Advertisement

Coinbase bug could have let anyone give themselves free ether

Oops.

Cryptocurrency exchanges have had a fair share of justified criticism. They can be high-value targets for criminals, easy to hide from the IRS and easily affected by tech issues. Luckily, thanks to a bug report by financial security outfit VI Company, a nasty bug in Coinbase's cryptocurrency system has been found and fixed. The researchers found that users could add unlimited ether to their Coinbase account with some simple, easily replicated steps.

According to a report on the HackerOne website, the Dutch financial security team found the flaw when planning to give its employees some ether as a Christmas present last December. A set of digital wallets using a smart contract could be tricked into thinking that a transfer of the ether cryptocurrency had occurred when it had not. This would have allowed any Coinbase customer to fictitiously move as much ether as it wanted into their account. Whether they could have cashed it out in some way is another matter, but the bug has been fixed by Coinbase, who also gave VI Company a $10,000 bug bounty.