Connect with us


Coinbase and the story of the latest ‘market-nuking’ vulnerability



Source: Unsplash

If you were a white hat hacker and you had to choose between exploiting a “potentially market-nuking” vulnerability and accepting a $250,000 bug bounty, what would you pick? This month, one white hat hacker chose the latter, leading to a big sigh of relief from the Coinbase exchange.

Saved from a coin-man

The engineer, who goes by the name “Tree of Alpha” on Twitter [@Tree_of_Alpha] shared a thread with the details of the vulnerability and how they tested the bug before reaching out to Coinbase. Tree of Alpha claimed that the vulnerability on the exchange giant’s Advanced Trading Feature might have let a less ethical hacker walk away with profits after selling Bitcoin and other coins that they didn’t even hold.

Tree of Alpha also claimed,

“I just used 0.0243 ETH to sell 0.0243 BTC on the BTC-USD pair, a pair I do not have access to, without holding any BTC.”

Next, they tried to place a 50 BTC limit sell order using 50 SHIB. When other people reportedly said they too could see this, Tree of Alpha tweeted for help to reach Coinbase’s top execs. Praising Coinbase’s reaction speed, Tree of Alpha said,

“While I sometimes have my beef with Coinbase, I am not sure I could have reached any other CEX that quickly in the same situation.”

Coinbase won’t leave you on read

The crypto exchange recorded in its own press release – dated 19 February – that the white hat hacker raised the issue on 11 February. Both parties agreed that contact was quickly made so that the bug could be identified and then patched.

Tree of Alpha approached the company as part of HackerOne, Coinbase’s bug bounty platform.

Coinbase further noted that the Retail Advanced Trading platform was in limited beta release.

A not-so-heavy price?

Many users were skeptical when they found out that Coinbase’s “largest-ever bug bounty” for this discovery was a total of $250,000 only. This is key when considering that Tree of Alpha had the power to walk away with sales from BTC they didn’t even own, or sell the information to the highest bidder.

Many now might be wondering if they would make the same choice as Tree of Alpha, or if they would need a larger reward to file the report.

Coinbase’s vulnerability comes at a crucial time for crypto, as investors question if centralized exchanges can truly keep their assets safe from both hackers and government authorities.

Read the best crypto stories of the day in less than 5 minutes

Subscribe to get it daily in your inbox.

Please select your Email Preferences.

Sahana is a full-time journalist at AMBCrypto. She has a Masters in Journalism and her areas of study include crypto-regulation, digital society, privacy, and intersectionality. Ask her about film photography and philately.

Click to comment

Leave a Reply

Your email address will not be published.

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.