Coinbase Bug Let Users Steal Unlimited ETH

A Coinbase bug could have just given you a one-off opportunity to become a cryptocurrency multi-billionaire.

(Credit: The Verge)

In a report made public yesterday, the Dutch fintech firm discovered a vulnerability that allowed users to steal as much Ethereum (ETH) as they want. The glitch was first reported in December 27 last year.

The US’ largest exchange awarded VI Company a bounty of $10,000 for spotting the smart contract issue.

“By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account,” the VI Company outlined in the report.

“If one of the internal transactions in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed”.

This meant that someone could have abused this issue to credit their wallets with infinite amounts of Ethereum.

The researchers at VI Company uploaded screenshots of the transactions on the app as well as a link of the transaction to Etherscan.

If you’re wondering how they did the transaction, you’re in luck. The researches explained the process of the exploit:

  • Setup a smart contract with a few valid Coinbase wallets and 1 final faulty wallet (always throw exception when receiving funds smart contract for example)
  • Transfer appropriate funds to smart contract.
  • Execute smart contract adding the set amount of ether to the Coinbase wallets without ever actually leaving the smart contract wallet because the complete transaction fails at the last wallet.
  • Repeat until you have more than enough ethereum in your Coinbase wallet.
  • Cash out, transfer to off site wallet.

It is unclear if there were people who managed to abuse the glitch.

According to Coinbase however, “Analysis of the issue indicated only accidental loss for Coinbase, and no exploitation attempts”.

The US-based exchanged has been facing continued technical difficulties for almost a year now. This is mainly because of the huge influx of new users in the mid-2017.

Twitter May Ban Cryptocurrency Ads

Twitter is reportedly banning certain ads related to cryptocurrency. This news comes in the wake of major online regulatory efforts for the cryptocurrency world.

According to Sky news, the new advertising policy is set to roll out in two weeks worldwide. It will prohibit ads that pertain to initial coin offerings (ICOs), token sales and cryptocurrency wallets.

In January, social media giant Facebook announced that they will be banning ads that promote services that are “frequently associated with misleading or deceptive promotional activities”.

Earlier this month, Google has also announced that they will be prohibiting ads for cryptocurrencies which encompasses ICOs, wallets and services related to it.

This news also comes after Twitter has experienced an influx of fake accounts relating to cryptocurrency and scamming users. These scammers get away by impersonating famous people. Personalities such as Vitalik Buterin,  John McAfee and most recently, Elon Musk.

The fake Elon Musk promised to give away ETH to his followers. The imposter promised to send more ETH in exchange for a small amount. 20 ETH sent to that fake account amounting to about $16,000 before the account was suspended.

If this news will indeed come to light, it will not be the first time that Twitter will be taking steps to reduce the amount of cryptocurrency scams on their platform.

They have already started cracking down on these fake accounts. They confirmed that they are “aware of this form of manipulation and are proactively implementing a number of signals”. This is to prevent accounts from engaging with others in a deceptive manner.

No further details are available yet with regards to Twitter’s supposedly advertising policy but we will be sure keep you up-to-date with the changes.

Exit mobile version