Technical details about the vulnerability are still unknown
Coinbase, the popular cryptocurrency exchange, has just awarded a $ 30k USD bounty to a hacker for the discovery of a critical vulnerability on the platform. The security flaw has already been fixed, reported network security and ethical hacking specialists from the International Institute of Cyber Security.
The notification arrived to Coinbase teams through its vulnerability bounty program at HackerOne, website though which many ethical hackers can work.
Although no further technical details have been disclosed about the vulnerability, the amount of money received by the hacker suggests to network security experts that it was a critical flaw, whose exploitation could have generated catastrophic consequences for Coinbase. The bounties granted by Coinbase start at $200 USD, while the maximum amount offered by the platform is $50k USD.
The Coinbase team determines the severity of a vulnerability based on the impact it could generate and its exploitation feasibility. For Coinbase to consider a vulnerability to be critical, it “must allow an attacker to read or modify confidential data on a system, execute arbitrary code on the system, or extract assets in some form, whether digital or fiat money”.
Coinbase paid the hacker after encouraging Coinbase Wallet users to back up their private keys in some cloud storage options, such as iCloud or Gogle Drive.
This is the biggest reward that Coinbase has delivered recently, according to specialists in network security, although during the last week the platform delivered other minor rewards.
This is not the only case of its kind; last year, Coinbase granted a $10k USD reward to a hacker thanks to a bug report that allowed users to transfer Ethereum cryptocurrency unlimitedly to their online wallet addresses.
The rewards for vulnerabilities related to the cryptocurrency community have been profitable for white hat hackers recently; it is estimated that last year about $900k USD were delivered through these programs, with individual reports that reached bounties of up to $80k USD.