Major crypto exchange Coinbase experienced a volatile weekend with a vulnerability reported, a service paused and re-started, and its site crashing following what seems to have been a successful Super Bowl ad.
Tree of Alpha, a pseudonymous white-hat hacker, notified Coinbase of a "potentially market-nuking" vulnerability on Friday. The exchange was fast to react, disabling retail advanced trading.
In the late hours of Friday night, Coinbase announced that they have re-enabled the service. "Customer funds remain safe and were not impacted," it said.
How it all went down is that Tree of Alpha first took to Twitter around 6 pm UTC to announce the news, asking for a direct line with someone at Coinbase. He said that he has submitted a HackerOne report, but insisted that "this can't wait."
HackerOne is a vulnerability coordination and bug bounty platform that offers white-hat hackers bounties in return for submitting issues.
Coinbase CEO Brian Armstrong replied to the white-hat hacker, saying that the exchange will investigate the matter. "Tree of Alpha you're awesome - a big thank you for working with our team. love how the crypto community helps each other out!" Armstrong later tweeted.
Within two hours of the Tree of Alpha’s initial tweet, the Coinbase Support official Twitter account announced that they have halted the new Advanced Trading feature due to technical reasons. "This service will continue to be accessible, but new orders cannot be placed at this time. Existing orders are in cancel only mode," it added.
Coinbase launched the advanced trading feature last November. The feature is comparable to Coinbase Pro, offering some tools like interactive charts, advanced order types, and order books to assist traders with their
Read more on cryptonews.com