Coinbase doles out $30,000 reward for detection of bug
Security vulnerability has been the main stumbling block in wider adoption of cryptocurrencies and the trend continues to affect various stakeholders in the cryptocurrency space. In one such case, San Francisco-based crypto exchange Coinbase doled out a whopping $30,000 bug bounty for a critical bug in the system, as reported by The Next Web.
The news about the vulnerability came to light on Tuesday via Coinbase‘s vulnerability disclosure program on HackerOne. A spokesperson from Coinbase spoke to Hard Fork and confirmed the vulnerability but declined to divulge any details.
Considering the bounty of $30,000 it’s easier to contemplate the veracity of the vulnerability and considering Coinbase’s four-tier reward system the vulnerability was a critical one.
The four-tier structure of Coinbase provides a bounty of $200 for low, $2,000 for medium, $15,000 for high, and $50,000 for critical impact.
The exchange’s bounty policy states:
“Coinbase recognizes the importance and value of security researchers’ efforts in helping keep our community safe. We encourage responsible disclosure of security vulnerabilities via our bug bounty program. The Bug Bounty Program directly serves Coinbase’s mission by helping us be the most trusted way to use digital currency.”
The policy further adds:
“Exploitability describes the difficulty of actively exploiting the vulnerability itself. We make this assessment primarily based on the prerequisites for exploitation, including the level of access required, availability of information critical for successful exploitation, and the likelihood of alignment of required factors outside the attacker’s direct control such as social engineering requirements or timing requirements.”
This is the fourth bounty that has been doled out by the crypto exchange this year. On similar lines, EOS handed out a number of $10,000 bounties for critical vulnerability reports in 2018.
In an important development on Tuesday, Coinbase announced that users can now back up an encrypted version of their Coinbase Wallet’s private keys to their personal cloud storage accounts, using either Google Drive or iCloud.
Image via Shutterstock
Join our Telegram group