News of the largest bug bounty ever paid out by crypto exchange Coinbase has been circulating. The bounty which was paid to a white hat hacker who found a bug in the exchange’s advance trading feature was paid $250,000. This can be a sizable amount for a bug bounty but users in the space have lamented the reward paid to the hacker who could have quite literally broken the platform.
How The Hacker Found The Bug
The pseudonymous white-hat hacker only identified on Twitter as Tree of Alpha explained how they found the hack on the Coinbase crypto exchange. According to them, they had found a way that would allow any user to sell BTC or any other coin without actually owning them on the exchange. By simply changing the product_id, Tree of Alpha had been able to place successful purchases on trading pairs they were not allowed to trade.
Related Reading | Ethereum Staking Yields To Double Post-Merge, Says Coinbase
They had then tried to replicate this by placing a trade order of 50 BTC for only 50 SHIB and surprising the order had gone through Basically, the hacker had been able to buy almost $2 million worth of bitcoin using less than two cents worth of SHIB.
“For my last test before reporting this to make sure, I: -send 9M SHIB to my Coinbase account -change source account id to my SHIB account on Coinbase -put a 50 BTC limit sell order using 50 SHIB -ask people around me if they are, too, seeing it,” Tree of Alpha posted on Twitter.
After verifying the bug, the white hat hacker had reached out on Twitter asking the crypto community to put them in contact with the CEO of Coinbase, Brian Armstrong. The process was very fast and not long after, Coinbase was able to avert what could have been a disastrous situation by stopping all advanced trading.
Users Not Happy With Coinbase
Following the exposure of the bug and Coinbase had addressed the situation, Tree of Alpha had been awarded a bug bounty of $250,000 for drawing attention to the situation. News of this bug bounty quickly circulated and users in the space have shared their opinions on the amount awarded to the hacker.
A lot of users accused Coinbase of being cheap and only awarding $250,000 for someone who drew attention to something that could have effectively crippled the exchange. Others referred to the mount as an insult. Another user criticized the exchange for the amount but also lauded the hacker for their efforts, saying, “Coinbase could have paid more but also, the nerves on this dude to not nuke the market, Coinbase (due to arbitrage traders), and just all of us. Thanks dude!”
Other users expressed that the hacker should’ve gotten more for what they did. One user, in particular, expressed that they hoped the hacker had kept some of the bitcoins purchased on the exchange for themselves. “I hope he did actually take a LITTLE just as extra compensation because 250k is fuck all to a company like Coinbase!”
The $250,000 bug bounty paid to Tree of Alpha is the largest bug bounty ever paid out by Coinbase, a fact that has come as a shock to many given the size of the exchange and the amount its smaller counterparts (DEXes) have been paying as bug bounties. Most notably is the hacker that got awarded $2 million for finding a critical bug in the Ethereum layer 2 rollup solution, Optimism.
Crypto total market cap recovers above $1.7 trillion | Source: Crypto Total Market Cap on TradingView.com
Featured image from Bitcoin Insider, chart from TradingView.com