Coinbase Offers $50,000 Hack the World Bug Bounty

[BADecker]

Coinbase Offers $50,000 Hack the World Bug Bounty

"Coinbase Loves Bug Bounties"

Bug bounties are an increasingly used initiative by businesses to find code issues and security problems through incentivized hacking. Bounty payouts reward hackers to expose companies to problems before potential bad-actors might.

Head of Security for Coinbase, Philip Martin, blogged, "We're thankful to all the security researchers who have worked hard to find and report vulnerabilities."

Instead of researchers "facing a choice between using a vulnerability themselves," he urged, "selling a vulnerability to 3rd parties or giving a vulnerability away for free, bounties present a good, legal, risk-adjusted return for the time invested by a researcher."

To date, Coinbase has disclosed 73 discovered vulnerabilities.

Mr. Martin emphasized bounties "de-criminalize the actions of good-faith security researchers, while still forbidding malicious hacking."



Though most proposals are not relevant, Coinbase finds value in bug bounties.

Over five years, the exchange has "paid out $176,031 in bounties to 223 researchers across 346 valid reports out of a total of 3101 reports submitted," Mr. Martin noted.

This year, Coinbase joins a competition hosted by Hackerone, Hack the World. An unsigned blog post stated the venture's goals as "to help build stronger relationships between our hackers and our customers, reward high signal and high impact reports, and to have some fun along the way by giving out some awesome prizes to our top hackers."

Sponsors range from Uber, Github, and Airbnb, to Mapbox and Dropbox.

Coinbase is offering "the top 3 most impactful bugs submitted, as part of Hack The World, an additional $10,000, $7,500 and $5,000," he explained. "'Most Impactful' will be judged by the Coinbase security team on a combination of bug severity, system criticality and report quality."

Read more at https://news.bitcoin.com/coinbase-offers-50000-hack-the-world-bug-bounty/.

[1713570338]

1713570338

[1713570338]

1713570338

[Fortify]

It's good in a way, it shows they are being a bit proactive in protecting their website. However any hacker who could find exploits within coinbase could earn a heck of a lot more by draining all the bitcoin wallets stored there - depending on the severity of the hack found. It is more than a lot of exchanges out there are willing to do

[Mometaskers]

It's good in a way, it shows they are being a bit proactive in protecting their website. However any hacker who could find exploits within coinbase could earn a heck of a lot more by draining all the bitcoin wallets stored there - depending on the severity of the hack found. It is more than a lot of exchanges out there are willing to do

I somewhat agree with this. If the vulnerability is severe enough that it would allow them to drain all the coins, then why bother with the 50k reward?

Still, this does allow them to find multiple minor bugs in one go so I think it's still worth it. Plus, it improves customer confidence.

[BADecker]

It's good in a way, it shows they are being a bit proactive in protecting their website. However any hacker who could find exploits within coinbase could earn a heck of a lot more by draining all the bitcoin wallets stored there - depending on the severity of the hack found. It is more than a lot of exchanges out there are willing to do

I somewhat agree with this. If the vulnerability is severe enough that it would allow them to drain all the coins, then why bother with the 50k reward?

Still, this does allow them to find multiple minor bugs in one go so I think it's still worth it. Plus, it improves customer confidence.

They are watching for hackers. This exploits potential hackers because CB is tracking anyone who tries to hack to get the $50,000.

[merchantofzeny]

Well, this would expose the hackers who are in mostly for the money. I suppose white hat hackers might also try it out just for fun though. Since Coinbase get to choose which exploit to be rewarded, they'd get multiple exploits exposed at the same time (sorry for those hackers, no consolation prizes, LOL).

I just hope nothing severe is found. If I can find a way to take more than $50,000, then I will rather than bother with the smaller prize.

[Mometaskers]

It's good in a way, it shows they are being a bit proactive in protecting their website. However any hacker who could find exploits within coinbase could earn a heck of a lot more by draining all the bitcoin wallets stored there - depending on the severity of the hack found. It is more than a lot of exchanges out there are willing to do

I somewhat agree with this. If the vulnerability is severe enough that it would allow them to drain all the coins, then why bother with the 50k reward?

Still, this does allow them to find multiple minor bugs in one go so I think it's still worth it. Plus, it improves customer confidence.

They are watching for hackers. This exploits potential hackers because CB is tracking anyone who tries to hack to get the $50,000.

Well, let's just all hope that $50,000 is good enough for the hackers to share the vulnerabilities they found rather than exploit those for themselves.