Coinbase Security Threat, Site Crash
Major crypto exchange Coinbase experienced a volatile weekend with a vulnerability reported, a service paused and re-started, and its site crashing following what seems to have been a successful Super Bowl ad.
Tree of Alpha, a pseudonymous white-hat hacker, notified Coinbase of a “potentially market-nuking” vulnerability on Friday. The exchange was fast to react, disabling retail advanced trading.
In the late hours of Friday night, Coinbase announced that they have re-enabled the service. “Customer funds remain safe and were not impacted,” it said.
How it all went down is that Tree of Alpha first took to Twitter around 6 pm UTC to announce the news, asking for a direct line with someone at Coinbase. He said that he has submitted a HackerOne report, but insisted that “this can’t wait.”
Anyone here can get me a direct line with someone at @coinbase , preferably management or dev team, possibly @brian_armstrong himself?
I’m submitting a hacker1 report but I’m afraid this can’t wait. Can’t say more either, this is potentially market-nuking.
DMs open.
— Tree of Alpha (@Tree_of_Alpha) February 11, 2022
HackerOne is a vulnerability coordination and bug bounty platform that offers white-hat hackers bounties in return for submitting issues.
Coinbase CEO Brian Armstrong replied to the white-hat hacker, saying that the exchange will investigate the matter. “Tree of Alpha you’re awesome – a big thank you for working with our team. love how the crypto community helps each other out!” Armstrong later tweeted.
Within two hours of the Tree of Alpha’s initial tweet, the Coinbase Support official Twitter account announced that they have halted the new Advanced Trading feature due to technical reasons. “This service will continue to be accessible, but new orders cannot be placed at this time. Existing orders are in cancel only mode,” it added.
Coinbase launched the advanced trading feature last November. The feature is comparable to Coinbase Pro, offering some tools like interactive charts, advanced order types, and order books to assist traders with their trading decisions. As of now, the feature is only available to a limited number of users.
Meanwhile, Coinbase also faced issues after its Super Bowl ad brought so much traffic to the app that it crashed.
Coinbase ad was genius.
Unfortunately the website and app crashed under the traffic shortly after the ad ran.
— Pomp 🌪 (@APompliano) February 14, 2022
As previously reported, a total of five crypto trading platforms and a decentralized autonomous organization (DAO) were set to air ads during the Super Bowl in the USA.
Coinbase’s ad was a full 60-second colorful bouncing QR code, which brought viewers to Coinbase’s promotional website when scanned. It offered a limited-time promotion of USD 15 worth of free Bitcoin to new sign-ups.
These guys enjoyed the Coinbase #SuperBowl commercial 🤣
— Watcher.Guru (@WatcherGuru) February 14, 2022
And while many thought the ad to be “brilliant,” some opined that it’s “the worst Super Bowl commercial ever.”
Coinbase spending $16,000,000 on a Superbowl ad to direct people to their website and $0 to make sure that website doesn’t crash 10 seconds after the ad starts is so very internet.
— Edward Snowden (@Snowden) February 14, 2022
Source:cryptonews.com