By Coinbase, the San Francisco-based cryptocurrency exchange recently paid out a $30, 000 reward to the person who discovered a critical bug within their systems.
Reported by The Next Web, this reward is the latest to posted on HackerOne, a famous vulnerability & bug bounty website. Before Coinbase’s lucrative bounty, many smaller bounties falling in the range of $100 to $1000 have been awarded to bug finders, but the award which was posted on the 12th of February seems to the most significant reward to be logged on the site to date.
TNW has since confirmed that Coinbase has had the vulnerability fixed but provided no further details on the matter.
Coinbase offers its bounties in four tiers, depending on the severity of the code flaw found: $200 (low), $2000 (medium), $15 000 (high) and $50 000 (critical) with Tuesday’s reward sitting between the high and critical tiers.
Coinbase states on HackerOne:
“The Bug Bounty Program directly serves Coinbase’s mission by helping us be the most trusted way to use digital currency. In that spirit, the scope and philosophy of the program aim to safeguard two highest priority assets (“Sensitive Data”): Digital and fiat currency balances [and] customer information.”
The Bug Bounty Program gives the public the power to report for rewards on “all software vulnerabilities in services provided by Coinbase.” The exchange forks out the bounties based on the severity of bugs found and this based on two facts: impact and exploitability.
Considering that the cryptocurrency ecosystem is continuously plagued by malicious attacks from increasingly smart hackers, unearthing bugs in systems is imperative.
There are many other bug bounty sites such as Ethereum sites like Bounties Network and Gitcoin. These sites have seen increased traffic lately, and the ever-growing opportunity for bounties via these white hacking successes has even been hailed as a new way out of poverty for many.
Currently, no web service utilising crypto is impervious to cyber attacks. Even services on the dark markets are in the business of offering rewards to talented white-hat hackers who unearth provable code vulnerabilities that could be exploited.
What are your thoughts on bug bounty programs? Let us know by leaving a comment below.
Comments