Coinbase Bug to Provide Unlimited Ethereum

The bug was found by VI Company in December last year
21 March 2018   644

VI Company reported the discovery of a vulnerability in the system of smart contracts of the Coinbase exchange, which allowed users to credit an unlimited amount of ETH to their accounts. Experts informed the company about the vulnerability in December last year, and in January it was eliminated. For their work, VI Company employees received an award of $ 10,000. This is reported by The Next Web.

By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account. If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed, meaning someone could add as much ether to their balance as they want. When you look up the Coinbase wallet address after this transaction you will see that it is empty, but checking your Coinbase wallet will show your funds.
 

VI Company Report

In practice, this means that Coinbase users were able to enroll any amount of Ethereum on their accounts.

Researchers provided screenshots showing how Ethereum was credited to their account using the cancellation of the transaction.

Coinbase Bug
Coinbase Bug

Steps to reproduce, provided by the researchers :

  • Setup a smart contract with a few valid Coinbase wallets and 1 final faulty wallet (always throw exception when receiving funds smart contract for example)
  • Transfer appropriate funds to smart contract.
  • Execute smart contract adding the set amount of ether to the Coinbase wallets without ever actually leaving the smart contract wallet because the complete transaction fails at the last wallet.
  • Repeat until you have more than enough ethereum in your Coinbase wallet.
  • Cash out, transfer to off site wallet.

Whether any of the users could detect and take advantage of this vulnerability for their own enrichment is unknown.

Coinbase CEO to Launch Charity Crypto Fund

At the moment, the fund has already raised $ 3.5 million, of which $ 1 million was personally invested by Armstrong
28 June 2018   279

Brian Armstrong, co-founder and CEO of Coinbase, announced the launch of a charitable cryptocurrency fund called GiveCrypto. Armstrong plans to attract $ 1 billion in the next two years. This is reported by Brian himself via Twitter.

According to Armstrong, having managed to earn big money on bitcoin and other crypto-currencies, community members should help the needy all over the world, and not position themselves as cool guys in Lamborghini. This will help to open new scenarios for the use of cryptocurrency, and, undoubtedly, will promote its further popularization.

He also noted that donations in the cryptocurrency can reach people directly, eliminating the likelihood of corruption and abuse.

Cryptocurrency is unique in that it can be used to send small amounts of money anywhere in the world, in real-time directly to an individual in need — they just need a mobile device with an internet connection. With distribution of aid to foreign countries, high fees and corruption are unfortunately common; cryptocurrency is a way of circumventing both.
 

Brian Armstrong

CEO, Coinbase

To date, the fund has already raised $ 3.5 million, of which $ 1 million was personally invested by Armstrong. Also reported that the contribution of more than $ 1 million was made by the executive chairman and co-founder of Ripple Chris Larsen.

Other contributors are Chinese mining giant Bitmain and venture capitalist Fred Wilson; they contributed more than $ 100,000 each.

GiveCrypto plans to start helping those in need after the amount of donations reaches $ 10 million, but the long-term goal of the fund is $ 1 billion over the next two years.