Subscribe To Our Newsletter

    Get the latest crypto news right into your email box. No spamming. We hate it too. Only pertinent news you need to know

    Latest News

    Coinbase Fixing Problem That Halted Payments From US Banks

    October 9, 2022

    Binance May Spend Over $1 Billion This Year on Deals, CZ Says

    October 9, 2022

    Crypto Real Estate Is Here – Bitcoin Mortgages Are Just The Beginning

    May 1, 2022
    Facebook Twitter Pinterest LinkedIn
    RareHippo – Crypto, Bitcoin, Blockchain News & Views
    Facebook Twitter Pinterest LinkedIn
    • Home
    • Bitcoin
    • NewsWire
      1. Latest News
      2. Top Stories
      3. Features
      4. What’s Hot
      5. Must Read
      6. Trending
      7. Spotlight
      8. Editors’ Picks
      9. View All

      Coinbase Fixing Problem That Halted Payments From US Banks

      October 9, 2022

      Binance May Spend Over $1 Billion This Year on Deals, CZ Says

      October 9, 2022

      El Salvador’s Companies Barely Bother With Bitcoin

      March 19, 2022

      New Jersey legislation aims to prevent public officials from being gifted NFTs

      March 18, 2022

      Coinbase Fixing Problem That Halted Payments From US Banks

      October 9, 2022

      Crypto Real Estate Is Here – Bitcoin Mortgages Are Just The Beginning

      May 1, 2022

      Crypto’s Preferred Currency for Political Donations Isn’t Bitcoin. It’s Dollars

      March 19, 2022

      Meta Sued by Australian Watchdog Over Scam Crypto Advertisements

      March 18, 2022

      Binance May Spend Over $1 Billion This Year on Deals, CZ Says

      October 9, 2022

      Two Senators propose crypto legislation for tax exemption on capital gains

      May 1, 2022

      Wall Street Reluctantly Embraces Crypto

      May 1, 2022

      Warren bill draws outcry over broad terms, but seems unlikely to pass

      March 20, 2022

      Crypto Real Estate Is Here – Bitcoin Mortgages Are Just The Beginning

      May 1, 2022

      Russia-Ukraine War Is Bringing Out the Good, Bad, & Ugly of Cryptocurrencies

      March 18, 2022

      The ‘world’s most advanced’ digital human wants you to buy her NFT art

      March 15, 2022

      FTX crypto exchange wins license in Dubai to open regional headquarters

      March 15, 2022

      Crypto Startup Founded by Ex-Meta Employees Raises $200 Million

      March 16, 2022

      U.K. Crime Agency Wants to Regulate Crypto Transaction Mixers

      March 15, 2022

      A Wall Street Quant Turns His Crypto Firm Into a Unicorn

      March 14, 2022

      Standard Chartered’s crypto custodian to help clients earn yield on token holdings

      March 14, 2022

      Man passing as UN affiliate convicted for crypto scheme

      March 18, 2022

      The Future of Crypto Is Boring — and Bright

      March 15, 2022

      Investors turn to crypto funds, companies as Russia-Ukraine crisis escalates

      March 15, 2022

      Binance Wins Crypto Licenses From Dubai, Bahrain

      March 15, 2022

      Why Bitcoin’s Environmental Problems Are So Hard to Fix

      March 16, 2022

      Americans Want Crypto From Their Banks

      March 15, 2022

      Why Decentralized Exchanges Are Important in the Crypto Economy

      March 10, 2022

      Binance plots M&A spree as regulators scrutinize crypto trading unit

      March 10, 2022

      Amid New Executive Order, White House Director Sheds Light On Crypto Policy

      March 16, 2022

      Bitcoin Evangelist Saylor Tells Economists Why They’re Wrong

      March 15, 2022

      Crypto Mania in Texas Risks New Costs and Strains on Shaky Grid

      March 15, 2022

      Bitcoin’s scared of commitment, Mr. Biden

      March 15, 2022

      Coinbase Fixing Problem That Halted Payments From US Banks

      October 9, 2022

      Binance May Spend Over $1 Billion This Year on Deals, CZ Says

      October 9, 2022

      Crypto Real Estate Is Here – Bitcoin Mortgages Are Just The Beginning

      May 1, 2022

      Two Senators propose crypto legislation for tax exemption on capital gains

      May 1, 2022
    • Altcoins
      • Ethereum
      • XRP-Ripple
      • Solana
      • Dogecoin
      • Cardano
      • Shiba Inu
    • Topics
      • Cryptocurrencies
      • Investments
      • Markets
      • NFTs
      • DeFi
      • ETFs
      • DAOs
      • Crypto Regulation
      • Metaverse
      • Blockchain & Web3
      • Blockchain Gaming
      • Crypto Exchanges
      • Crypto Mining
      • Stablecoins
      • Cybersecurity
      • Digital Currencies – CBDC
      • Crypto Book Reviews
      • Technology
      • Internet of Things
    • Opinions
    • Explainers
    • Press Releases

