Popular California based cryptocurrency exchange Coinbase has recently paid a hacker $30,000 for discovering a critical vulnerability on its platform that, whic has already been fixed, according to a company representative.
The flaw was revealed earlier this week on Coinbase’s vulnerability disclosure program on HackerOne, a website that sees various firms pay white hat hackers for help patching security vulnerabilities. Speaking to the Hard Fork, a Coinbase spokesperson reportedly revealed the vulnerability has been fixed.
While details about the vulnerability haven’t been disclosed, the high $30,000 bounty reveals it was a severe one that could’ve had severe consequences. The US-based cryptocurrency exchange has a four-tier reward system, that pays between $200 and $50,000 depending o the vulnerability’s severity.
Coinbase determines severity based on impact and exploitability. For a bug to be critical, it must allow hackers to “read or modify sensitive data in a system, execute arbitrary code on the system, or exfiltrate digital or fiat currency in some way.”
The cryptocurrency exchange paid the hacker shortly after it launched an option for Coinbase Wallet users to backup an encrypted copy of their private keys to the cloud (iCloud or Google Drive, depending on users’ operating systems).
Bounties can be big business in the cryptosphere, last year, Coinbase notably awarded a hacker $10,000 for finding a bug that allowed users to reward themselves with unlimited Ethereum. But the $30,ooo paid on this bounty appears to be one of the largest so far.
Its refreshing to see companies utilising the skills of hackers to improve security for its users, as opposed to hearing about hacks where millions in crypto go missing.