Coinbase Bug Allowed Users To Steal Unlimited ETH, Wallet Paid $10K Bounty For Discovery

Major US crypto wallet provider and exchange service Coinbase has rewarded a Dutch company with a $10,000 bounty after it discovered a smart contract glitch allowing users to steal “as much as they want” in Ethereum (ETH), according to a report made public today, March 21.

The issue, which VI Company reported to Coinbase December 27 of last year, revolved around exploiting a smart contract that involved a faulty wallet.

Users were technically able to credit themselves with unlimited ETH funds. “By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account,” VI Company described in the report, continuing:

“If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed, meaning someone could add as much ether to their balance as they want.”

[…]

Read Full: Coinbase Bug Allowed Users To Steal Unlimited ETH, Wallet Paid $10K Bounty For Discovery