A White hat hacker exposed a trading vulnerability at Coinbase so the exchange suspended trading on the Advanced Trading platform after they learned about the vulnerability so let’s read furhter in today’s latest Coinbase news.
Crypto exchange Coinbase was notified of a vulnerability in the trading system by a pseudonymous white-hat hacker “Tree of Alpha” and decided to temporarily suspend trading on the Advanced Trading platform. The white-hat hacker caught the vulnerability bug and tweeted that he found a potentially “market-nuking” exploit which was submitted to a HackerOne report. HackerOne is a platform that runs bug bounty programs for companies like coinbase. The hacker said:
“The issue is sensitive and could allow malicious users to send all Coinbase order books to arbitrary prices.”
Anyone here can get me a direct line with someone at @coinbase , preferably management or dev team, possibly @brian_armstrong himself?
I'm submitting a hacker1 report but I'm afraid this can't wait. Can't say more either, this is potentially market-nuking.
DMs open.
— Tree of Alpha (@Tree_of_Alpha) February 11, 2022
Coinbase is one of the biggest exchanges and its price feeds are used as inputs for oracles that determine the prices of tokens for applications like DEFI protocols. After the initial tweet sparked alarm in the community, Tree of ALpha posted a tweet saying that no Coinbse storage was impacted. Within two hours of the Tree of Alpha initial tweet, the Coinbase Support Twitter account announced that because of technical reasons, the exchange disabled trading on its new advanced trading platforms and while the service will still be accessible, the users will be able to cancel the existing orders but not place new ones. Coinbase then tweeted that it had “re-enabled full service for retail advanced trading.”
For technical reasons, we are disabling retail advanced trading. This service will continue to be accessible, but new orders cannot be placed at this time. Existing orders are in cancel only mode.
— Coinbase Support (@CoinbaseSupport) February 11, 2022
Coinbase CEO Brian Armstrong appreciated Tree of ALpha’s assistance and wrote:
“@Tree_of_Alpha you’re awesome – a big thank you for working with our team. Love how the crypto community helps each other out!”
Props where it's due, to the Coinbase team for the speed of reaction on this one, all orders on the new Advanced Trading platform seem paused.
Glad we caught this one before any real harm was done, will do a quick thread once it's fixed. https://t.co/kVsf1ffDH1 pic.twitter.com/Ktl8NoB4Po
— Tree of Alpha (@Tree_of_Alpha) February 11, 2022
This is not the first time that Tree of Alpha notified influential crypto companies about vulnerabilities in their codebase. Tree of Alpha also explored Tesla’s website and tweeted that the company was ready to handle crypto payments on its site a day before Musk’s announcement that Tesla merch is able to be purchased in DOGE. The hacker experiments with websites, searching for revealing information that can be used for profitable trades and the hacker often comes across major vulnerabilities to report. The white-hat hacker noted:
“In general I only leak and work to get alpha closed once it gets too widespread and it becomes advantageous to have it fixed to even out the playing field again. [The Coinbase issue] however was no alpha, this was a serious exploit which could have sent the market in disarray.”
We’ve re-enabled full service for retail advanced trading. Greatly appreciate the patience and understanding of those retail advanced trading customers using our exciting new platform prior to full-public launch. Customer funds remain safe and were not impacted. https://t.co/tACcyQPMpZ
— Coinbase Support (@CoinbaseSupport) February 11, 2022
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post