- The cryptocurrency exchange handed out the largest remuneration on record for the revealed bug.
- The vulnerability has been fixed, but no further details are available.
The leading cryptocurrency exchange in the US paid $30,000 in bounty for the revealed critical vulnerability. It is the largest remuneration in the company’s history, The NextWeb reports.
The flaw was reported on February via vulnerability disclosure program launched by the company on HackerOne. Coinbase refused to disclose details about the issue but confirmed that it had been fixed.
About Coinbase program
The cryptocurrency exchange runs a four-tier reward system where the amount of the remuneration depends on the severity of the bug: $200 for a low-impact issue, $2,000 for medium, $15,000 for high, and $50,000 for a critical issue.
“In order to be deemed valid, a report must demonstrate a software vulnerability in a service provided by Coinbase that harms Coinbase or Coinbase customers. Coinbase awards bounties based on the severity of the vulnerability. We determine severity based on two factors: impact and exploitability,” according to the company’s bounty terms.
Thus, apparently, the revealed vulnerability was classified as something between high and critical.
Also, last year, the company paid $10,000 for the vulnerability that allowed abusers to transfer unlimited amounts in Ethereum to their wallets.
Share
