Leading US crypto exchange Coinbase is awarding a white hat hacker hundreds of thousands of dollars for finding and exposing a security vulnerability.
Last week, a pseudonymous researcher by the name of Tree of Alpha took to Twitter to ask their 19,500 subscribers if anyone could get them in contact with Coinbase developers to disseminate an urgent HackerOne report.
Tree of Alpha said they had found a potentially “market-nuking” bug within the Coinbase trading platform. Ultimately, the hacker was able to get in touch with Coinbase and help resolve the issue.
In a recent announcement, Coinbase says the company awarded the hacker a $250,000 bounty for helping to expose the security flaw.
“Thanks to the researcher who responsibly disclosed this issue, Coinbase was able to fix this bug in a matter of hours, and conclusively determine that it has never been maliciously exploited. We have also implemented additional checks to ensure that it cannot happen again.
Coinbase strongly supports independent security research, and when those researchers uncover serious issues, we want to ensure that they are rewarded accordingly. As a result, we are paying our largest-ever bug bounty for this finding: $250,000.”
According to Coinbase, the bug would have allowed bad actors to submit trades using a mismatched funding source.
“To give an example:
Coinbase CEO Brian Armstrong also personally thanked the programmer for patching up the exploit and avoiding a potential meltdown.
“Tree of Alpha, you’re awesome – a big thank you for working with our team. Love how the crypto community helps each other out!”
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/Ociacia