Coinbase just paid out its largest bug bounty ever to a white hat hacker. However, the amount paid has created debate across the cryptocurrency community, with some saying that it was too low, given the damage that this bug would have caused.
Bug on Coinbase
The white-hat hacker identified as Tree of Alpha on Twitter explained how they detected the bug on the Coinbase exchange. Through this bug, an attacker could sell Bitcoin and any other cryptocurrency on Coinbase without actually owning any coins. This could be done by changing the product_id. Tree of Alpha managed to make trades by exploiting this bug.
The white-hat hacker attempted to trade 50 BTC for only 50 SHIB. The order managed to go through. The attacker managed to buy nearly $2 million worth of Bitcoin for less than 2 cents worth of Shiba Inu.
“For my last test before reporting this to make sure, I: -send 9M SHIB to my Coinbase account – change source account id to my SHIB account on Coinbase – put a 50 BTC limit sell order using 50 SHIB – ask people around me if they are, too, seeing it,” he said.
The white hat posted his findings on Twitter and asked to be contacted by Coinbase. The response was quick, and Coinbase managed to avert a situation that could potentially cripple the exchange.
Crypto community not pleased by bug bounty
The exchange awarded the white-hat hacker with a reward of $250,000. The bounty amount quickly sparked a discussion in the crypto community, with many saying that it was cheap for Coinbase to give such a reward to someone who had helped the exchange avert its largest vulnerability so far.
One user even hoped that the hacker had kept some of the Bitcoin bought after analyzing the bug. “I hope he did actually take a LITTLE just as extra compensation because 250K is fuck all to a company like Coinbase,” the user said.
After it was revealed that $250,000 was the largest bug bounty ever paid by Coinbase, many users were shocked, given the vast valuation of the exchange that went public last year. Moreover, decentralized exchanges (DEXs) with significantly smaller trading volumes pay higher bounties amounting to millions of dollars.
Your capital is at risk.
Read more:
Credit: Source link