      Former Uber LatAm Head of Policy Leads Crypto Ride-Hailer Drife Toward Planned Global Expansion

      March 7, 2022

      European index provider for crypto assets Vinter raises $3.4m funding

      February 22, 2022

      PR – British crypto processor brings in $60 million for expansion in Europe

      January 25, 2022

      PR – CoinMENA obtains 2nd crypt0 license from European Union

      January 25, 2022

      NFT investment specialist looks to acquire Pluto Digital for £96m

      January 24, 2022
    RareHippo – Crypto, Bitcoin, Blockchain News & Views
    Home»Crypto Exchanges»A Q&A with researcher who identified Coinbase’s ‘market-nuking’ trading bug
    Crypto Exchanges

    A Q&A with researcher who identified Coinbase’s ‘market-nuking’ trading bug

    By Frank Chaparro
    February 21, 2022By The Block5 Mins ReadNo Comments
    Facebook Twitter LinkedIn Pinterest Reddit WhatsApp Email Tumblr VKontakte Telegram
    Share
    Facebook Twitter Pinterest Reddit WhatsApp Email LinkedIn Tumblr Telegram

    While much ink has been spilled highlighting the accomplishments (and losses) of the crypto market’s trading and investment firms, there remains one group that plays an integral, behind-the-scenes security role: crypto bug sleuths. 

    From white hat hackers to researchers, this group of mostly anonymous coders and analysts scan blockchains and APIs to find possibly harmful gaps in the systems that power the crypto market. 

    Donate to RareHippo Now!

    The discovery of a bug in a new trading feature by the pseudonymous account Tree of Alpha provides the latest example. They discovered a bug in the beta feature that would let a user to sell crypto in one account so long as they had the same amount of crypto in another account — allowing someone, for instance, to sell 100 Bitcoin with 100 SHIB.  

    “I just used 0.0243 ETH to sell 0.0243 BTC on the BTC-USD pair, a pair I do not have access to, without holding any BTC,” Tree of Alpha explained. “Hoping this is a UI bug, I check the fills on the order, and they match the API: those trades really happened, on the live order book.”

    Tree of Alpha described the bug as “market-nuking” when he took to Twitter on February 11. Coinbase ultimately rewarded the researcher $250,000 for his efforts.

    To learn more, The Block sat down with the research to ask him about his background, the Coinbase bug, and what it means for crypto adoption. 

    Below is our conversation with Tree of Alpha, edited for clarity and brevity:

    Frank Chaparro: How did you get involved in the space and discover these types of exploits?

    Tree of Alpha: I started in crypto around end of 2017, basically buying the top with pennies, as a newly-graduated software engineer.

    I spent 2 years learning more about developing by writing hundreds of trading bots that would never reliably make money, before eventually switching to news trading & botting, and finding out the fastest ways to get information. Most of the exploits I find I do while looking for tradeable information. This applies to the Tesla + Doge leak, the CoinDesk one and this recent Coinbase vulnerability.

    FC: The $250,000 reward seems light — given the magnitude — and the fact some DeFi protocols have offered millions. Do you think this was an appropriate amount?

    ToA: It is hard to tell with the amount of factors to take into account. If you think about the possible prejudice? Sure, it seems light, even though we cannot know exactly the amount of damage that could have been done. 

    DeFi protocols have very little leverage over hackers, since all the action can happen without any KYC and there is a certain culture of “code is law” to which some adhere. Coinbase is different: it is a US-listed centralized exchange enforcing KYC measures which can easily call on law enforcement to get involved.  

    Bounties have to be sizeable enough to turn grey hats into white hats, yet not big enough that hundreds of people will start poking everywhere. According to the overall Twitter response, it looks like a 7-figure bounty was expected.

    I did not expect that much: the size of the bounty is proportional to the severity of the issue, and since I did not exploit it the exchange can state that the possible damage wasn’t that high by offering a smaller one.

    FC: What do you think this means for new entrants to crypto, can they trust centralized venues?

