pull down to refresh

This blog post provides a deeper look into the timeline of events surrounding the bug report, as well as an explanation of the bug itself and the steps we took to resolve it and ensure it cannot happen again.
The underlying cause of the bug was a missing logic validation check in a Retail Brokerage API endpoint, which allowed a user to submit trades to a specific order book using a mismatched source account.
Thanks to the researcher who responsibly disclosed this issue, Coinbase was able to fix this bug in a matter of hours, and conclusively determine that it has never been maliciously exploited.
Coinbase strongly supports independent security research, and when those researchers uncover serious issues, we want to ensure that they are rewarded accordingly. As a result, we are paying our largest-ever bug bounty for this finding: $250,000.
reply
Coinbase has awarded a $250k bug bounty for the vulnerability.
Full thread from my perspective later today.

-While I have made enough to retire myself and half a dozen generations after, if you feel in a generous spirit AND do not need it for yourself, you can donate ETH or mainstream ERC20-s to TreeOfAlpha.eth which will be forwarded to a charity of my choice.
reply
Coinbase's "largest-ever bug bounty"
How a flaw in the new Advanced Trading feature would have allowed a malicious user to sell BTC or any other coin without owning them, and how Coinbase's reaction speed on a Super Bowl Friday averted a possible crisis.
Bounty: $250,000
Twitter thread, unrolled:
reply
Delete Coinbase Account in Three Easy Steps | Cory Klippsten #11966 https://www.swanbitcoin.com/delete-coinbase-account-in-three-easy-steps
reply