While it is stated that blockchain and cryptocurrencies technologies are secured, they are not immune to bugs. For Cryptocurrency exchange desk Coinbase, it is just another day in paradise as they have dished out $30000 bug bounty for a very critical vulnerability in its system. Logged at hackerone, the vulnerability has since been fixed though it wasn’t disclosed.
“In order to be deemed valid, a report must demonstrate a software vulnerability in a service provided by Coinbase that harms Coinbase or Coinbase customers,” the company’s bounty terms stipulate. “Coinbase awards bounties based on severity of the vulnerability. We determine severity based on two factors: impact and exploitability.”
To qualify for a critical impact bounty, a vulnerability must allow attackers to “read or modify sensitive data in a system, execute arbitrary code on the system, or exfiltrate digital or fiat currency in some way.” As far as critical exploitability goes, Coinbase says attackers must be able to “unilaterally exploit the finding without significant roadblocks or special conditions outside attacker control.”