Coinbase steps up Bug Bounty program; rewards hacker $30,000 for critical bug detection

Top-American cryptocurrency exchange Coinbase, has paid out a reward of $30,000 to a hacker for detecting a significant bug on its server, thereby protecting the exchange from an unfortunate event.

Coinbase’s vulnerability program, Hackerone, confirmed the payout of the aforementioned amount. The hacker reported the bug earlier this week and was rewarded with the highest bounty offered by the American exchange on HackerOne.

The exchange has closed off the vulnerability report to the general public, nor has it revealed any pertinent information about the same, but the valuation of the bounty disseminated suggests that the bug was detrimental to operations.

According to the exchange’s policy on Hackerone:

“A report must be a valid, in scope report in order to qualify for a bounty. Coinbase awards bounties based on severity of the vulnerability. We determine severity based on two factors: Impact and Exploitability.”

The gradation of the bug-detection reward system, offered by Coinbase is as follows, $200 for the smaller bugs, $2,000 for medium, $15,000 for high-concern ones, and $50,000 for very critical bugs. Considering this case saw a payout of $30,000, Coinbase must have deemed this bug critical.

Critical impact bugs will qualify as the following, as per Coinbase’s policy:

“Attackers can read or modify Sensitive Data in a system, execute arbitrary code on the system, or exfiltrate digital or fiat currency in some way. “

Furthermore, Coinbase describes the extent of “Exploitability,” of the bug and the effects it could have on the system as levels Critical and Low, the former is described as:

“Attackers can unilaterally exploit the finding without significant roadblocks or special conditions outside attacker control.”

Bug Bounties are not a new phenomenon in the cryptocurrency realm, it isn’t even a new phenomenon this week, as this recent $30,000 payout was the fourth awarded by Coinbase to hackers. However, the three prior to this one were pegged as a low-impact attack.

EOS developer Block.one has also been rolling out bounties for hackers that detect bugs in their protocol. The developer has already given over $80,000 in bug bounties to anyone who revealed vulnerabilities.

Coinbase is currently in hot water, as the exchange could be served with a lawsuit by an Israeli NGO for their enablement of Bitcoin donations to the terror outfit Hamas. The cash-strapped terror outfit has turned to Bitcoins to step-up their funding and is allegedly using an account with Coinbase for the same.

The Israeli NGO, Shurat HaDin [Israel Law Centre], stated that the exchange’s enablement of Hamas’ funding efforts is a direct violation of the counter-terrorism laws of the United States and if this continues, a lawsuit will be served.

Be the first to comment

Leave a Reply

Your email address will not be published.


*