The white-hat hacker who discovered a critical flaw in Coinbase API said the $250K bounty was not “too low.”
On February 11th, two days before the Super Bowl and Coinbase’s $14 million color-changing QR code advertisement, an engineer was desperately attempting to contact Coinbase management and the development team.
Anyone here can get me a direct line with someone at @coinbase , preferably management or dev team, possibly @brian_armstrong himself?
I'm submitting a hacker1 report but I'm afraid this can't wait. Can't say more either, this is potentially market-nuking.
DMs open.
— Tree of Alpha (@Tree_of_Alpha) February 11, 2022
Tree of Alpha discovered “a flaw in the new Advanced Trading feature that would have allowed a malicious user to sell BTC or any other coin without owning them.” The flaw in the code had the potential to “nuke” the market.
Tree of Alpha commented on the flaw, made an announcement that the “vulnerability itself was indeed worrying,” adding that “some oversight on both the dev team and the QA/testing team was required to let this happen.”
“While the advanced trading product was not available to everyone and was still in beta testing, a significant number of users could have used the exploit.”
However, thanks to the hacker’s quick reactions and an “overwhelming community response,” the danger was averted and Coinbase avoided a “possible crisis.”
As is customary in white hat hacking, a bounty was awarded. Coinbase has initially awarded $250,000–a pittance for the Silicon Valley-born unicorn. Twitter quickly labelled the quarter-million dollar reward as a “bear market” bounty, citing the scope of the hack and the fact that Coinbase executives earn that amount on a yearly basis.
Tree of Alpha said in an interview that the amount was “not too low to be insulting.”
“While a higher bounty might have deterred more grey hats from exploiting vulnerabilities, it is common in the crypto sphere to lose touch with the value of money.” $250K is a very nice sum for most working people.”
Finally, the events highlighted the importance of white hat hacking in a still-developing industry. The US State Department recently announced that it would award up to $10 million in cryptocurrency rewards to white hat hackers; however, Tree of Alpha stated that “white hat hacking is critical but criminally overlooked by companies.”
In a word to the wise, they concluded:
“Companies will not hesitate to spend tens of millions of dollars on marketing but will not spend a fraction of that on ensuring that there is something left to market.”
Coinbase CEO Brian Armstrong was among the first to thank the white-hat hacker for saving his company:
.@Tree_of_Alpha you're awesome – a big thank you for working with our team
love how the crypto community helps each other out!
— Brian Armstrong – barmstrong.eth (@brian_armstrong) February 11, 2022
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.
