> Coinbase's "largest-ever bug bounty"
>
> How a flaw in the new Advanced Trading feature would have allowed a malicious user to sell BTC or any other coin without owning them, and how Coinbase's reaction speed on a Super Bowl Friday averted a possible crisis.
>
> Bounty: $250,000
>
> ![numbers](https://i.imgur.com/hsdYHd9.png)

https://twitter.com/Tree_of_Alpha/status/1495014902582362112

Twitter thread, unrolled: 

*Thread by [@Tree_of_Alpha](https://Twitter.com/Tree_of_Alpha) on Thread Reader App*
https://threadreaderapp.com/thread/1495014902582362112.html

> Coinbase has awarded a $250k bug bounty for the vulnerability.
>
> Their official disclosure: https://blog.coinbase.com/retrospective-recent-coinbase-bug-bounty-award-9f127e04f060
>
> Full thread from my perspective later today.

https://twitter.com/Tree_of_Alpha/status/1494951540339187714

---

> -While I have made enough to retire myself and half a dozen generations after, if you feel in a generous spirit AND do not need it for yourself, you can donate ETH or mainstream ERC20-s to TreeOfAlpha.eth which will be forwarded to a charity of my choice.

https://twitter.com/Tree_of_Alpha/status/1493189571613446144

cryptocoin

247bf84fda

This blog post provides a deeper look into the timeline of events surrounding the bug report, as well as an explanation of the bug itself and the steps we took to resolve it and ensure it cannot happen again.

The underlying cause of the bug was a missing logic validation check in a Retail Brokerage API endpoint, which allowed a user to submit trades to a specific order book using a mismatched source account.

Thanks to the researcher who responsibly disclosed this issue, Coinbase was able to fix this bug in a matter of hours, and conclusively determine that it has never been maliciously exploited.

Coinbase strongly supports independent security research, and when those researchers uncover serious issues, we want to ensure that they are rewarded accordingly. As a result, we are paying our largest-ever bug bounty for this finding: $250,000.

bitcoin

Coinbase discloses it has paid $250K as bounty for bug exploited by White Hat hacker  

> This blog post provides a deeper look into the timeline of events surrounding the bug report, as well as an explanation of the bug itself and the steps we took to resolve it and ensure it cannot happen again.

> The underlying cause of the bug was a missing logic validation check in a Retail Brokerage API endpoint, which allowed a user to submit trades to a specific order book using a mismatched source account. 

> Thanks to the researcher who responsibly disclosed this issue, Coinbase was able to fix this bug in a matter of hours, and conclusively determine that it has never been maliciously exploited.

> Coinbase strongly supports independent security research, and when those researchers uncover serious issues, we want to ensure that they are rewarded accordingly. As a result, we are paying our largest-ever bug bounty for this finding: $250,000.