$250K bounty 'not too low to be insulting,' says Coinbase white hat hacker

Published at: Feb. 21, 2022

On February 11th, two days before the Super Bowl and Coinbase’s $14 million color-changing QR code advert, an engineer was desperately trying to reach out to Coinbase management and the development team.

Anyone here can get me a direct line with someone at @coinbase , preferably management or dev team, possibly @brian_armstrong himself?I'm submitting a hacker1 report but I'm afraid this can't wait. Can't say more either, this is potentially market-nuking.DMs open.

— Tree of Alpha (@Tree_of_Alpha) February 11, 2022

Tree of Alpha had discovered “a flaw in the new Advanced Trading feature would have allowed a malicious user to sell BTC or any other coin without owning them.” The flaw in the code had the potential to “nuke” the market.

Commenting on the flaw, Tree of Alpha told Cointelegraph that the “vulnerability itself was indeed worrying,” sharing that “some oversight on both the dev team and the QA/testing team was needed to let this happen.”

“While the advanced trading product was not available for everyone and was still in beta testing, a significant number of users could have used the exploit.”

However, thanks to the hacker's quick reactions and an “overwhelming community response,” the danger was averted and Coinbase avoided a “possible crisis.”

As is common with white hat hacking, a bounty was duly awarded. Coinbase has initially awarded $250,000–an insignificant sum for the Silicon Valley-born unicorn. Twitter was quick to judge the quarter-million sum as a “bear market” bounty, particularly considering the scale of the hack and that Coinbase executives earn that figure annually.

Tree of Alpha told Cointelegraph that the amount was “not too low to be insulting.”

“While a higher bounty might have been wise to deter more grey hats from exploiting vulnerabilities, it is common in the crypto sphere to lose touch with the value of money. For most working human beings, $250K is a very decent sum.”

Related: MakerDAO launches biggest ever bug bounty with $10M reward

Ultimately, the events shone a light on the importance of white hat hacking for a relatively nascent industry. The U.S. State Department recently announced it would offer up to $10 million in crypto rewards to white hat hackers; however, Tree of Alpha affirmed that “white hat hacking is crucial yet criminally overlooked by companies.”

In a word to the wise, they concluded:

“Companies won't hesitate to spend tens of millions on marketing but won't spend a fraction of it on making sure there is something left to market.”

Coinbase CEO Brian Armstrong was among the first to thank the white-hat hacker for saving his company:

.@Tree_of_Alpha you're awesome - a big thank you for working with our teamlove how the crypto community helps each other out!

— Brian Armstrong - barmstrong.eth (@brian_armstrong) February 11, 2022
Tags
Api
Related Posts
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to …
Adoption / May 14, 2022
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …
Adoption / Aug. 22, 2022
Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet. Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens. According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday. …
Bitcoin / Aug. 30, 2021
Making sense of the Bitfinex Bitcoin billions
It’s the Netflix script that wrote itself. A story so outlandish, it’s stunned the crypto community; an industry accustomed to apparent suicides in Spanish jail cells and nonfungible token auctions for dead rappers. The plot involves the United States Department of Justice (DoJ), a crypto exchange with a checkered history, a rapper-cum-Forbes magazine writer, a voucher to buy a new PlayStation, an occasional magician and $4 billion worth of Bitcoin (BTC). The alleged Bitfinex hack money launderers have kept the internet enraptured since the larger-than-life story emerged last week. It’s no wonder that Netflix has actually announced that they will …
Adoption / Feb. 16, 2022
Getting rid of crypto staking would be a 'terrible path' for the US — Coinbase CEO
The CEO and co-founder of cryptocurrency exchange Coinbase, Brian Armstrong, believes that banning retail crypto staking in the United States would be a ‘terrible’ move by the country's regulators. Armstrong made the comments in a Feb. 9 Twitter thread which has already been viewed over 2.2 million times, after noting they've heard “rumors” that the U.S. Securities and Exchange Commission “would like to get rid of crypto staking” for retail customers. “I hope that's not the case as I believe it would be a terrible path for the U.S. if that was allowed to happen.” Armstrong did not share where …
Regulation / Feb. 9, 2023