Coinbase Received Licence for EU Operation

This is Coinbase's response to the constantly growing demand for services in these regions
14 March 2018   106

The Financial Conduct Authority of Great Britain (FCA) issued a license for operations with electronic money (E-money) to the largest US crypto exchange Coinbase. Now the site has the right to provide payment services in the country and issue digital alternatives to cash that can be used to make electronic, telephone and Internet payments. This is reported by CoinDesk.

However, as stressed in Coinbase, "electronic money" is not crypto currency. Therefore, the license implies a more stringent regulation aimed at protecting consumers.

We are committed to making sure customer funds are always secure and this update means that our e-money operations have safeguards and operational standards at par with other regulated financial institutions. An example of this is segregation of client funds, where all customer fiat balances will be separated from Coinbase's funds and kept in separate bank accounts.

Coinbase Team

It is noteworthy that, nominally, the FCA license allows Coinbase to work in 23 EU countries, but it is unclear whether this will affect the likely exit of the UK from the EU.

In Coinbase noted that the company can trade inside the union up to the so-called Brexit, but if the relevant rules lose force after the release of the UK, the site will need to suspend its activities in the relevant territories until an updated license is received.

In addition to the E-money license, Coinbase announced the accession to the British initiative Faster Payments Scheme, designed to increase the efficiency of bank transfers for residents of the country.

Access to the markets of the UK and Europe was Coinbase's response to the constantly growing demand for services in these regions. The company also plans to increase the staff of its London branch by eight times.

Coinbase Bug to Provide Unlimited Ethereum

The bug was found by VI Company in December last year
21 March 2018   105

VI Company reported the discovery of a vulnerability in the system of smart contracts of the Coinbase exchange, which allowed users to credit an unlimited amount of ETH to their accounts. Experts informed the company about the vulnerability in December last year, and in January it was eliminated. For their work, VI Company employees received an award of $ 10,000. This is reported by The Next Web.

By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account. If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed, meaning someone could add as much ether to their balance as they want. When you look up the Coinbase wallet address after this transaction you will see that it is empty, but checking your Coinbase wallet will show your funds.

VI Company Report

In practice, this means that Coinbase users were able to enroll any amount of Ethereum on their accounts.

Researchers provided screenshots showing how Ethereum was credited to their account using the cancellation of the transaction.

Coinbase Bug
Coinbase Bug

Steps to reproduce, provided by the researchers :

  • Setup a smart contract with a few valid Coinbase wallets and 1 final faulty wallet (always throw exception when receiving funds smart contract for example)
  • Transfer appropriate funds to smart contract.
  • Execute smart contract adding the set amount of ether to the Coinbase wallets without ever actually leaving the smart contract wallet because the complete transaction fails at the last wallet.
  • Repeat until you have more than enough ethereum in your Coinbase wallet.
  • Cash out, transfer to off site wallet.

Whether any of the users could detect and take advantage of this vulnerability for their own enrichment is unknown.