On February 11th, two days before the Super Bowl and Coinbase’s $14 million color-changing QR code advert, an engineer was desperately trying to reach out to Coinbase management and the development team.
Anyone here can get me a direct line with someone at @coinbase , preferably management or dev team, possibly @brian_armstrong himself?I'm submitting a hacker1 report but I'm afraid this can't wait. Can't say more either, this is potentially market-nuking.DMs open.
Tree of Alpha had discovered “a flaw in the new Advanced Trading feature would have allowed a malicious user to sell BTC or any other coin without owning them.” The flaw in the code had the potential to “nuke” the market.
Commenting on the flaw, Tree of Alpha told Cointelegraph that the “vulnerability itself was indeed worrying,” sharing that “some oversight on both the dev team and the QA/testing team was needed to let this happen.”
However, thanks to the hacker's quick reactions and an “overwhelming community response,” the danger was averted and Coinbase avoided a “possible crisis.”
As is common with white hat hacking, a bounty was duly awarded. Coinbase has initially awarded $250,000–an insignificant sum for the Silicon Valley-born unicorn. Twitter was quick to judge the quarter-million sum as a “bear market” bounty, particularly considering the scale of the hack and that Coinbase executives earn that figure annually.
Tree of Alpha told Cointelegraph that the amount was “not too low to be insulting.”
Related: MakerDAO launches biggest ever bug bounty with $10M reward
Ultimately, the events shone a light on the importance of white hat hacking for a relatively nascent industry. The U.S. State Department recently announced it would offer up to $10 million in crypto
Read more on cointelegraph.com