Cryptocurrency exchange Coinbase was warned of a vulnerability in its trading systems on Friday afternoon by the pseudonymous white-hat hacker “Tree of Alpha.” Coinbase, in response, temporarily paused trading on its new Advanced Trading platform.
On Feb 11, 2022, @Tree of Alpha drew the attention of Coinbase leadership after tweeting that they identified a “potentially market-nuking” issue and was filing a HackerOne report. HackerOne is a forum that handles bug bounty programs for firms, including Coinbase.
“The issue is sensitive and could allow malicious users to send all Coinbase order books to arbitrary prices,” the white-hat hacker said through Twitter.
Coinbase reacts swiftly to save the day
Coinbase is one of the significant cryptocurrency exchanges. Its price feeds are also utilized as inputs for oracles, which establish the genuine pricing of tokens for applications such as DeFi protocols.
After the original tweet prompted anxiety in the crypto community, Tree of Alpha tweeted a follow-on Twitter claiming, “No actual Coinbase storages (cold or otherwise) are impacted.”
Within two hours following the Tree of Alpha’s original tweet, the Coinbase Support Twitter account declared that, due to technical difficulties, Coinbase was halting trading on its new Advanced Trading platform. While the service would still be available, consumers would be able to cancel existing purchases but not place new orders. The Advanced Trading service is provided exclusively to a restricted audience.
After almost 2 hours, Coinbase tweeted that they have re-enabled full service for retail advanced trading.
Coinbase CEO Brian Armstrong commended Tree of Alpha for helping out the Coinbase staff, noting how he “loves how the crypto community helps each other out!”
This isn’t the first time Tree of Alpha has warned significant crypto firms about flaws in their coding. He had tried to reach out to coindesk’s dev team as per his tweet on Jan 21, 2022. He urged in the tweet that he wanted an email address where he could contact them. The tweet signified that Alpha was looking into how coindesk articles were being leaked before they were published.
At times of increased exploits and scams, collaborations like this with white hat hackers are a lifesaver for safeguarding the funds of millions.