News

Bug Finder on Coinbase Cryptocurrency Exchange Walks Away With $30,000

An unidentified bug finder has just cashed out $30,000 after it was awarded to them by Coinbase, a U.S. based cryptocurrency exchange. The bounty hunter had discovered an error on the platform which could pose security threats. However, the exact nature of the bug has not been disclosed, according to a media report on February 16.

Bug Finder Uploads Report on Coinbase

Based on reports, Coinbase has paid $30,000 to a bug finder after they uploaded a report of the issue they had discovered to Coinbase’s vulnerability disclosure program. The money was later awarded by the exchange as part of its Bug Bounty Program. While the nature of the fault that was discovered has not been disclosed, it can be assumed that the level of threat was high due to the amount that was paid.
Nonetheless, the bug has been fixed even though the vulnerability report is inaccessible to users. Prior to this time, Coinbase had stated in its terms that bounties are awarded based on the severity of the vulnerability that was discovered. Thus, a bounty hunter can win either $200, $2,000, $15,000 and even as high as $50,000 for impacts rated as low, medium, high, and critical.
According to the Exchange:

In order to be deemed valid, a report must demonstrate a software vulnerability in a service provided by Coinbase that harms Coinbase or Coinbase customers….We determine severity based on two factors: impact and exploitability.

Critical Impact Specifications

In the same vein, specifications have been outlined before a reported flaw can be classified as critical. Here, an attacker must be able to take advantage of a loophole to either read or make modifications to sensitive data in the system. They must also be able to “execute arbitrary code on the system, or exfiltrate digital or fiat currency in some way.”
One more condition that has been outlined, is the ability of the hacker to exploit the system without finding significant roadblocks that may discourage them from their attempts. During the course of the week, three bounties have been awarded prizes by the cryptocurrency exchange, but they were rated as “low-impact attack vectors”.

Coinbase Gave Out $10,000 in 2018 for Discovered Bug

Further reports reveal that the US-based exchange in 2018 had awarded $10,000 to some researchers who discovered an error that could enable people to reward themselves with unlimited amounts of Ethereum. That aside, Block.one, an EOS developer also awarded about $80,000 in bug bounties in 2019.
It is worthy to note that by encouraging people to discover errors on platforms, it also helps to strengthen the exchanges’ security. Given the recent turn out of events on exchanges like Coincheck which was hacked in 2018 and Cryptopia which was hacked on January 14, 2019, the need for a bounty of this nature becomes needful.

Related posts
BitcoinBitcoin NewsbtcusdBTCUSDCBTCUSDTjpmorganNewsxbtusd

Bitcoin takes priority in JPMorgan’s soon to launch “Crypto-Exposure Basket”

The largest bank in the United States is on its way to providing clients with a lens into the Cryptocurrency investment space. The news hit crypto Twitter shortly after JPMorgan filed for specific sets of documents, required for a “Cryptocurrency…
BitcoinBitcoin NewsFeaturedGrayscaleNews

Grayscale’s Parent Company DCG To Buy $250 Million In GBTC Shares

Digital Currency Group (DCG), the parent company of the world’s largest Bitcoin trust, Grayscale Bitcoin Trust (GBTC) has announced plans to buy a quarter million worth of shares of GBTC. DCG will purchase the shares on the open market through…
AdoptionBitcoinBTC Trading ViewNewsTrading View

Digital Currency Group to buy GBTC shares

Parent company of Grayscale Investments, Digital Currency Group (DCG) today announced its plans to purchase shares of Grayscale Bitcoin Trust for up to $250 million worth of shares of GBTC. DCG intThe post Digital Currency Group to buy GBTC shares…