Ethical Hacker Reveals Coinbase Vulnerability and Prevents Loss of Millions

Ethical Hacker Reveals Coinbase Vulnerability and Prevents Loss of Millions

The Coinbase trading platform caused a stir following an announcement during the Superbowl, followed by a spike in connections, and narrowly averted disaster. Because an ethical hacker has revealed an unsuspected vulnerability.

At the start of each year in the United States, advertisers watch for the evening of super-bowlthe final of the American football championship, organized by the NFL (National Football League). Distributed by NBCthe retransmission of this match is theepisode the most watched of the year: more than 90 million spectators. And as you might expect, commercials are very popular with advertisers, with amounts that can go up to 7 million dollars for a 30-second spot. So it is the super-bowl what had chosen Steve Jobs in 1984 to launch its Macintosh computer, while in 2015 the video game Cash of Clans Revenge had offered the services of actor Liam Neeson to praise his merits.

One super-bowl marked by crypto ads

In February 2022, the new fact was the presence of several companies from the cryptocurrency sector during the show: trading platforms FTX, Crypto.com and Coinbase.

The Coinbase ad was particularly noticeable: it was a black screen with a QR code moving on the screen. When viewers scanned this QR code, they landed on the Coinbase site, with the prospect of earning $15 in Bitcoin for opening an account. The success of this mystery ad far exceeded all expectations, and even caused a “crash” following such an influx, at the risk of attracting a few mocking tweets.

The hacker’s emergency message

However, another unexpected event occurred: Tree of Alpha, a hacker ” white hat » (ethics) posted a tweet inviting the Coinbase development team or even its CEO Brian Armstrong to contact him ASAP. In fact, Tree Alpha explained that he had spotted a vulnerability in this application.

Coinbase took the threat very seriously and suspended all transactions for two hours. Informed of the flaw, the technical teams were able to resolve it quickly – which Tree of Alpha confirmed – following which traffic was able to resume. Tree of Alpha has announced that it will release details of this vulnerability over the coming week. For his part, Brian Armstrong welcomed the initiative of the hacker – without specifying whether he had received a reward. Tree of Alpha claimed in a tweet that he didn’t receive any bounty and that was not his motivation.

Protect the image of the cryptocurrency industry

Why did Tree of Alpha see fit to do this? According to him, the misguided exploitation of this vulnerability would have allowed malicious actors to alter all of Coinbase’s order books with misleading prices. The consequences would have been dramatic for Coinbase, but also for the image of the whole crypto industry. It seems that Tree of Alpha was keen not to contribute to tarnishing the reputation of this young domain.

Interested in what you just read?

fs1