Coinbase to conduct internal investigation

Coinbase suspects its employees may have tried to make a quick buck off its launch of bitcoin cash (BCH) on the platform     
20 December 2017   421

One of the largest cryptocurrency exchanges, announced on Tuesday that it starts BCH trading. In few hours, this hardfork of Bitcoin reached $8,500 on Coinbase’s GDAX platform. It is almost 3 times higher than the 3,500 price being quoted on other exchanges. Shortly, BCH trading was suspended on GDAX, due to “significant volatility” and signs of foul play. This is reported by the Investopedia. 

On the next day, 20.12.2017, CEO Brian Armstrong published the blog post, saying the price of BCH on other exchanges began increasing hours before his company made its announcement, indicating that employees who knew about the launch engaged in insider trading. Armstrong noted that Coinbase is currently looking into the matter. 

Given the price increase in the hours leading up the announcement, we will be conducting an investigation into this matter. If we find evidence of any employee or contractor violating our policies — directly or indirectly — I will not hesitate to terminate the employee immediately and take appropriate legal action.

Brian Armstrong

CEO, Coinbase

Armstrong also added that Coinbase staff, together with their family and friends, had been forbidden from trading BCH for the past month as the company prepared to make the coin available on its own exchange. He added that a similar policy was also adopted before the San Francisco-based firm began supporting Ether and Litecoin. 

We’ve had a trading policy in place for some time at Coinbase. The policy prohibits employees and contractors from trading on “material non-public information”, such as when a new asset will be added to our platform. In addition to trading restrictions, it prohibits communication of material non-public information outside the company. This includes to friends and family.

Brian Armstrong

CEO, Coinbase

Coinbase is going to add BCH trading on Wednesday again.

Coinbase Bug to Provide Unlimited Ethereum

The bug was found by VI Company in December last year
21 March 2018   87

VI Company reported the discovery of a vulnerability in the system of smart contracts of the Coinbase exchange, which allowed users to credit an unlimited amount of ETH to their accounts. Experts informed the company about the vulnerability in December last year, and in January it was eliminated. For their work, VI Company employees received an award of $ 10,000. This is reported by The Next Web.

By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account. If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed, meaning someone could add as much ether to their balance as they want. When you look up the Coinbase wallet address after this transaction you will see that it is empty, but checking your Coinbase wallet will show your funds.

VI Company Report

In practice, this means that Coinbase users were able to enroll any amount of Ethereum on their accounts.

Researchers provided screenshots showing how Ethereum was credited to their account using the cancellation of the transaction.

Coinbase Bug
Coinbase Bug

Steps to reproduce, provided by the researchers :

  • Setup a smart contract with a few valid Coinbase wallets and 1 final faulty wallet (always throw exception when receiving funds smart contract for example)
  • Transfer appropriate funds to smart contract.
  • Execute smart contract adding the set amount of ether to the Coinbase wallets without ever actually leaving the smart contract wallet because the complete transaction fails at the last wallet.
  • Repeat until you have more than enough ethereum in your Coinbase wallet.
  • Cash out, transfer to off site wallet.

Whether any of the users could detect and take advantage of this vulnerability for their own enrichment is unknown.