One of the biggest cryptocurrency exchanges in the world, Coinbase has recently submitted a $30k bounty on HackerOne for a fix to a serious problem that was found on its platform.
In a report posted on 13th February, Coinbase’s vulnerability was submitted on a disclosure program on the hacker-powered security consultancy company, HackerOne. When writing this, Coinbase claims that the problem has already been fixed but no other details were provided.
You can only assume that the issue would have been quite serious as the popular crypto exchange reacted very quickly to submit the bug hunt on HackerOne.
Launched in 2014, Coinbase released its own Bug Bounty Program where it pays depending on the impact of the glitch found. The impact of a found issue has multiple measures going from $200 for low, $2,000 for medium, $15,000 for high and for a critical impact, the measure is $50,000.
It doesn’t matter who you are, you will be able to submit a report when finding a bug and once the bug report gets confirmation, it becomes eligible for bounty and the person who found the bug is awarded accordingly. There are rules put in place for the people that take part in the bug hunt. The Coinbase Bug Bounty Program terms state that:
“In order to be deemed valid, a report must demonstrate a software vulnerability in a service provided by Coinbase that harms Coinbase or Coinbase customers. Coinbase awards bounties based on the severity of the vulnerability. We determine severity based on two factors: impact and exploitability.”
There are several terms on the bug bounty that show the different types of bug submission and how they should be characterised and rewarded. So for submission to qualify as a critical impact bounty, several terms will need to be met appropriately. As reported by BTC Manager, “but this issue was not the only issue found by the exchange, as Coinbase also paid for three more bounties marked as low-impact attack vectors this week.”
The promises of blockchain technology claim to bring the security of the future, today but this doesn’t mean that it is safe from critical issues. Last year, Coinbase awarded a $10,000 bounty, this turn the award went to researchers who found the bug and made it possible to reward itself with all the Ethereum you could get.
Even so, Coinbase isn’t the only firm that has problems with its platform as this is an issue that could present itself throughout the ecosystem.