Facebook dished out $1.5m to 330 researchers from across the world as part of its bug bounty programme last year.
The average reward for fixing a bug in Facebook’s code amounted to $2,204, and hackers from Russia and Brazil discovered Facebook’s most critical security threats, confirmed the social network.
Each submitted 38 and 53 bugs respectively and received $150,518 and $200,976 in rewards from Facebook.
Facebook security engineer Collin Greene noted that the company received about 15,000 submissions overall last year, more than triple the number in 2012.
"The volume of high-severity issues is down, and we’re hearing from researchers that it’s tougher to find good bugs," Greene added.
"To encourage the best research in the most valuable areas, we’re going to continue increasing our reward amounts for high priority issues."
Of the overall reported bugs only 687 of those were valid, and only 6% of them were classified as high severity.
The top five in scoreboard list also included the US, UK and India.
In November 2013, US tech rivals Facebook, Microsoft and Google collaborated to combat hackers by offering cash rewards to those who discover web vulnerabilities.
Last September, Facebook also awarded an Indian electronics and communications engineer, Arul Kumar, $12,500 in bounty for exposing a vulnerability that enabled hackers to delete user photos.