White Hat Hacker Saved Coinbase From A Major Trading Exploit

Cryptocurrency exchange Coinbase was warned of a vulnerability in its trading systems on Friday afternoon by the pseudonymous white-hat hacker “Tree of Alpha.” Coinbase, in response, temporarily paused trading on its new Advanced Trading platform.

On Feb 11, 2022, @Tree of Alpha drew the attention of Coinbase leadership after tweeting that they identified a “potentially market-nuking” issue and was filing a HackerOne report. HackerOne is a forum that handles bug bounty programs for firms, including Coinbase.

“The issue is sensitive and could allow malicious users to send all Coinbase order books to arbitrary prices,” the white-hat hacker said through Twitter.

Anyone here can get me a direct line with someone at @coinbase , preferably management or dev team, possibly @brian_armstrong himself?

I'm submitting a hacker1 report but I'm afraid this can't wait. Can't say more either, this is potentially market-nuking.

DMs open.
— Tree of Alpha (@Tree_of_Alpha) February 11, 2022

Coinbase reacts swiftly to save the day

Coinbase is one of the significant cryptocurrency exchanges. Its price feeds are also utilized as inputs for oracles, which establish the genuine pricing of tokens for applications such as DeFi protocols.

After the original tweet prompted anxiety in the crypto community, Tree of Alpha tweeted a follow-on Twitter claiming, “No actual Coinbase storages (cold or otherwise) are impacted.”

Within two hours following the Tree of Alpha’s original tweet, the Coinbase Support Twitter account declared that, due to technical difficulties, Coinbase was halting trading on its new Advanced Trading platform. While the service would still be available, consumers would be able to cancel existing purchases but not place new orders. The Advanced Trading service is provided exclusively to a restricted audience.

For technical reasons, we are disabling retail advanced trading. This service will continue to be accessible, but new orders cannot be placed at this time. Existing orders are in cancel only mode.
— Coinbase Support (@CoinbaseSupport) February 11, 2022

After almost 2 hours, Coinbase tweeted that they have re-enabled full service for retail advanced trading.

We’ve re-enabled full service for retail advanced trading. Greatly appreciate the patience and understanding of those retail advanced trading customers using our exciting new platform prior to full-public launch. Customer funds remain safe and were not impacted. https://t.co/tACcyQPMpZ
— Coinbase Support (@CoinbaseSupport) February 11, 2022

Coinbase CEO Brian Armstrong commended Tree of Alpha for helping out the Coinbase staff, noting how he “loves how the crypto community helps each other out!”

.@Tree_of_Alpha you're awesome – a big thank you for working with our team

love how the crypto community helps each other out!
— Brian Armstrong – barmstrong.eth (@brian_armstrong) February 11, 2022

This isn’t the first time Tree of Alpha has warned significant crypto firms about flaws in their coding. He had tried to reach out to coindesk’s dev team as per his tweet on Jan 21, 2022. He urged in the tweet that he wanted an email address where he could contact them. The tweet signified that Alpha was looking into how coindesk articles were being leaked before they were published.

Anyone know people on the @CoinDesk dev team? Need a contact asap and couldn't find an email besides [email protected]

🧵next week.
— Tree of Alpha (@Tree_of_Alpha) January 21, 2022

At times of increased exploits and scams, collaborations like this with white hat hackers are a lifesaver for safeguarding the funds of millions.

White hat hacker saved Coinbase from a major trading exploit

Coinbase reacts swiftly to save the day

News

Digest

Industry

Tron Universe

Follow Us

Subscribe US

Coinbase reacts swiftly to save the day

Footer

News

Digest

Industry

Tron Universe

Follow Us

Subscribe US