    ToA: No matter how much people like touting the sacrosanct decentralized nature of crypto, the fact remains that we still need trust in many of the actors involved: trust that the smart contract you use doesn’t have any vulnerabilities, trust that your wallet app didn’t go rogue, trust that CEX’s are safe, etc. 

    You also need to take into account that centralized entities are much more likely to be able to cover the damages from an exploit than a decentralized project. The beauty of crypto is that you have the choice: entrust your funds to an exchange, or self-custody and take responsibility for everything that entails.

    FC: How do you think this issue went unnoticed?

    ToA: This is a hard one: I do not know. When writing tests for an API that accepts a source account, a target account, and a product ID, the first thing I would make sure of is that the person indeed has more than “QTY” in the account. Coinbase had that part. 

    The second is making sure that, for a sale on “BTC-USD” product for example, “source account” is a “BTC” account and “target account” is a “USD” account. That part was missing, and any guess from me as to why would be speculation.

    Crypto news & Views

    While every developer knows best practices at least vaguely, the harsh truth is a lot of shortcuts are taken to save time. If Tesla, a $890 billion company, tests payment integrations on live environment, that should tell you enough about the others.

    FC: Can you estimate the potential damage if it was exploited?

    ToA: I cannot, that is up to very specific Coinbase internals.

    The highest reward with the least chance of being discovered would have been, in my opinion, putting up huge BTC sell walls very close to the last traded price in order to send the market in a panic. A very small fraction would have actually filled as the narrative would have spread, and a bad actor could have profited handsomely from the ensuing chaos by shorting on other exchanges. 

    All in all with this exploit, I believe most of the damage would have been on the market itself, and not as much on Coinbase customer holdings. The risk system would have kicked in, stopping all withdrawals and Coinbase could have done an internal rollback after the blow.

    Read full story on The Block

    Crypto Exchanges Cybersecurity
    Previous ArticleBitcoin price dips below $38K as crypto sentiment nears ‘extreme fear’
    Next Article Ottawa Blockade Largely Dispersed As Financial Crackdown Widens

    Related Posts

    Coinbase Fixing Problem That Halted Payments From US Banks

    October 9, 20221 Min Read

    Binance May Spend Over $1 Billion This Year on Deals, CZ Says

    October 9, 20223 Mins Read

    Crypto Real Estate Is Here – Bitcoin Mortgages Are Just The Beginning

    May 1, 20224 Mins Read

    Two Senators propose crypto legislation for tax exemption on capital gains

    May 1, 20225 Mins Read

    Wall Street Reluctantly Embraces Crypto

    May 1, 20225 Mins Read

    Warren bill draws outcry over broad terms, but seems unlikely to pass

    March 20, 20225 Mins Read
    Add A Comment

    Leave A Reply Cancel Reply

    Donate to RareHippo Now!
    Latest News

    Coinbase Fixing Problem That Halted Payments From US Banks

    October 9, 2022

    Binance May Spend Over $1 Billion This Year on Deals, CZ Says

    October 9, 2022

    Crypto Real Estate Is Here – Bitcoin Mortgages Are Just The Beginning

    May 1, 2022

    Two Senators propose crypto legislation for tax exemption on capital gains

    May 1, 2022

    Wall Street Reluctantly Embraces Crypto

    May 1, 2022
    Follow US & Win Prizes
    • Facebook
    • Twitter
    • LinkedIn
    • Pinterest
    Don't Miss
    Explainers

    What is blockchain technology?

    November 22, 20219 Mins Read

    Blockchain defined: Blockchain is a shared, immutable ledger that facilitates the process of recording transactions and tracking…

    Black Innovators Did Some of the Earliest Work in Cryptocurrency. What Happens Now That It’s Mainstream?

    December 9, 2021

    Binance Appoints Singapore CEO as Middle East Head

    December 24, 2021

    How soon will UAE’s brands get into Zuckerberg’s ‘Meta’ parallel universe?

    January 8, 2022

    Subscribe to Our Newsletter

    Get the latest crypto news right into your email box. No spamming. We hate it too. Only pertinent news you need to know

    Crypto news & Views
    Facebook Twitter Pinterest LinkedIn
    • Home
    • Privacy Policy
    • About Us
    • Donate to RareHippo
    • Get In Touch
    • NewsWire
    © 2023 RareHippo. Powered by 8 Dimensions

    The content of this website is for informational purposes only and is not intended as a substitute for investment or financial advice.

    Type above and press Enter to search. Press Esc to cancel.