{"id":8572,"date":"2022-02-21T14:05:04","date_gmt":"2022-02-21T14:05:04","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/250k-bounty-not-too-low-to-be-insulting-says-coinbase-white-hat-hacker\/"},"modified":"2022-02-21T14:05:05","modified_gmt":"2022-02-21T14:05:05","slug":"250k-bounty-not-too-low-to-be-insulting-says-coinbase-white-hat-hacker","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/250k-bounty-not-too-low-to-be-insulting-says-coinbase-white-hat-hacker\/","title":{"rendered":"$250K bounty ‘not too low to be insulting,’ says Coinbase white hat hacker"},"content":{"rendered":"
\n

On February 11th, two days before the Super Bowl and Coinbase\u2019s $14 million color-changing QR code advert, an engineer was desperately trying to reach out to Coinbase management and the development team.<\/p>\n

\n

Anyone here can get me a direct line with someone at @coinbase<\/a> , preferably management or dev team, possibly @brian_armstrong<\/a> himself?<\/p>\n

I’m submitting a hacker1 report but I’m afraid this can’t wait. Can’t say more either, this is potentially market-nuking.<\/p>\n

DMs open.<\/p>\n

\u2014 Tree of Alpha (@Tree_of_Alpha) February 11, 2022<\/a><\/p><\/blockquote>\n

Tree of Alpha had discovered<\/a> \u201ca flaw in the new Advanced Trading feature would have allowed a malicious user to sell BTC or any other coin without owning them.\u201d The flaw in the code had the potential to \u201cnuke\u201d the market.<\/p>\n

Commenting on the flaw, Tree of Alpha told Cointelegraph that the \u201cvulnerability itself was indeed worrying,\u201d sharing that \u201csome oversight on both the dev team and the QA\/testing team was needed to let this happen.\u201d <\/p>\n

\u201cWhile the advanced trading product was not available for everyone and was still in beta testing, a significant number of users could have used the exploit.\u201d <\/p><\/blockquote>\n

However, thanks to the hacker’s quick reactions and an \u201coverwhelming community response,\u201d the danger was averted and Coinbase avoided a \u201cpossible crisis.\u201d<\/p>\n

As is common with white hat hacking, a bounty was duly awarded. Coinbase has initially awarded $250,000\u2013an insignificant sum for the Silicon Valley-born unicorn. Twitter was quick to judge<\/a> the quarter-million sum as a \u201cbear market\u201d bounty, particularly considering the scale of the hack and that Coinbase executives earn that figure annually.<\/p>\n

Coinbase executive salaries according to Comparably. Source: Comparably<\/em><\/figcaption><\/figure>\n

Tree of Alpha told Cointelegraph that the amount was \u201cnot too low to be insulting.\u201d<\/p>\n

\u201cWhile a higher bounty might have been wise to deter more grey hats from exploiting\u00a0vulnerabilities, it is common in the crypto sphere to lose touch with the value of money. For most working human beings, $250K is a very decent sum.\u201d<\/p><\/blockquote>\n

Related: <\/u><\/em><\/strong>MakerDAO launches biggest ever bug bounty with $10M reward<\/em><\/strong><\/p>\n

Ultimately, the events shone a light on the importance of white hat hacking for a relatively nascent industry. The U.S. State Department recently announced it would offer up to $10 million in crypto rewards to white hat hackers; however, Tree of Alpha affirmed that \u201cwhite hat hacking is crucial yet criminally overlooked by companies.\u201d<\/p>\n

In a word to the wise, they concluded:<\/p>\n

\u201cCompanies won’t hesitate to spend tens of millions on marketing but won’t spend a fraction of it on making sure there is something left to market.\u201d<\/p><\/blockquote>\n

Coinbase CEO Brian Armstrong was among the first to thank the white-hat hacker for saving his company:<\/p>\n

\n

.@Tree_of_Alpha<\/a> you’re awesome – a big thank you for working with our team<\/p>\n

love how the crypto community helps each other out!<\/p>\n

\u2014 Brian Armstrong – barmstrong.eth (@brian_armstrong) February 11, 2022<\/a><\/p><\/blockquote>\n<\/div>\n