Coinbase is damn concerned about its security measures. The largest exchange platform in the US has recently paid out $30,000 for reporting a critical bug on its system, as given on Hackerone’s vulnerability discloser program.
The San Francisco-headquartered major exchange service and wallet provider firm Coinbase has rewarded the big amount to the bug finder. Notably, this is the largest sum to date rewarded by Coinbase for a bug report. The Hackerone, vulnerability coordination and bug bounty platform do not show much about the bug. But, the issue is now fixed by the exchange platform, according to a Coinbase spokesperson.
Notably, in order to ensure the platform safety, Coinbase runs a four-tier reward system to detect bugs. The exchange’s bounty program provides a $200 reward for low bug cases, $2,000 for medium flaws, $15,000 for high vulnerabilities, and $50,000 for critical impact. This implies that the recently found bug was the critical one.
About its bug bounty system, Coinbase has noted on HackerOne website,
“The Bug Bounty Program directly serves Coinbase’s mission by helping us be the most trusted way to use digital currency. In that spirit, the scope and philosophy of the program aim to safeguard two highest priority assets (“Sensitive Data”): Digital and fiat currency balances [and] customer information.”
Hackerone platform indicates that Coinbase has a total bounty of $321,631 till date, though, the median reward remained at $100. According to the bug bounty platform, Coinbase has resolved 404 bugs.
When hacking incidents on exchange and wallet platforms have been so frequent, this bug bounty system can save the exchange platform from severe losses. Such programs enable even the general public to detect vulnerabilities of the system and report for rewards in return. Last year, a Dutch company reported a bug on Coinbase smart contract. Coinbase rewarded the bug finder with an unlimited amount of Ethereum tokens. The Dutch company obtained $10,000 as a reward from Coinbase. These bounty systems also prove that no crypto service is immune from the threat of hacks and thefts.