Coinbase shells out largest bug bounty payment for ‘Market-Nuking’ Security Flaw

44
Coinbase shells out largest bug bounty payment for Market-Nuking Security Flaw-01

Cryptocurrency exchange Coinbase has paid $250K for ‘Market-Nuking’ security flaw. Coinbase confirmed the level of security was reported by a third-party researcher and triggered an emergency response that included setting the stage in “cancellation mode only” that disabled all new trades.

The matter was reported privately to Coinbase via HackerOne but not before an anonymous Twitter account warned of the “market-nuking” consequences of discovery.

A post-mortem note from Coinbase stated that the main reason for the risk of missing logic verification check in the Retail Brokerage API, which allows the user to send a trade to a specific order book using an invalid source account.

Read More: https://www.securityweek.com/coinbase-pays-250k-market-nuking-security-flaw