Coinbase, which is a U.S. based cryptocurrency exchange has just awarded 30,000 USD to an unidentified bug finder. The bounty hunter who has been awarded the cash had discovered an error on the platform which could possibly pose security threats. However, as per recent media reports, the nature of the bug has not yet been disclosed.
The bug finder has been given the money as a part of its Bug Bounty Program, after they had uploaded a report regarding the issue of Coinbase’s vulnerability disclosure program.
The nature of the fault has not been disclosed and it is quite certain that the level of threat was high due to the amount that was paid.
However, the bug had now been fixed but the vulnerability report is still inaccessible to users. Coinbase had previously stated that they awarded bounties on the basis of how severe the vulnerability was.
The exchange said,
“In order to be deemed valid, a report must demonstrate a software vulnerability in a service provided by coinbase that harms coinbase or coinbase customers… We determine severity based on two factors: impact and exploitability.
Similarly, specifications have been outlined before a reported error is flagged as critical. In this instance, an attacker must be able to make use of a loophole to either read or make changes to sensitive data in the system. They must also be able to “execute arbitrary code on the system, or exfiltrate digital or fiat currency in some way.”
One more condition that has been mentioned, is the ability of the hacker to exploit the system without finding significant obstacles that may discourage them from their attempts. During the course of the week, three bounties have been rewarded by the cryptocurrency exchange, but they were rated as “low-impact attack vectors”.
It must also be noted that by enabling people to find errors on platforms, the exchanges’ security also gets strengthened.