Coinbase has recently rewarded $30,000 to a bounty hunter for reporting a bug on the platform, as seen on Hackerone’s vulnerability discloser program.
This is the largest sum to date the San Francisco-headquartered cryptocurrency exchange and wallet platform has offered for a bug report.
Though the detailed bug report is not available on Hackerone, Coinbase has already resolved the issue, as confirmed by a Coinbase spokesperson to The Next Web.
The spokesperson, however, did not disclose any additional details of the issue.
According to Coinbase’s profile on Hackerone, the exchange is running a four-tier reward system for its bug bounty program - $200 for low, $2,000 for medium, $15,000 for high, and $50,000 for critical impact.
Ninety-seven percent of the reported bugs on the platform have met “responsible standards,” and Coinbase has resolved 404 bugs. Coinbase’s Hackerone profile also shows that the company has paid out bounties totaling $321,631, however, the median reward remained at $100.
Coinbase defined the system loopholes allowing attackers to read or modify sensitive data, as well as execute arbitrary code, and exfiltrate digital or fiat currency as critical and based on the recent reward, the recent bug seems to fall under this category.
The Trend is Here to Stay
In March 2018, a Dutch company reported a smart contract vulnerability on Coinbase which allowed users to reward themselves with an unlimited amount of Ethereum tokens. The company received $10,000 as a reward from Coinbase.
Coinbase is not the only Blockchain platform laced with vulnerabilities, as according to The Next Web, white-hat hackers received $878,000 in 2018 alone as blockchain-related bug report bounties.
Hackerone’s data also shows that Block.one, the parent company of EOS, has given $80,000 as bug bounties in 2019 alone.