Major United States crypto exchange and wallet service Coinbase has rewarded $30,000 for a critical bug report on HackerOne on Feb 11. This is the largest amount of money that Coinbase has given out for detecting bugs on its website.
Additionally, they declined to give out further details except confirming the bug has been fixed. Critical impact vulnerabilities can be ambiguity from the system that makes sensitive data available for attackers to read or modify. This can extend to execute arbitrary code, and exfiltrate digital or fiat currency.
According to Coinbase’s four-grade rewarding system, low bug cases earn $200, while medium flaws or high vulnerabilities can earn from $2,000 to $15,000. Especially, critical impact reporter can receive up to $50,000. Low bug cases can be small and low sensitivity data breaches.
Back in March 2018, a Dutch company claimed $10,000 for reporting a smart contract vulnerability, which prevented the possibility to steal an unlimited amount of Ethereum from users.