Coinbase Bug Bounty Award

Coinbase is one of the best Bitcoin related sites/services. They’re certainly the easiest way to buy or sell Bitcoin if you have a U.S. bank account. When I saw their Bug Bounty program where they offer $1,000 USD worth of Bitcoin if you find a security vulnerability, it improved my trust in their security, but of course also made me want to look for security bugs…

I had recently heard about¬†Burp¬†and wanted to play around with it. When I had some spare time around Thanksgiving, I fired it up and started poking at all the forms in the various Coinbase settings pages, trying to find an XSS or other security issue. I pretty quickly managed to generate a few 500 errors, but that wouldn’t be enough. But within a couple hours I found what I considered to be a real XSS issue. It wasn’t a huge issue, and not something a large number of users would have been affected by, but could result in an XSS nevertheless.

It took a while for them to get back to me, but eventually they agreed it was an XSS and granted me the $1000 worth of BTC and added me to their Awards section!

Follow @philfreo on Twitter

Want to know when I write another post? (very infrequent)

Comments are closed.