Coinbase Gives Out $30,000 Reward for Detecting Critical Bug

Published at: Feb. 13, 2019

Major United States crypto exchange and wallet service Coinbase has given a $30,000 reward for reporting a critical bug on its system, according to data from Coinbase’s vulnerability disclosure program on HackerOne. The bug, which was reported on Feb. 11, earned the largest reward ever given out by Coinbase on HackerOne.

The vulnerability report is not publicly available on HackerOne. While Coinbase has reportedly confirmed that the vulnerability has since been fixed, a spokesperson declined to specify any additional details on the issue, as reported by tech news website The Next Web on Feb. 13.

Coinbase’s four-grade reward system implies that the recently detected bug was quite serious in terms of severity and vulnerability. Specifically, Coinbase’s bounty system provides a $200 reward for low bug cases, $2,000 for medium flaws, $15,000 for high vulnerabilities, and $50,000 for critical impact.

According to Coinbase’s bug bounty system, critical impact vulnerabilities are described as system loopholes that allow attackers to read or modify sensitive data, as well as execute arbitrary code, and exfiltrate digital or fiat currency. In contrast, low impact cases suppose small and low sensitivity data breaches.

The aforementioned bounty marks the fourth that has been handed out by Coinbase this year. In March 2018, a $10,000 reward was acquired by a Dutch company that a reported smart contract vulnerability, which allowed users to steal an unlimited amount of Ethereum (ETH).

Recently, Cointelegraph reported that EOS.io, the company responsible for EOS (EOS) — the fourth largest cryptocurrency by market cap — has handed over a number of $10,000 bounties for critical vulnerability reports. White hat hackers were awarded a total $878,000 in bug bounties in 2018.

Tags
Related Posts
New Spyware Replaces Crypto Wallets on Clipboard via Telegram: Report
Amerian Internet infrastructure firm Juniper Networks has found a new spyware that uses Telegram app to replace crypto addresses with its own. Masad Clipper and Stealer Juniper Threat Labs, a threat intelligence portal at Juniper Networks (NYSE: JNPR), discovered a new Trojan-delivered malware implementing major global messaging app Telegram to exfiltrate stolen information, according to threat research released on Sept. 26. Reportedly circulating under the name “Masad Clipper and Stealer” on black market forums, the spyware is capable of stealing a broad list of browsing data, including usernames, passwords, credit card information. Moreover, the malware also includes a function that …
Altcoin / Sept. 28, 2019
Recent Firefox Zero-Day Flaw Was Used in Attacks Against Coinbase’s Employees
The recent Firefox’s zero-day security flaw was used in attacks against major crypto exchange and wallet service Coinbase, according to a tweet from Coinbase security researcher Philip Martin posted on June 20. As Martin found, the reported critical zero-day vulnerability in Mozilla’s Firefox web browser, which was announced on June 18, has actually emerged along with another zero-day flaw that targeted Coinbase employees, meaning that there were two separate Firefox zero-day attacks. The Coinbase security expert tweeted: “On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox …
Cryptocurrency Exchange / June 20, 2019
Monero: Wallet Bug Potentially Enables Exchange Hacks, Team Prepares Patch Release
A bug in the Monero (XMR) wallet software that could enable fake deposits to exchanges has been recently brought to public attention through a Medium post, published by the official Ryo (RYO) account on March 3. According to the post, an email reportedly sent to the Monero-announce mailing list warns exchanges and service operators using the coin that the Monero Vulnerability Response team received a disclosure concerning a vulnerability. The vulnerability consists of the mishandling of outputs in coinbase transactions (the first transactions in a block, always made by miners). This mishandling could potentially allow an attacker to fake the …
Altcoin / March 4, 2019
White Hat Hackers Earned $878,000 from Crypto Bug Bounties in 2018, Data Shows
White hat hackers have been awarded $878,000 in bug bounties this year, technology news website TheNextWeb reports on Dec. 30. Bug bounties are a type of competition in which companies that develop software invite hackers to break their software and responsibly disclose the vulnerabilities, so they are able to fix them before they are exploited. According to TheNextWeb, hackers earned $534,500 on HackerOne, a bug bounty platform connecting companies with hackers just from Block.one, the company which stands behind EOS. In fact, Block.one is reportedly responsible for 60 percent of all the bounties handed in this year. Major cryptocurrency exchange …
Blockchain / Dec. 30, 2018
Binance Freezes Funds Stolen From Upbit in Late 2019
An address associated with the $50 million hack of South Korean crypto exchange, Upbit, has moved some of the stolen Ethereum (ETH) to Binance. The world's biggest exchange immediately froze these funds on its platform, and has initiated an investigation. On May 13, Whale Alert tweeted that a 137 ETH ($27,164) transaction was moving funds derived from hacked Upbit exchange to Binance. According to the transaction details, the transfer occurred at 12 p.m. EST. Less than one hour after the transaction was flagged, Binance CEO Changpeng Zhao, or CZ, stepped in to the tweet thread to report that the transferred …
Blockchain / May 13, 2020