The American Cryptocurrency Exchange Coinbase paid a reward of $ 30,000 to a hacker who found critical vulnerability in the exchange system.
It is reported that the error was registered on the portal HackerOne on February 21. A Coinbase spokesman stressed that the vulnerability had already been closed, but did not cover the details. The error report itself was also closed from public access, but, given the high reward, the vulnerability was very serious.
Currently, Coinbase has four levels of rewards for detecting vulnerabilities that depend on the degree of potential impact of vulnerability on systems. The minimum reward is $ 200, the average level of vulnerability is $ 2,000, the hacker will receive $ 15,000 for detecting a dangerous vulnerability, and a critical error is a reward of $ 50,000. Thus, the found vulnerability is between the critical and dangerous levels.
"The Bug Bounty Program directly serves Coinbase's mission by helping us be the most trusted way to use digital currency. In that spirit, the scope and philosophy of the program aim to safeguard two highest priority assets ("Sensitive Data"): Digital and fiat currency balances [and] customer information," said Coinbase representatives.
Only this week, Coinbase paid three more rewards for detecting vulnerabilities, but all of these errors were low-risk.
At the end of last year, the rating agency ICOrating published the results of a study, according to which 54% of cryptocurrency exchanges have problems with the security of accounts, customer data or any other vulnerabilities.