Coinbase, a major United States cryptocurrency exchange and wallet service, has given out a $30,000 reward for finding a critical bug in its system. According to a report from Coinbase’s vulnerability disclosure program on HackerOne, the bug was reported on February 11 and earned the largest reward ever given out by the company.
According to The Next Web, Coinbase had confirmed that the vulnerability has since been fixed, but did not provide specific details on the issue. The vulnerability report is also not publicly available on HackerOne.
The reward was paid out via The Bug Bounty Program, which allows the public to report for rewards on all software vulnerabilities found in services provided by Coinbase. The exchange grants bounties based on the severity of the bug found, judging severity by two factors: impact and exploitability.
Therefore, according to Coinbase’s four-grade reward system, the recently detected bug was quite serious in terms of severity and vulnerability. Coinbase’s bounty system provides a $200 reward for low bug cases, $2,000 for medium flaws, $15,000 for high vulnerabilities, and $50,000 for critical impact.