A Bug on Coinbase Allowed to Get Unlimited Amount of ETH

March 22, 2018

Perhaps, you missed the chance to become a crypto billionaire. A bug was found on a popular cryptocurrency exchange Coinbase. This bug was in the setting of Ethereum smart-contracts, and it allowed users to add themselves almost unlimited amount of ETH.

This vulnerability was discovered by a Dutch financial company called VI Company. The company has reported on the bug back in December last year. It took one month for the exchange to fix the issue. VI Company was eventually rewarded by Coinbase with $10,000.

An unusual vulnerability was discovered by the Dutch company VI Company, which reported the problem of Coinbase back in late December last year. The Exchange corrected the matter a month later and awarded the Dutch company $ 10,000.

HackerOne researchers wrote in their report:

"By using a smart contract to distribute [ETH] over a set of wallets you can manipulate the account balance of your Coinbase account."

VI company explained the bug:

"If [one] wallets transaction in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed, meaning a person could add as much Ethereum to their balance as they want."

Back in February, a somewhat similar bug was found on a Japanese exchange Zaif. It allowed users to purchase cryptocurrency for free.

Comments

Никто ещё не оставил комментариев. Желаете быть первым?