News

Coinbase Announced its $250,000 Bug Bounty After being Informed a Flaw on February 11

Coinbase Announced its $250,000 Bug Bounty After being Informed a Flaw on February 11 3

Coinbase has announced a $250,000 reward for people who discovered security flaws after being informed of a flaw on February 11. The crypto exchange received a report from a third-party researcher indicating that they had uncovered a flaw in the crypto exchange’s trading interface.

Incident Timeline

According to a recent Coinbase’s blog post, this is the timeline:

  • 10:16 AM: A member of the crypto community tweets that they have uncovered a serious flaw in the Coinbase trading interface, and requests contacts in the platform’s Security team.
  • 11:00 AM: Based on limited initial information provided by intermediaries, the platform’s Security declares an incident and mobilizes engineering resources to begin testing all trading interfaces to determine the validity of the alleged bug.
  • 11:21 AM: The crypto researcher files a vulnerability report via HackerOne, Coinbase’s bug bounty platform, indicating that the flaw resides in a specific API for Retail Advanced Trading. The platform’s engineers also complete a review of all other user interfaces and Coinbase Exchange APIs and determine that they are not impacted.
  • 11:42 AM: The crypto exchange engineers are able to reproduce the bug, and the Retail Advanced Trading platform is placed into cancel-only mode, disabling new trades.
  • 4:01 PM: A patch is validated and released, resolving the incident.
Coinbase Announced its $250,000 Bug Bounty After being Informed a Flaw on February 11 4

CoinBase Flaw’s Root Cause

The underlying cause of the bug was a missing logic validation check in a Retail Brokerage API endpoint, which allowed a user to submit trades to a specific order book using a mismatched source account. This API is only utilized by their Retail Advanced Trading platform, which is currently in limited beta release.

To give an example:

  • A user has an account with 100 SHIB, and a second account with 0 BTC.
  • The user submits a market order to the BTC-USD order book to sell 100 BTC, but manually edits their API request to specify their SHIB account as the source of funds.
  • Here, the validation service would check to determine whether the source account had a sufficient balance to complete the trade, but not whether the source account matched the proposed asset for submitting the trade.
  • As a result, a market order to sell 100 BTC on the BTC-USD order book would be entered on the Coinbase Exchange.

There were mitigating factors that would have limited the impact of this flaw had it been exploited at scale. For example, the crypto exchange has automatic price protection circuit breakers, and their trade surveillance team continuously monitors their markets for health and anomalous trading activity.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Hazel

CoinCu News

Victor

Recent Posts

Sui Foundation Enters into Strategic Partnership with Franklin Templeton Digital Assets

Grand Cayman, Cayman Islands, 22nd November 2024, Chainwire

12 minutes ago

Best Cryptos to Invest in December 2024: Qubetics Surges Past $2.6M as Solana Records Big Whale Pump and Polkadot Aims for $6

Best Cryptos to Invest in December 2024: Qubetics surges past $2.6M, Solana’s whale pump ignites…

2 hours ago

Bitcoin Trader Turned $100M in His 20s—Now Reveals 5 Altcoins to Build a $50M Portfolio, With Memecoins Leading the Way!

As Bitcoin reaches unprecedented heights and the market surges, he's highlighting five altcoins poised for…

3 hours ago

Which Crypto Will Explode in the 2024-2025 Bull Run?

With the crypto market reaching new peaks, many are eager to discover digital currencies poised…

3 hours ago

Dogecoin and Shiba Inu Approach $1, but All Eyes Are on XYZVerse’s Push to $10!

XYZVerse, blending sports passion with meme energy, is set to make a significant impact, uniting…

3 hours ago

Will Bitcoin Crash or Soar Past $105K in 2024?

Will Bitcoin Crash?" seems to be one of the most controversial questions, as the price…

5 hours ago

This website uses cookies.