Coinbase is one of the world’s largest cryptocurrency exchanges. It announced that it would be actively participating in Hackerone’s “Hack the World” project. Coinbase is offering 50,000 USD for remote code execution. It is an effort to expand their bug bounty program and as a result remain top of the market in the security market.
Coinbase loves bug bounties
Bug bounties are a way businesses use to find issues in their code and security by offering an incentive in return. These bounties help companies sort out the problems by rewarding someone to avoid becoming a victim later.
Philip Martin, the Head of Security at Coinbase said in a blog post:
“We’re thankful to all the security researchers who have worked hard to find and report vulnerabilities.”
Instead of researchers “facing a choice between using a vulnerability themselves,” he urged, “selling a vulnerability to 3rd parties or giving a vulnerability away for free, bounties present a good, legal, risk-adjusted return for the time invested by a researcher.”
Coinbase has successfully disclosed 73 vulnerabilities to this date.
Philip also said:
“de-criminalize the actions of good-faith security researchers, while still forbidding malicious hacking.”
He also noted that Coinbase had paid around $176,031 in bounties to 223 researchers for 346 accurate reports out of 3101 total submitted over five years.
“to help build stronger relationships between our hackers and our customers, reward high signal and high impact reports, and to have some fun along the way by giving out some awesome prizes to our top hackers.”
A lot of significant companies are sponsoring this event. These include Uber, Github, Airbnb, Mapbox, and Dropbox.
Martin explained that Coinbase is offering “the top 3 most impactful bugs submitted, as part of Hack The World, an additional $10,000, $7,500 and $5,000″. He said that the “most impactful” will be judged by bug severity, system criticality, and report quality. Coinbase’s security team will decide that.
Following are the payouts which the exchange is offering at Hack the World:
- Remote Code Execution: $50,000
- Significant manipulation of account balance: $10,000
- XSS/CSRF/Clickjacking affecting sensitive actions: $7,500
- Theft of privileged information: $5,000
- Partial authentication bypass: $3,000
Hack the World event will end on November 18.