Cryptocurrency exchange Coinbase has put a $30,000 bounty for the one who will identify a critical vulnerability in its systems.
The vulnerability report was published on February 12, and, as confirmed by a Coinbase spokesperson, it has since been fixed. The company does not report the details of the identified problem. Considering the amount of the reward, it seems the flaw was rather severe. The vulnerability report is closed to the public.
Coinbase has a four-tier reward system based on the impact of the bug: $200 for low, $2,000 for medium, $15,000 for high, and $50,000 for critical impact. Last year, Coinbase paid $ 10K reward for a detected vulnerability, that made it possible to reward yourself with unlimited amounts of Ethereum.
“In order to be deemed valid, a report must demonstrate a software vulnerability in a service provided by Coinbase that harms Coinbase or Coinbase customers,” the company’s bounty terms stipulate. “Coinbase awards bounties based on severity of the vulnerability. We determine severity based on two factors: impact and exploitability.”
According to Bugcrowd researchers, ethical or white hat hackers, who are looking for gaps in the security systems of large companies and government agencies, earn up to $500K a year.