Get the scoop on finance - sign up for mobile alerts
Scams, Hacks & Breaches
| On
February 21, 2022

Coinbase Awards $250,000 to Hacker Who Exposed Security Vulnerability

By Daily Hodl Staff

Leading US crypto exchange Coinbase is awarding a white hat hacker hundreds of thousands of dollars for finding and exposing a security vulnerability.

Last week, a pseudonymous researcher by the name of Tree of Alpha took to Twitter to ask their 19,500 subscribers if anyone could get them in contact with Coinbase developers to disseminate an urgent HackerOne report.

ADVERTISEMENT

Tree of Alpha said they had found a potentially “market-nuking” bug within the Coinbase trading platform. Ultimately, the hacker was able to get in touch with Coinbase and help resolve the issue.

In a recent announcement, Coinbase says the company awarded the hacker a $250,000 bounty for helping to expose the security flaw.

“Thanks to the researcher who responsibly disclosed this issue, Coinbase was able to fix this bug in a matter of hours, and conclusively determine that it has never been maliciously exploited. We have also implemented additional checks to ensure that it cannot happen again.

Coinbase strongly supports independent security research, and when those researchers uncover serious issues, we want to ensure that they are rewarded accordingly. As a result, we are paying our largest-ever bug bounty for this finding: $250,000.”

ADVERTISEMENT

According to Coinbase, the bug would have allowed bad actors to submit trades using a mismatched funding source.

“To give an example:

  • A user has an account with 100 SHIB, and a second account with 0 BTC.
  • The user submits a market order to the BTC-USD order book to sell 100 BTC, but manually edits their API (application programming interface) request to specify their SHIB account as the source of funds…
  • As a result, a market order to sell 100 BTC on the BTC-USD order book would be entered on the Coinbase Exchange.”

Coinbase CEO Brian Armstrong also personally thanked the programmer for patching up the exploit and avoiding a potential meltdown.

“Tree of Alpha, you’re awesome – a big thank you for working with our team. Love how the crypto community helps each other out!”

Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on X, Facebook and Telegram
Surf The Daily Hodl Mix
&nbsp
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Ociacia

ADVERTISEMENT