Coinbase has recently rewarded $30,000 to a bounty hunter for reporting a bug on the platform, as seen on Hackerone’s vulnerability discloser program.
This is the largest amount of money to date the San Francisco-headquartered cryptocurrency exchange and wallet platform has offered for a bug report.
Though the detailed bug report is not available on Hackerone, Coinbase has already resolved the issue, as confirmed by a Coinbase spokesperson.
The spokesperson, however, did not disclose any additional details of the issue.
According to Coinbase’s profile on Hackerone, the exchange is running a four-tier reward system for its bug bounty program – $200 for low, $2,000 for medium, $15,000 for high, and $50,000 for most critical impact.
97 % of the reported bugs on the platform has met “responsible standards” and Coinbase has resolved 404 bugs. Coinbase’s Hackerone profile also shows that the company has paid a total bounty of $321,631, however, the median reward remained at $100.
Coinbase exchange defined the system loopholes allowing attackers to read or modify sensitive data, as well as execute arbitrary code, and exfiltrate digital or fiat currency as critical and based on the recent reward, the recent bug seems to fall under this category.
In March 2018, a Dutch company reported a smart contract vulnerability on Coinbase which allowed the users to reward themselves with an unlimited amount of Ethereum tokens. The company received $10,000 as a reward from Coinbase.
Coinbase is not the only blockchain platform laced with vulnerabilities, white-hat hackers received $878,000 in 2018 alone as blockchain-related bug report bounties.
Hackerone’s data also shows that Block.one, the parent company of EOS, has given $80,000 as bug bounties in 2019 alone.