Major United States crypto exchange and wallet service Coinbase has given a $30,000 reward for reporting a critical bug on its system, according to data from Coinbase’s vulnerability disclosure program on HackerOne.The bug, which was reported on Feb. 11, earned the largest reward ever given out by Coinbase on HackerOne.
The vulnerability report is not publicly available on HackerOne. While Coinbase has reportedly confirmed that the vulnerability has since been fixed, a spokesperson declined to specify any additional details on the issue, as reported by tech news website The Next Web on Feb. 13.
Coinbase’s four-grade reward system implies that the recently detected bug was quite serious in terms of severity and vulnerability. Specifically, Coinbase’s bounty system provides a $200 reward for low bug cases, $2,000 for medium flaws, $15,000 for high vulnerabilities, and $50,000 for critical impact.
According to Coinbase’s bug bounty system, critical impact vulnerabilities are described as system loopholes that allow attackers to read or modify sensitive data, as well as execute arbitrary code, and exfiltrate digital or fiat currency. In contrast, low impact cases suppose small and low sensitivity data breaches.
The aforementioned bounty marks the fourth that has been handed out by Coinbase this year. In March 2018, a $10,000 reward was acquired by a Dutch company that a reported smart contract vulnerability, which allowed users to steal an unlimited amount of Ethereum (ETH).
Recently, Cointelegraph reported that EOS.io, the company responsible for EOS (EOS) — the fourth largest cryptocurrency by market cap — has handed over a number of $10,000 bounties for critical vulnerability reports. White hat hackers were awarded a total $878,000 in bug bounties in 2018.