A few of its wins:
| Date | Target | Finding | Tags |
|---|---|---|---|
| 26 Apr ’26 | Ethereum | High severity bug in Ethereum (details to be disclosed) | highblockchain |
| 26 Apr ’26 | Apple | High severity bug in Apple (details to be disclosed) | high |
| 24 Mar ’26 | Chrome | A one-line getter that made Chrome's TextDecoder read freed memory | highCVE-2026-3921browser |
| 18 Mar ’26 | Anthropic | How one committed JSON file could put Claude Code in YOLO mode | highCVE-2026-33068ai |
| 19 Feb ’26 | Ripple | An 80 billion dollar bug in the XRP Ledger | criticalblockchain |
| 15 Jan ’26 | Redacted | Over $10B at risk (Infinite Mint on a Top 10 blockchain) | criticalblockchain |