Coinbase Just Awarded $250k To Hacker Exposing Security Vulnerability | CryptoGazette
https://ift.tt/7dn3GI1
Not too long ago, we revealed that the US crypto exchange Coinbase was involved in an event that had to do with a security flaw.
A while ago, we revealed that a hacker helped Coinbase to resolve a security flaw and also sidestep potential losses.
The white-hat hacker who goes by the pseudonym Tree of Alpha took to Twitter and asked if anyone could get them in contact with Coinbase developers to disseminate an urgent HackerOne report.
The hacker says they found something potentially “market-nuking.”
“Anyone here get me a direct line with someone at Coinbase, preferably the management or dev team, possibly Briant Armstrong himself? I’m submitting a HackerOne report but I’m afraid this can’t wait. Can’t say more either, this is potentially market-nuking.”
According to the latest reports, Coinbase awarded the white hat hacker hundreds of thousands of dollars for finding and exposing the security vulnerability.
The online publication the Daily Hodl notes that a pseudonymous researcher by the name of Tree of Alpha took to Twitter to ask subscribers if anyone could get them in contact with Coinbase devs to disseminate an urgent HackerOne report.
Market nuking bug
As the online publication the Daily Hodl notes, Tree of Alpha said they had found a potentially “market-nuking” bug within the Coinbase trading platform.
Ultimately, the hacker was able to get in touch with Coinbase and help resolve the issue.
In a recent announcement, Coinbase stated that they awarded the hacker a $250,000 bounty for helping to expose the security flaw.
“Thanks to the researcher who responsibly disclosed this issue, Coinbase was able to fix this bug in a matter of hours, and conclusively determine that it has never been maliciously exploited. We have also implemented additional checks to ensure that it cannot happen again.”
Coinbase also made sure to say that they strongly support independent security research.
The exchange also said that the bug would have allowed bad actors to submit trades using a mismatched funding source.
Cryptocurrency