Tuesday, February 25, 2020

Bug Finder on Coinbase Cryptocurrency Exchange Walks Away With $30,000

Grace Joseph
Freelance Writer, Blogger, and Crypto Enthusiast. Studied Computer Science in University and Undergoing a Masters Degree Programme in Computer Engineering Contact@ reigngracia@gmail.com

An unidentified bug finder has just cashed out $30,000 after it was awarded to them by Coinbase, a U.S. based cryptocurrency exchange. The bounty hunter had discovered an error on the platform which could pose security threats. However, the exact nature of the bug has not been disclosed, according to a media report on February 16.

Bug Finder Uploads Report on Coinbase

Based on reports, Coinbase has paid $30,000 to a bug finder after they uploaded a report of the issue they had discovered to Coinbase’s vulnerability disclosure program. The money was later awarded by the exchange as part of its Bug Bounty Program. While the nature of the fault that was discovered has not been disclosed, it can be assumed that the level of threat was high due to the amount that was paid.

Nonetheless, the bug has been fixed even though the vulnerability report is inaccessible to users. Prior to this time, Coinbase had stated in its terms that bounties are awarded based on the severity of the vulnerability that was discovered. Thus, a bounty hunter can win either $200, $2,000, $15,000 and even as high as $50,000 for impacts rated as low, medium, high, and critical.

According to the Exchange:

In order to be deemed valid, a report must demonstrate a software vulnerability in a service provided by Coinbase that harms Coinbase or Coinbase customers….We determine severity based on two factors: impact and exploitability.

Critical Impact Specifications

In the same vein, specifications have been outlined before a reported flaw can be classified as critical. Here, an attacker must be able to take advantage of a loophole to either read or make modifications to sensitive data in the system. They must also be able to “execute arbitrary code on the system, or exfiltrate digital or fiat currency in some way.”

One more condition that has been outlined, is the ability of the hacker to exploit the system without finding significant roadblocks that may discourage them from their attempts. During the course of the week, three bounties have been awarded prizes by the cryptocurrency exchange, but they were rated as “low-impact attack vectors”.

Coinbase Gave Out $10,000 in 2018 for Discovered Bug

Further reports reveal that the US-based exchange in 2018 had awarded $10,000 to some researchers who discovered an error that could enable people to reward themselves with unlimited amounts of Ethereum. That aside, Block.one, an EOS developer also awarded about $80,000 in bug bounties in 2019.

It is worthy to note that by encouraging people to discover errors on platforms, it also helps to strengthen the exchanges’ security. Given the recent turn out of events on exchanges like Coincheck which was hacked in 2018 and Cryptopia which was hacked on January 14, 2019, the need for a bounty of this nature becomes needful.

This Week in Crypto

NTT Research to Collaborate with UCLA and Georgetown on Cryptography and Blockchain

NTT Research CIS Lab Focused on Information Security Announces Two Joint Research Agreements PALO ALTO, Calif.--(BUSINESS WIRE)--#BayArea--NTT Research, Inc., a division of NTT (TYO:9432), today...

Global Healthcare Cloud Computing Market Expected to Grow at a CAGR of 25.1& Over the Forecast Period, 2018-2023 – ResearchAndMarkets.com

DUBLIN--(BUSINESS WIRE)--The "Global Healthcare Cloud Computing Market, Forecast to 2023" report has been added to ResearchAndMarkets.com's offering. Global healthcare cloud market revenue is expected to...

Outlook on the Global Digital B2B Payments Market to 2024 – ResearchAndMarkets.com

DUBLIN--(BUSINESS WIRE)--The "Global Digital B2B Payments Market: Size, Trends & Forecasts (2020-2024)" report has been added to ResearchAndMarkets.com's offering. This report provides an in-depth analysis...

AERON Redefining the Airline Industry with Blockchain Technology

The idea of incorporating Aviation safety into a Blockchain technology network is probably one of the most brilliant applications of Blockchain technology in solving...
- Advertisement -