Technical details about the vulnerability are
still unknown
Coinbase, the popular cryptocurrency exchange,
has just awarded a $ 30k USD bounty to a hacker for the discovery of a critical
vulnerability on the platform. The security flaw has already been fixed,
reported network security and ethical hacking specialists from the
International Institute of Cyber Security.
The notification arrived to Coinbase teams
through its vulnerability bounty program at HackerOne, website though which
many ethical hackers can work.
Although no further technical details have been
disclosed about the vulnerability, the amount of money received by the hacker
suggests to network security experts that it was a critical flaw, whose
exploitation could have generated catastrophic consequences for Coinbase. The
bounties granted by Coinbase start at $200 USD, while the maximum amount offered
by the platform is $50k USD.
The Coinbase team determines the severity of a
vulnerability based on the impact it could generate and its exploitation feasibility.
For Coinbase to consider a vulnerability to be critical, it “must allow an
attacker to read or modify confidential data on a system, execute arbitrary
code on the system, or extract assets in some form, whether digital or fiat
money”.
Coinbase paid the hacker after encouraging
Coinbase Wallet users to back up their private keys in some cloud storage
options, such as iCloud or Gogle Drive.
This is the biggest reward that Coinbase has
delivered recently, according to specialists in network security, although
during the last week the platform delivered other minor rewards.
This is not the only case of its kind; last
year, Coinbase granted a $10k USD reward to a hacker thanks to a bug report
that allowed users to transfer Ethereum cryptocurrency unlimitedly to their
online wallet addresses.
The rewards for vulnerabilities related to the
cryptocurrency community have been profitable for white hat hackers recently;
it is estimated that last year about $900k USD were delivered through these
programs, with individual reports that reached bounties of up to $80k USD.
