The cryptocurrency exchange Coinbase paused trading on its retail platform Advanced Trading after a white-hat hacker reported a vulnerability.
For technical reasons, we are disabling retail advanced trading. This service will continue to be accessible, but new orders cannot be placed at this time. Existing orders are in cancel only mode.
— Coinbase Support (@CoinbaseSupport) February 11, 2022
On Friday, February 11, a hacker going by the handle Tree of Alpha attempted to contact Coinbase's developers or leadership via Twitter.
«I'm submitting a HackerOne report, but I fear it can't wait. I can't say more, but this could potentially wipe out the market», — he wrote.
HackerOne is a bug-bounty platform.
Sounds like our team is in touch, thx for connecting with them, and we’ll investigate.
— Brian Armstrong — barmstrong.eth (@brian_armstrong) February 11, 2022
Based on the response from Coinbase co-founder and chief executive Brian Armstrong, the exchange’s team reached out to the hacker within an hour of his tweet.
«It looks like our team is in touch; thanks for reaching out to us, and we will conduct an investigation».
The suspension of Advanced Trading followed a few hours later. Trading on the platform was resumed by the evening of February 12.
We’ve re-enabled full service for retail advanced trading. Greatly appreciate the patience and understanding of those retail advanced trading customers using our exciting new platform prior to full-public launch. Customer funds remain safe and were not impacted. https://t.co/tACcyQPMpZ
— Coinbase Support (@CoinbaseSupport) February 11, 2022
Coinbase said that other services were not affected by the vulnerability, and customer funds were not harmed.
«Advanced Trading has been resumed, and I have verified that the exploit has been patched as recommended. I will publish the full thread about the vulnerability and how Coinbase's swift response avoided serious damage to the company and the market as soon as I am allowed», noted Tree of Alpha.
Advanced Trading is resumed, and I have verified that the exploit has been patched as recommended.
Full thread on the vuln and how Coinbase's swift response avoided some serious company & market damage as soon as I'm allowed (hopefully next week).
Good weekend to all. pic.twitter.com/pguInKORwW
— Tree of Alpha (@Tree_of_Alpha) February 12, 2022
In August 2021, white-hat hacker Sam San helped fix the vulnerability in the SushiSwap DeFi project. The bug could have led to the loss of 109,000 ETH.